The IoT Security Foundation (IoTSF) is delighted to announce the release of its latest best practice guide on IoT cybersecurity for Facilities Professionals in the Smart Built Environment (SBE). The IoTSF established a Smart Building working group in 2017, which has expanded its membership to over 50 senior leaders from a range of stakeholder groups, including representatives from the Institute of Workplace and Facilities Management (IWFM), Building Owners, Manufacturers, Integrators, and Security professionals, to address the issue of cybersecurity risks to buildings.
Over the last three years, the SBE working group has been actively involved in crafting and discussing this important guidance from both a strategic and technical perspective. The group has always had a hands-on approach to the topic as it recognises that practical advice on what needs to be done to secure the SBE is vital in this digital age. It takes the view that many buildings are already vulnerable to cyber-attacks and that only a collaborative response can change the status quo.
With the rapid expansion of digital technologies, including smart and connected devices, the risks associated with IoT are significant. The integration of these devices and systems into a building increases the attack surface, exposing them to potential threats from malicious actors. The new guide provides a comprehensive framework for managing cybersecurity risks and ensuring the safe operation of IoT systems throughout a building’s lifecycle.
The new IoTSF best practice guide takes a risk management approach to address the specific challenges faced by facilities professionals in smart buildings. In larger organisations, cyber and physical security teams can work together to manage risks, but smaller companies may lack the resources to do so. The guide provides practical steps to identify and manage risk effectively, making organisations more resilient in the face of potential cyber threats. Chapter 3, provides an overview of Governance, Risk, Compliance, Operational Processes and Risk Response followed by a list of requirements. The IoTSF will be providing tools and working group activities to help members understand and manage the risk better.
The guide emphasises the need to secure smart and connected devices and systems, even if they are not perceived as “smart” by those who use them. The potential for damage from attacks on these devices is substantial, as demonstrated by the “wannacry” incident that cost the NHS £92m in lost output. The guidance recommends a risk management framework that includes controls and processes to ensure the safe operation of IoT systems.
IoTSF’s new best practice guide on IoT cybersecurity for Facilities Professionals in Smart Built Environments is an essential resource for individuals, groups, and institutions that work with smart-connected assets. By adopting the best practices outlined in the guide, organisations can reduce the risk of cyber-attacks and protect their assets throughout the lifecycle of a building.
Sarb Sembhi, Co-Chair, SBE WG, writes, “The greatest importance of this document is that it proposes an approach which brings facilities professionals together with other security, cyber security, IoT security and risk professionals.”
James Willison, Co-Chair, SBE WG, writes, “The SBE working group is a dynamic and forward looking set of people who are highly experienced in the field. We look forward to exploring many more aspects of IoT in Smart buildings including building owners, specifiers, CSOs, CISOs and installers. Hence, we urge you to get in contact, join our working group and allocate responsibilities to people/teams in your organisation to manage these risks. While other remarkable colleagues have produced this document, it is only by engaging with the IoTSF working group that, together, we can make a difference in addressing this massive issue.”