How Do I Make My Building Smarter (and Safer)?


security1 - How Do I Make My Building Smarter (and Safer)?The big leap forward with any building automation system is the online connectivity of lighting, sensors and other IoT devices that enable the analysis of data and building usage to optimise day to day operations.

With the integration of a building automation system with IoT (Internet of Things) technology, building owners and facility managers have much wider ability to monitor and control their building systems. This can lead to greater energy efficiency, healthier workplaces with the monitoring of air quality, temperature, sound, etc., and happy, engaged staff, operating in more environmentally comfortable surroundings.

Smart building technology can be employed to meet specific goals of a building owner or the business tenant. Most commonly these are around:

  • Meeting sustainability objectives (e.g. Green Star ratings etc)
  • Ensuring the wellbeing of staff by maintaining a healthy environment
  • Increasing productivity of the workforce
  • Achieving energy efficiency goals
  • Optimising the use of resources
  • Improving occupancy experience
  • Monitoring critical equipment
  • Ensuring compliance (e.g. monitoring and testing of emergency lighting)
  • Meeting requirements for building certification (e.g. NABERSNZ)

security2 - How Do I Make My Building Smarter (and Safer)?Regardless of the ultimate objectives, to make your building smarter it will need to provide the ability to not only monitor targeted functions but also collect and analyse environmental data. Additionally, the data should be presented in such a way that it is easily understandable and can be used to both improve the operation of the facility and ensure the comfort and safety of all occupants.

An intelligent building automation system (BAS) can help an organisation meet its environmental goals and may also have a positive impact on the business’s bottom line.

A comprehensive BAS will integrate virtually every building service, from HVAC and lighting control, to air quality monitoring and security alarms. Efficiencies are achieved by utilising computer-controlled automation to manage the integrated building functions.

With a huge increase in the number of IoT devices that can now be linked it is possible to use cloud computing to control just about every aspect of your building. For ease of operation most facility managers would prefer as much as possible be connected to a single system.

While this makes management of operations and maintenance easier and more cost effective, it is important to also consider the security of your system.

External cyber threats are becoming increasingly common, and it is imperative that hackers cannot hack into your building automation system and thus gain access to sensitive IT data. With the convergence of information technology (IT) and operational technology (OT) there is a huge need for due diligence when looking at how to make your building smarter.

Although it may be possible to link devices such as photocopiers, coffee machines, or webcams to your smart building system, whether you SHOULD is a different question entirely!

security3 - How Do I Make My Building Smarter (and Safer)?Due to limited processing power and lazy software development many IoT devices such as webcams and network equipment have not implemented (or have outdated) encryption. Many also have security flaws or hardcoded security keys and credentials that are easily hacked. The Federal Trade Commission have outstanding lawsuits with numerous supposedly ‘reputable’ or certainly well-known companies for negligent security practices.

An unprotected building automation system can expose data, risk unauthorised access, and therefore potentially expose an organisation to malware or other illegal activity.

To encrypt sufficiently on all devices a high level of processing power is required. Many device manufacturers will not pay the higher costs of processing power. In addition many control system companies and IoT suppliers lack the budget and the necessary skilled people to implement security correctly.

To be secure, security systems need to be designed for 10 years, when it is estimated computers will be 70 times faster than today’s systems. With processing power doubling every 18 months it makes it easier to break cryptos. Processing power in devices cannot be increased after installation.

A supplier and programmer of any major component systems of a building automation system (e.g. lighting control, BMS etc) should be able to provide you with full and comprehensive detail on the security measures employed by their system to ensure your building systems are fully protected and cannot be accessed in any unauthorised manner.

For example the zencontrol DALI-2 lighting control system that we promote is built on secure foundations and is deployed worldwide using Amazon web services.

As standard, zencontrol uses enterprise grade encryption. Devices are upgradeable so new exploits will be patched and protected against. Every individual device is programmed with unique and strong 32byte encryption key. Local communications use TLS 1.2 PSK and cloud communications use TLS 1.2 PKI (4096 RSA). TLS 1.2 stack developed and backed by ARM. Password/credential storage is hashed and salted.

Secure practices are also adhered to and local servers abide by local privacy laws. The access control list ensures only correct users can access sensitive information. Private keys are not stored in firmware or the firmware repository. Security is built in from day 1, ensuring all zencontrol systems are secure from installation. Additionally, authentication tokens are per device/API-client allowing auditing and per device “access revoking” capabilities. Cryptographically signed firmware security updates can be pushed to systems remotely as a response to new security issues.

zencontrol takes security seriously. Their practices and implementation adopted as standard help ensure zencontrol networks stay strong well into the future.

However, should it become necessary, with zencontrol the cloud connection can be disabled at any time and the building will still operate. We see this as an essential futureproofing feature – as who knows what tomorrow will bring!

Before taking steps to install or expand a control system for your building, please ensure any proposed system has substantive security measures in place now, and for the future. New security issues occur constantly – does your proposed system allow for security patches without the requirement for a full upgrade of devices? Plus, as above, are you able to disable cloud connectivity, and still have a functioning control system?

Having a smarter building does not mean your facility is more vulnerable. Carrying out due diligence when considering a connected system and ensuring the manufacturer/integrator is following best practices will lead to better security. The benefits of improved operations, greater energy efficiency, and healthier buildings, can then all be realised.