Image Credit: Richard Patterson
Let’s face it: our workplaces have continued to evolve over time. Today’s workplace does not look anything like it used to. We have computer controlled air conditioning and heating, lights turn off when nobody is in the room, and elevators automatically know where we want to go. However, as great as all of this intelligence that has been built into our workplace is, CIOs have to realize that it can also be an attractive target for hackers. How can we keep our modern smart offices safe from the bad guys?
The Challenge Of Working In A Smart Office
So just exactly what is a smart building? A smart building is one that recognizes you and makes your life easier. For example, when you enter a smart building a camera recognize your face and hails an elevator programmed to bring you to your floor. Sensors on the walls measure particles and CO2 levels in meeting rooms and know when to pump in fresh air when levels get too high. The reason that they do this is because higher levels of certain particles mean it is more likely that viruses could be present. In a central control room, big screens show every floor in your multi-story building.
CIOs need to understand that there is a quiet revolution sweeping through commercial buildings across the U.S. Our office towers increasingly resemble multistory computers. These buildings are full of sensors – potentially more than 300 per floor – with elevators and doors connected to the internet, and all overseen by a single piece of software that can be controlled from a laptop or a smartphone. Smart buildings have been delivered with the promise to cut carbon emissions and lead to healthier, happier workplaces. However, it turns out that they also raise privacy and cybersecurity concerns for CIOs. Building owners often lack technological expertise to make their fancy smart buildings secure thus making them vulnerable to attacks from bad guys.
CIOs have to view smart buildings as being the soft underbelly of the company’s infrastructure. Commercial buildings have used some form of software to control mechanical and electrical systems since the 1980s, but for decades the sector saw very little innovation. That all started to change back in the 2010s. The rise of cloud computing and the arrival of internet-connected systems such as smart doors, smart lighting and facial-recognition cameras mean commercial developers now have more gadgets than ever at their disposal to incorporate into their smart buildings.
How To Secure A Smart Building
Many landlords pay very little attention to the digital security at their buildings. Since most systems in a smart building are probably connected to each other, getting access to a single internet-connected door could potentially give criminals control over an entire skyscraper. With this access the bad guys can lock doors and elevators until ransom is paid, or use weak spots to steal massive troves of data. Hackers managed to break into Target Corp.’s systems and were able to steal data on tens of millions of customers. The way that they got in was via an HVAC contractor.
CIOs have to realize that the bad guys only need to find one way in then and whatever is connected to that system will now be on the table. It is hard to gauge how many smart buildings have been successfully targeted, but the federal government is increasingly aware of the dangers. The government has launched a working group with smart-building-tech professionals and producers of control systems to figure out how to protect buildings from attacks.
The threat to CIOs is real. As protections that are being built into mobile phones and databases become stronger, more criminals are going to turn to smart buildings as an easier target. CIOs should expect to see that threat move. CIOs need to work with building designers in order to design building systems in a way that prevent cyberattacks. CIOs can pay “ethical hackers” to try to break into their property’s systems and spot potential vulnerabilities. And in case an attack does succeed, a warning system can be set up to alert the CIO. And in a nod to privacy concerns, sensors and facial-recognition cameras can be programmed to not allow the company to pull data on where a specific employee is at any given time.
What All Of This Means For You
I’m pretty sure that given a choice, we’d all like to work in a smart office. The idea that the building that we work in could recognize us and then take steps to make our life better is appealing to just about everyone. However, as CIOs we also have to be aware that there is a downside to this introduction of new technology. Our smart buildings can serve as an attractive target for hackers. What this means is that we need to understand the nature of the risk and how we can take steps to keep our smart buildings safe.
Smart buildings have the ability to sense when we are in them and they then react to our presence. As buildings become more and more automated, the risk that hackers will attack them also grows. Buildings have always used some form of automation; however, in the past few years the amount of automation built into buildings has significantly increased. All too often landlords don’t pay enough attention to properly securing their buildings. The bad guys can find a way into a smart building, they can cause a great deal of trouble. The government realizes this and has started to study the problem. CIOs need to work with building designers to create secure smart buildings.
CIOs need to start to view their workplaces as being an extension of the company’s networks. We need to take the time to understand how much automation has been built into our buildings so that we can understand the scope of the problem that we are facing. Once we have a good understanding of this, we can start to create solutions that will help to keep our smart buildings secure.
– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™
Question For You: What is the best way for a CIO to determine if their smart building is secure?
Click here to get automatic updates when The Accidental Successful CIO Blog is updated.P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!
What We’ll Be Talking About Next Time
As a modern, post-pandemic, CIO we have a lot of new and challenging things that we have to deal with. One of the biggest is determining if we are going to allow our workers to be remote some or all of the time. However, as big of an issue as that may seem, it turns out that there is an issue that is even more important to our workers: just exactly when they come to work. This used to be a simple question: everyone worked the same hours on the same days. Not so much anymore. How should CIOs handle this new issue?