IoT Security Foundation to run Workshop on ‘Managing the Risks and Benefits of IoT in Smart Buildings’

The history of IT, industrial control systems and operational technology shows that security will always be an afterthought unless those who need good security can put their priorities in front of those that design systems. Combining a security mindset with design and innovation is really important: the system is better, and always more cost-effective, when security’s designed in from the start.

The Internet of Things Security Foundation (IoTSF) was established to make it safe to connect in the smart and hyper-connected era of the IoT. Right now, we’re all witnessing the steady invasion of the IoT into buildings and their networks. On that basis, there’s a growing need to support this area for a wide range of stakeholders – from designers through to integrators, operators and end users. There are a great many potential risks to buildings and those who own and occupy them, but those risks can be actively managed on a cost-effective footing.

Smart Buildings Working Group

The IoTSF has created a Smart Buildings Working Group with the aim of making such buildings safe and secure over their lifetime. The ultimate goal of the Working Group is to establish a comprehensive set of guidelines to help each of the supply chain participants specify, procure, install, integrate, operate and maintain IoT securely in buildings. This includes intelligent buildings equipment and controls such as audio visual, fire, HVAC, lighting and overall building security.

The Working Group will have a broad representation from a number of stakeholders, among them:

Enterprises Owners and occupiers such as banks, technology companies and organisations with plant facilities with an active interest in the stability of their building control system or Data Centres. They will help to define the security requirements to meet the business risks and describe how smart building systems should integrate into security management. Participants will learn more about the emerging risks, how to assess and manage them and what to specify in terms of procurement.

FM companies As risk owners and providers of services in smart buildings, facilities managers play a major role in planning, development and day-to-day operations. They will help inform the Working Group as to how systems need to achieve ongoing security goals within the practicalities of a cost-effective service and using available skills. Participants will learn more about the direction of customer needs and contemporary and emerging risks, as well as how to assess, specify and manage systems.

Systems integrators They will help to define standard security solution sets and architectures for IoT in buildings. Integrators are key to making sure that BMS, IoT and related systems are specified, configured and installed with security in mind.

Physical security, fire and control systems manufacturers As key suppliers, it’s critical that security is designed-in from the start, thereby reducing exposure to owners and users to malevolent risk. This stakeholder group will help define security requirements for their product class and also demonstrate that their systems are secure within the smart buildings environment.

IoT security specialists A broader group contributing wide security experience to the context of smart buildings.

Planned delivery of the Working Group

The priorities and specific deliverables will be determined by the Working Group going forward, but will likely include:

*Architectures, including secure systems management, services, devices and IT connectivity

*A set of Best Practice guides on how to apply and maintain IoT security for smart buildings

*Awareness material helping to show what good security looks like – examples of requirements statements or a procurement language for secure IoT in buildings

*Workshops and targeted events

The work products will be adopted and maintained by the members of the IoTSF and be made available in accordance with all IoTSF Best Practice and security advocacy materials.

The IoTSF operates a number of Working Groups which cover both general (‘horizontal’) aspects of IoT security, as well as sector (‘vertical’) applications. A foundation of this work is the IoT Security Compliance Framework which can be generally applied by tailoring the security objectives for confidentiality, integrity and availability.

This Working Group will build on existing skills and experience within the Foundation and deliver fit for purpose security to those who need it and in a language they can understand.

Head for Earls Court in September…

The first UK meeting/Workshop is being held on Monday 17 September between 12.30 and 4.30 pm at Earls Court in London. You can attend to find out more about this Working Group and how you can become involved. There’s no fee to attend this event, but spaces will be limited.

This initiative is facilitated by industry experts and security convergence proponents Sarb Sembhi and James Willison who are serving as vice-chairs.

You or your company do not need to be IoTSF members to attend the Workshop at this prioritisation and scoping phase, although the hope is that you would become members if you share the IoTSF’s concerns and have an interest in addressing the issues longer term.

Click here to register your interest in this Workshop. State ‘Smart Buildings Workshop’ as the subject and provide your name, job title and company.

If you have any queries, please e-mail contact@iotsecurityfoundation.org

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts