Building Cyber Security

Industry forecasts expect the IoT market to grow from an installed base of 15.4 billion devices in 2015 to 30.7 billion devices in 2020, and a further 75.4 billion in 2025. Many of these devices will be deployed in not just businesses, but buildings, public works and critical infrastructure. Smart technologies will establish an urban landscape that is all-connected, all-sharing, all-knowing and imbued with a functionality that can provide unprecedented levels of comfort and convenience.

The convergence of smart technologies and the built environment will improve the operation and capabilities of buildings as well as businesses, but will also lead to increased vulnerabilities and attack vectors not previously encountered within design engineering and urban planning.

Research suggests the impact on the building and construction industry will be significant. No longer are we looking at cyber-attacks targeting at the company or user level, we now have “attack vectors” that can potentially shutdown a shopping precinct, a power grid, a major city, perhaps even a nation. An attack vector is a path or means by which a hacker can gain access to a computer or network server in order to deliver a malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities.


In 2013, Target Corp fell victim to a major breach of stolen customer data. Target POS systems were compromised by a computer from Target’s HVAC vendor. The stolen credentials of the HVAC vendor enabled access to Target’s application dedicated to vendors. Through a series of hacking activities, the breach resulted in 40 million shopper credit and debit cards being compromised.

Cybercriminals are focusing on building design and operational functionality to develop new attack vectors. A collision of building connectivity can allow an attacker access to Point of Sale systems via the HVAC network. The convergence of information and operational technology (the software and hardware) has seen the once isolated environment of operational technology connected to the IP network. Building Management Systems (BMS) are now a conduit to an array of interconnected building and business services.

Implement Cyber-Security through Design

In an IoT world where a vending machine or BMS can potentially launch a cyber-attack and disable your building’s critical services there is an imperative to address these risks at all levels of the build design and deployment stages. Builders, engineers and critical service specialists that do not factor in potential cyber risk threats as part of their design considerations expose their assets, their occupants and the public to unnecessary risk. dreamstime_xl_91047517.jpg

The inclusion of smart technologies within building services and design considerations requires a collaborative approach to ensure security and privacy standards are maintained. This collaboration must extend to electrical and mechanical engineers, HVAC, fire safety, BMS, and audio visual specialists. Building industry clients are increasing becoming aware how their brand is exposed in an all connected, always on digital age. Increasingly, they are looking at designers and engineers to factor these concerns into their service offerings and solution submissions.

Collaboration and Engagement is the Key.

 It’s important to note that the news is not all bad. The key to meeting these smart building cyber challenges is a willingness for key players within the building and construction industry to consider the cyber security issues that will inevitably impact upon their design decisions and solution offerings.

The incorporation of cyber security design frameworks and risk based analysis tools for building and store fit-out services needs to become part of the industries professional’s toolkit. By no means does this require allied professions (the HVAC specialists or design engineers) to become cyber security experts, but it does require the consideration of cyber security controls to be factored into their designs.

The cyber security industry is establishing a presence within the built environment which reflects these cyber security design concerns. The future of smart urban planning will usher in an era of creativity, functionality and convenience, resulting in unprecedented opportunities. Key to this successful building services evolution will be the assurance that, cyber-safety in your business is maintained and protected to community expectations.


About Alan Mihalic

A Senior Cyber Security Advisor, cyber writer and keynote speaker, with expertise and success in security architecture, risk management, executive cyber advisory, and cyber security frameworks that support strategic enterprise and public sector initiatives. Alan is a key advocate and thought leader for the development and deployment of Cyber Security Frameworks for Smart Cities, Smart Buildings and Critical Infrastructure.

Alan also Chairs the working group “Cyber Smart Buildings” at the IOTSF (Internet of Things Security Foundation) a not for profit whose mission is to help secure the Internet of Things, in order to aid its adoption and maximise its benefits. 



Retail Voice CEO Message: 20 September 2023

Last week, the ARA convened our inaugural Retail Crime Symposium, bringing together representatives from the nation’s top major retailers face-to-face to address this pressing issue. Distinguished speakers at the symposium

The importance of R U OK? Day

September 14 is R U OK? Day in Australia, where millions of people around Australia will take the time to check in with family, friends and peers to ask if