Cybersecurity of smart buildings: a facilities management perspective

The cybersecurity of smart buildings is often perceived from the technological aspects of cybersecurity, pertaining to the cybersecurity of the smart devices and systems installed in facilities. Facilities management (FM) organisations responsible of managing and controlling the buildings using building management systems (BMS) are increasingly collaborating with various stakeholders using digital platforms that enable access to facilities' data. This results in an increased risk of cybersecurity attack to the FM systems, that may enable unwanted access to BMS systems. Poor cybersecurity management in FM may result in disastrous impacts on the facilities and operations within. Therefore, this paper investigates the cybersecurity risks to a smart building, from a facilities management perspective and provides recommendations of the ways in which FM can minimise the risks.

1. Panetto H, Iung B, Ivanov D, Weichhart G, Wang X. Challenges for the cyber-physical manufacturing enterprises of the future. Annu Rev Control. 2019;47:200–13.

2. Khorrami F, Krishnamurthy P, Karri R. Cybersecurity for Control Systems: A Process-Aware Perspective. IEEE Design and Test. 2016.

3. Accenture. The Internet of Things: The Future of Consumer Adoption. Accent Digit. 2014;

4. Minoli D, Sohraby K, Occhiogrosso B. IoT Considerations, Requirements, and Architectures for Smart Buildings-Energy Optimization and Next-Generation Building Management Systems. IEEE Internet Things J. 2017;

5. Tang S, Shelden DR, Eastman CM, Pishdad-Bozorgi P, Gao X. BIM assisted Building Automation System information exchange using BACnet and IFC. Autom Constr. 2020;

6. Eckhart M, Brenner B, Ekelhart A, Weippl ER. Quantitative Security Risk Assessment for Industrial Control Systems: Research Opportunities and Challenges. J Internet Serv Inf Secur. 2019;9(3):52–73.

7. Liu, Z.Q., Li, Y.G. and Lu XL. Development of Integrated Information Technology in the Chinese Building Industry. In: Proceedings of Shanghai International Conference on Technology of Architecture and Structure, Pt Ii. 2009. p. 544–53.

8. Axelrod CW. Managing the risks of cyber-physical systems. In: 9th Annual Conference on Long Island Systems, Applications and Technology, LISAT 2013. 2013.

9. Waite R. Arup staff hit by cyberhacker attack [Internet]. 2021 [cited 2021 Apr 18]. Available from: https://www.architectsjournal.co.uk/news/arup-staff-affected-by-cybe...

10. BBC News. Iran nuclear attack: Mystery surrounds nuclear sabotage at Natanz - BBC News [Internet]. 2021 [cited 2021 Apr 18]. Available from: https://www.bbc.co.uk/news/world-middle-east-56722181

11. Mathews L. Criminals Hacked A Fish Tank To Steal Data From A Casino [Internet]. 2017 [cited 2021 Apr 18]. Available from: https://www.forbes.com/sites/leemathews/2017/07/27/criminals-hacked-...

12. Razaq A, Tianfield H, Pranggono B, Yue H. Simulating smart grid cyber security. In: Smart Grid: Networking, Data Management, and Business Models. CRC Press; 2016. p. 97–116.

13. Mishra P, Biswal A, Garg S, Lu R, Tiwary M, Puthal D. Software defined internet of things security: Properties, state of the art, and future research. IEEE Wirel Commun. 2020;27(3):10–6.

14. Sumathi D, Chandrika MR. Vulnerability Analysis for Cyber-Physical Systems. Cybersecurity Priv Cyber Phys Syst. 2019;45.

15. Boyes H. Cyber Security Attributes for Critical Infrastructure Systems [Internet]. 2014. Available from: http://cybersecurity-review.com/editions/ cyber-security-review-summer-2014-edition.

16. Ghadge A, Weiß M, Caldwell ND, Wilding R. Managing cyber risk in supply chains: a review and research agenda. Supply Chain Management. 2019.
17. Atat R, Liu L, Wu J, Li G, Ye C, Yang Y. Big Data Meet Cyber-Physical Systems: A Panoramic Survey. IEEE Access. 2018;

18. Calvillo CF, Sánchez-Miralles A, Villar J. Energy management and planning in smart cities. Renewable and Sustainable Energy Reviews. 2016.

19. Mayo G, Snider D. Bas and cyber security: A multiple discipline perspective. In: 2016 International Annual Conference of the American Society for Engineering Management, ASEM 2016. 2016.

20. Mantha B, García de Soto B, Karri R. Cyber Security Threat Modeling in the Construction Industry: A Countermeasure Example During the Commissioning Process. 2020;1–27.

21. Tagarev T. Governance of Collaborative Networked Organisations: Stakeholder Requirements. In: Proceedings - 2020 IEEE 11th International Conference on Dependable Systems, Services and Technologies, DESSERT 2020. 2020.

22. Huang K, Pearlson K. For What Technology Can’t Fix: Building a Model of

Organizational Cybersecurity Culture. In: Proceedings of the 52nd Hawaii International Conference on System Sciences. 2019.

23. Shires J. Cyber-noir: Cybersecurity and popular culture. Contemp Secur Policy. 2020;

24. Legg PA. Enhancing cyber situation awareness for Non-Expert Users using visual analytics. In: 2016 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, CyberSA 2016. 2016.

25. Parn EA, Edwards D. Cyber threats confronting the digital built environment: Common data environment vulnerabilities and block chain deterrence. Eng Constr Archit Manag. 2019;26(2):245–66.

26. Furnell S, Dowling S. Cyber crime: a portrait of the landscape. Journal of Criminological Research, Policy and Practice. 2019.

27. Framework for improving critical infrastructure cybersecurity: Version 1.0. In:

Cybersecurity: Executive Order 13636 and the Critical Infrastructure Framework. 2014.

28. Zhao X, Xue L, Whinston AB. Managing interdependent information security risks: A study of cyber insurance, managed security service and risk pooling. In: ICIS 2009 Proceedings - Thirtieth International Conference on Information Systems. 2009.

29. Task Force Transformation Initiative J. NIST Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations JOINT TASK FORCE TRANSFORMATION INITIATIVE. NIST Spec Publ. 2015;

30. Griffin PH. Advances in Human Factors in Cybersecurity. Adv Intell Syst Comput. 2019;

31. Culot G, Fattori F, Podrecca M, Sartor M. Addressing Industry 4.0 Cybersecurity Challenges. IEEE Eng Manag Rev. 2019;
32. Nye J. How Will New Cybersecurity Norms Develop? Project Syndicate. 2018;
33. Boyes H. Security, privacy, and the built environment. IT Prof. 2015;

34. Arslan M, Riaz Z, Kiani AK, Azhar S. Real-time environmental monitoring, visualization and notification system for construction H&S management. J Inf Technol Constr. 2014;

35. Marsh. Cyber risks for construction and facilities management contractors [Internet]. 2020. Available from: www.jltspecialty.com

36. Boyce MW, Duma KM, Hettinger LJ, Malone TB, Wilson DP, Lockett-Reynolds J. Human performance in cybersecurity: A research agenda. In: Proceedings of the Human Factors and Ergonomics Society. 2011.
37. Sherman AT, DeLatte D, Neary M, Oliva L, Phatak D, Scheponik T, et al. Cybersecurity: Exploring core concepts through six scenarios. Cryptologia. 2017;

38. Furnell S, Heyburn H, Whitehead A, Shah JN. Understanding the full cost of cyber security breaches. Comput Fraud Secur. 2020;

39. Barrett P, Baldry D. Facilities management: towards best practice. Facilities Management. 2003.

40. Sridarran P, Fernando NG. Change management framework to enable sustainable outsourcing of facilities management services. Built Environ Proj Asset Manag. 2016;

41. Borky JM, Bradley TH. Protecting Information with Cybersecurity. Eff Model Syst Eng [Internet]. 2018 Sep 9;345–404. Available from: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7122347/

42. Information security forum. The standard good practice for information security. Inf Secur forum. 2005;

43. Humphreys E. Information security management standards: Compliance, governance and risk management. Inf Secur Tech Rep. 2008;

44. Johnson M. JLT Specialty Thought Leadership: How Technology is Improving Safety in Construction. 2018.