Cybersecurity, a key factor in smart buildings

Cybersecurity has become one of the crucial and cross-cutting areas for any type of activity, as security attacks are increasingly common and recurrent. In 2021, approximately 64% of companies worldwide suffered at least one form of cyberattack. These figures represent a 50% increase compared to 2020. Despite this data, there are currently more technological tools available to efficiently ensure cybersecurity in companies. Indeed, security applied to information technologies (IT), or more commonly known as cybersecurity, uses specific measures to deal with threats to networked systems and applications, which can originate from within or outside an organization. In this way, cybersecurity protects users from different categories, such as active or passive attacks. Active attacks affect the system and include modifying the data flow, while passive attacks aim to acquire system information. In the midst of digital transformation, which involves entering a new dimension of connectivity where buildings are increasingly intelligent, deploying technologies safely and efficiently requires an approach that prioritizes security to effectively mitigate risks. As we know, smart buildings use technological systems to control various user dynamics, automation systems, among others, with the aim of providing comfort, reducing resources, or promoting productivity. Therefore, a smart building must consider multiple factors to ensure the security of both the property and its users, and thus achieve proper development. Building Management Systems (BMS), from their emergence in the 1970s to the present day, have undergone significant evolution tied to high technology. Currently, BMS are a set of subsystems, software, and hardware, with common elements such as databases, alarm centers, climate control, or lighting. Due to the need for communication between the different components that make it up, various protocols have emerged, such as BACNet for HVAC or DALI for lighting. There are also general protocols like KNX, LonWorks, or ModBUS. The latter is one of the most common standards due to its simplicity. These protocols are considered “old,” as they were created when security was not a priority; therefore, they have needed to evolve by updating some security measures in their protocols, such as encryption or authentication. Given this scenario, the choice of communication protocol is crucial, as is taking appropriate security measures regarding it, such as user control, use of firewalls, remote access via VPN, etc. In addition to implementing security measures at the protocol level, it is very important to consider general measures for system protection: password policies, appropriate network segmentation, device hardening, as well as controlling the information provided by the system.