The increase in Internet of Things (IoT)-enabled devices and interconnectivity between various building management systems (BMS) prompts larger questions about cybersecurity and data privacy concerns. These challenges are hardly new, but they are magnified in an IoT-connected world.
The Urban Developer reached out to Alan Mihalic, Senior Cyber Security Consultant at Norman, Disney & Young – a global engineering consultancy and cyber security company – to offer an insight into emerging smart technologies and the associated cyber security risk facing the urban planning, construction and design engineering sectors.
Industry forecasts expect the IoT market will grow from an installed base of 15.4 billion devices in 2015 to 30.7 billion devices in 2020 and 75.4 billion in 2025. Many of these devices will be deployed in buildings, public works and critical infrastructure. Smart technologies will establish an urban landscape that is all-connected, all-sharing, all-knowing and imbued with a functionality that can provide unprecedented levels of comfort and convenience.
The convergence of smart technologies and the built environment will improve the operation and capabilities of buildings, but will also lead to increased vulnerabilities and attack vectors not previously encountered within design engineering and urban planning.
Research suggests the impact on the building and construction industry will be significant. No longer are we looking at cyber attacks targeting at the company or user level, we now have “attack vectors” that can potentially shutdown a shopping precinct, a power grid, a major city, perhaps even a nation. An attack vector is a path or means by which a hacker can gain access to a computer or network server in order to deliver a malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities.
Earlier this year, an Austrian hotel Romanantik Seehotel Jaegerwirt, was targeted by cyber criminals. The electronic key system at the 4-star hotel was infiltrated, rendering it useless. The hotel guests were unable to move in and out of their hotel rooms and the cyber attackers demanded a ransom of EUR 1500 in Bitcoin from hotel management. The security breach also managed to compromise the hotel’s reservation and cash desk systems, bringing the entire operation to a halt.
Justifying the hotel’s decision to pay the ransom, the managing director stated, “The hotel was totally booked with 180 guests. We had no other choice. Neither police nor insurance companies can help you in these circumstances.”
This article was originally published by The Urban Developer.