The CEO of cybersecurity AI company Darktrace made headlines last year when she told the story of a casino that was hacked through its aquarium thermostat.
That’s right, a fish tank thermostat. This connected device transmitted data to the cloud for remote monitoring of the aquarium’s temperature. Hackers exploited a vulnerability that gave them a foothold in the casino’s network, allowing them to access a database of high-roller customers.
Internet of Things technologies offer commercial landlords and their tenants elegant new ways to be leaner, greener and more efficient – but also provide new vectors of attack for external hackers and disgruntled employees alike.
Addressing that threat is always top of mind for Terry Young. As KRP Properties’ vice-president of operations, he bears the responsibility for securing 33 buildings spanning 3.1 million square feet of space in Kanata North.
Buildings, it should be noted, that house world-class technology companies and some of the greatest minds on the planet. Innovation and bleeding edge tech are considered par for the course, even if most people give little thought to what happens when they flick a light switch or adjust their office thermostat.
“We have clients who live and work in buildings where the financial impact of a vulnerable digital system can be quite significant,” he said.
In the absence of a blank cheque and an unlimited budget, Young and his team work as cost-effectively as they can to raise the standard of every building in KRP Properties’ portfolio, regardless of its vintage.
“You just need the right attitude and a lot of smart people,” Young said.
HVAC, lighting, building automation, physical security, access control – every operational system has or is in the process of being upgraded with IoT technologies for more cost-efficient and reliable operation.
Supply chain collaboration is key.
The industry eco-system to enable all this hasn’t really changed since the pre-IoT era. Original equipment manufacturers deliver the various products and solutions. Integrators configure and implement. Service providers review and maintain. The facility staff manage and monitor with support from any required IT, data security and legal resources.
What has changed is how these various players, many of whom are competitors, must learn to work together in the same sandbox. To adequately secure a connected building, in which hundreds of touchpoints may be passing data back and forth to the cloud, they must collaborate like never before.
“I get all our vendors in the same room and I tell them, we are not here to talk about who gets the next contract,” Young said. “But what are the best practices, how do we create a safer and more secure environment for our tenants and what does that look like?”
These questions shape the agenda at the industry conferences which Young attends, for example, June’s IBCon Commercial Real Estate Conference and Expo in Nashville. This event (Young sits on the advisory board) drew attendees from 20 countries to discuss best practices on how best to secure, and operate, a connected building. Knowledge sharing that he applies every day at KRP Properties.
“It’s all about focusing on relationships,” Young said. “Understanding the relationships between sensors, devices, controls and systems and appreciating how different vendors in our supply chain have to cooperate for our tenants’ benefit. The best people in our supply chain understand they need to work together in the same sandbox. Those who don’t are not invited to work in mine.”
IoT cybercriminals find plenty of targets
The last report on the subject from security firm Symantec found that the number of IoT attacks increased from about 6,000 in 2016 to 50,000 in 2017 – a 600 per cent rise in just one year. According to IoT Analytics, the number of IoT-connected devices worldwide rose to 7 billion in 2018 from 5.9 billion in 2017 and is expected to reach 21.5 billion by 2025.