The necessity of considering cybersecurity in designing smart buildings

Verfasst von M. Rahimi, S. Teufel, IIMT am 06.12.2017 - 13:23

Designing buildings has greatly enhanced in preceding years through better integration and improving processes, by implementing Internet-enabled building control systems. However, this dependency on digital systems has its own downsides. Besides, precautionary measures are often ignored because those responsible lack knowledge and awareness. This summary explains why cybersecurity is so prominent a subject that all buildings should be provided with precautionary plans.

By M. Rahimi and S. Teufel, International Institute of Management in Technology (IIMT), University of Fribourg

In the digital age, we are at the mercy of the Internet that makes our life easier. The technological world has contradictory effects on human life. While it brings great advantages in many ways, it has disadvantages as well. Designing buildings also have experienced a radical evolution through improvement of processes using industrial control systems. In this way, both constructors and residents have gained benefits and satisfaction. For instance, using technology for reducing energy consumption, implementing applications for space management, or an extensive range of building sensors used to provide occupancy and usage information [1].
Nonetheless, this close tie with digital age put many of buildings, inhabitants and equipment at potential risks. Although most people do not suppose digital systems and the Internet to be dangerous, no one is exempt from cyberattacks, hacks and security breaches [2].

Smart home definition

A smart home can be defined as a home in which the network communications of control sensors, applications and other internet-enabled devices are linked together in order to allow occupants have access to remote monitoring and controlling [3]. In addition, the Buildings Performance Institute Europe describes a smart home as one in which energy consumption is highly efficient and can supply a portion of its energy demand by using renewable energy sources. A smart home equip its residents with energy flows control, and can recognize the needs of occupants in issues like, health, air quality, comfort, technical requirement and safety [4].

What is cybersecurity?

Cybersecurity can be defined as a “collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. In this sense, organization and user’s assets include connected computing devices” such as building environmental controls (e.g. lighting), or systems such as the electrical power grid [5]. The final objectivities of cybersecurity is to maintain people and assets secure against possible attacks in cyber environment [5]. Cybersecurity is becoming a major concern nowadays since cyber threats includes issues that irritate or completely paralyze people. An addition, cyberattacks involve various forms from cybertheft to cyberextortion [6]. In this sense, smart buildings are hardly safe from hackers [7].

Threats to smart buildings

Vendors have benefited using smart home infrastructure. Nevertheless, they often neglect the privacy and security needed to be concerned in smart buildings [8].
According to the results of a survey in UK, it is argued that out of 1,523 businesses nearly 46% experienced at least one cybersecurity attack in preceding 12 months [9]. The Guardian quoted the insurance broker Lloyd's of London warning that a main cyberattack can lead to a disaster with the damaging cost of nearly $120bn - even more than the cost to remedy the impact of Hurricane Katrina in USA [10]. According to the outcome of a survey carried out in Switzerland, 88 percent of companies surveyed identified a minimum of one cybercrime in the last year, which is a significant increase from 54% in 2016 [11-13]. Cyberattacks to business can lead to data loss, physical and properties damage or even threats to residents’ health and safety [7, 14].

The following points show why cybersecurity needs to be taken into account in the development process of designing buildings.

- A significant example is cyber attacking in pricing. Smart homes are very sensitive about cyberattacks. Manipulation in the amount of energy consumed and displaying the unreal price in bills can be done by hackers [15].
- Cyber attackers can
o interrupt elevator system moves;
o increase the heat of the houses;
o shut down the building’s electrical system;
o penetrate to IPcameras to disconnect recording, or spyon residents[13].
- In locations where sensitive information is handled, such as for example government buildings, cyberattacks can result in a catastrophe such as hacking the whole IT networks [16].
- In organizations, hackers can get access to organizational data and properties [17], data loss can be a consequence.
- Lack of proper access to system events that has an adverse impact on tracing them [16].
- End-users might get access to data that they are not allowed normally [11].
- Property damages and even physical harm to human residents [14].

Supply chains are highly vulnerable to cybersecurity attacks. The process of raw material, the final product and data can be out of control by a major attack. In addition, these disruptions might have a direct effect on dramatic profit reduction and finally lead companies to massive failures [18].

There are various kinds of cyber risks related to different elements of a building; based on buildings architectures and the dependency on new technology, common attacks for each part can be identified and classified.

Cybersecurity and smart buildings

To ensure the security of residents and maintenance of assets, it is necessary that designers provide adequate precautionary measurements against cyber risk. However, implementing cybersecurity plans are not easy for people due to the gap in learning and the ongoing rapid changes in this area. Furthermore, framing cybersecurity is not straightforward and this results in a failure to implement suitable measures and develop appropriate policies [14]. For this reason, making security rules in Internet of Things (IoT) environments has been recognized as one of the significant barriers for understanding smart buildings’ vision [19].

Cyber attackers look to cause the greatest possible impact, and because of the emergence of the IoT and new internet-enabled equipment, the field of smart building sounds attractive to them. Therefore, it is estimated that the number of smart building attacks will increase dramatically over the next few years [16]. It is also worth mentioning than an attack, and its consequences, might remain undetected for months [16]. Immunizing buildings from cyberattacks requires a new security architecture that brings visibility through IT and networks [16, 17]. Cybersecurity is as crucial to smart buildings as disciplines such as structural, earthquake and fire engineering [1].

Consequently, people and especially managers should alter their attitude towards security architectures, which involves more attention to ICT (information and communication technology) and IoT fields, just similar to how attackers look at them [16, 17]. Therefore, instead of being afraid or trying to ignore it, we have to learn how to manage it. Applying proper systems and software engineering techniques to the design of buildings is a principal first step [1].


This summary explains that the more ICT and networks are used in smart buildings, the more managerial and technical challenges have to be considered. Although it is plainly visible that implementing new technologies offer noteworthy merits to society, cybersecurity threats should be taken into account. If these threats are not considered in a building’s lifecycle design, the consequences will lead to severe economic, safety and even health problems [1].

The global industries should immediately raise awareness related to cybersecurity, as they are becoming heavily reliant upon ICT. This awareness should include a plan to cover the whole building lifecycle and has to include sufficient practical skills training [1].


1. Boyes, H.A., Cyber securiy of inteleginet buildings: A review, in 8th IET International System Safety Conference incorporating the Cyber Security Conference. 2013: Cardiff, UK.
2. Arora, A., A. Nandkumar, and R. Telang, Does information security attack frequency increase with vulnerability disclosure? An empirical analysis. Information Systems Frontiers, 2006. 8(5): p. 350‐362.
3. Gram‐Hanssena, K. and S.J. Darbyb, “Home is where the smart is”? Evaluating smart home research and approaches against the concept of home. Energy Research & Social Science, 2018. 13: p. 94–101.
4. Groote, M.D., J. Volt, and F. Bean. Smart buildings decoded. A concept beyond the buzzword. 2017; Available from:‐buildings‐decoded‐a‐concept‐ beyond‐the‐buzzword/.
5. ITU Definition of cybersecurity. 2017; Available from:‐ T/studygroups/com17/Pages/cybersecurity.aspx.
6. Weber, R.H. and E. Studer, Cybersecurity in the Internet of Things: Legal aspects. computer law & security review, 2016. 32: p. 715–728.
7. Alaab, M., et al., A review of smart home applications based on Internet of Things. Journal of Network and Computer Applications, 2017. 97: p. 48–65.
8. Jacobsson, A., B. Carlsson, and M. Boldt, A risk analysis of a smart home automation system. 2017.
9. Klahr, R., et al. Cyber security breaches survey. 2017; Available from:‐security‐breaches‐survey.
10. Kollewe, J. Lloyd's says cyber‐attack could cost $120bn, same as Hurricane Katrina 2017; Available from:‐says‐cyber‐ attack‐could‐cost‐120bn‐same‐as‐hurricane‐katrina.
11. Cyber Crime in Switzerland: Sharp Upturn with New Threats 2017; Available from:‐crime‐in‐switzerland‐sharp‐upturn‐with‐ new‐threats.
12. Arikan, C. Cyber crime in Switzerland: sharp upturn with new threats posed by artificial intelligence 2017; Available from:‐ releases/2017/05/cyber‐crime‐in‐switzerland.html.
13. Allen, M. Cybercrime is skyrocketing in Switzerland. 2017 Available from:‐extortion‐blackmail_cybercrime‐is‐ skyrocketing‐in‐switzerland/43226430.
14. Shackelford, S., et al., When Toasters Attack: A Polycentric Approach to Enhancing the ‘Security of Things’. Kelley School of Business Research Paper No. 16‐6, 2016.
15. Guelzim, T. and M.S. Obaidat, Cloud computing systems for smart cities and homes, in Smart Cities and Homes. 2016: Key Enabling Technologies. p. 241–260.
16. Dar, A. Smart Buildings Require Full‐Stack Cybersecurity 2017; Available from: https://www.infosecurity‐‐buildings‐full‐stack/.
17. Jarmakiewicz, J., K. Parobczak, and K.M. ́slanka, Cybersecurity protection for power grid control infrastructures. international journal of critical infrastructure protection, 2017. 18: p. 20–33.
18. Mensah, P., Y. Merkuryev, and F. Longo, Using ICT in Developing a Resilient Supply Chain Strategy. Procedia Computer Science, 2015. 43: p. 101‐108.
19. Bruijn, H.d. and M. Janssen, Building cybersecurity awareness: The need for evidence‐based framing strategies. Government Information Quarterly, 2017. 34: p. 1‐7.