The Internet of Things (IoT) is the next big thing in facilities management, set to reshape business by offering numerous and significant benefits. However, last week’s global ransomware attack (aptly named WannaCry) affecting thousands of online devices including at the UK’s National Health Service, Spain’s Telefónica and the US National Security Agency, has served as a lesson on cyber safety to help prevent future infections.
What is IoT?
The Internet of Things is “the network of physical objects that contains embedded technologies to communicate and sense or interact with their internal states or the external environment”; essentially a network of wireless connected devices, communicating via a central management hub. Researchers believe that the total number of such devices will reach 40-50 billion by 2020, a huge leap ahead from the perhaps 10 billion we have today. A device becomes ‘smart’ when it has inbuilt sensors that transmit data to specific servers that can analyse that data to allow decisions to be made. They allow management of every aspect of a building, and professionals across the built environment are finding ways to use them to add value in areas like HVAC, security, energy utilisation, occupancy, asset performance and fault management.
A sensor placed next to an asset can continuously collect performance data and monitor asset condition, sending out an alert to the IWMS system when any changes are identified. If the change requires immediate action, an engineer can automatically be alerted to attend to the asset. But in any case the IWMS system will retain the information in its history files, providing a basis for ongoing assessment of performance as well as input to predictive maintenance regimes. This, combined with data gathered from other sensors, on doors, lighting and desks for example, provides opportunities for new, more efficient customer service, greater cost savings and a more people-focused workplace – especially where the IoT links into the facility’s powerful IWMS database.
But whatever the application, these devices are increasingly dependent on cloud technology to communicate with each other as well as the variety of applications that support them. This is predominately done without the need for any human involvement – and, as such, there can be an inherent security risk.
While the WannaCry attack was particularly malicious and took advantage of those using older software systems like Windows XP (where security updates are less frequently released) this isn’t a one-off. According to AT&T in the past three years there has been a 3,198% increase in attackers scanning for vulnerabilities in IoT devices. However, there are best practices that can be applied today to help protect systems. These include:
- Device authentication – Both the device software and hardware should be authenticated when accessing a network
- App access controls – Restrict which applications access a device and monitor data transmitted via standard mechanisms such as firewalls and IPS
- Lifecycle management – Devices should ship with current software versions and be able to receive timely updates to both software and firmware via automated safe and secure methods
- User access controls and credentials – Apply access controls and password policies to limit user access. Include strong authentication with unique generated passwords or use secure certificate credentials
- Data – All personal identifiable data in transit and in storage should be encrypted using up-to-date security and cryptography protocols and standards.
The reality today is that the majority of connected devices are still unsecured – and that number is growing daily. So, for FM the prospect of introducing IoT systems to enhance data collection and service delivery holds great appeal – but the advice for the moment should be: proceed but with safety and security in mind.
Don’t miss out on the latest news, views and trends – sign up to get Service Works’ weekly blog sent directly to your inbox: http://www.swg.com/can/blog-signup/