The, “internet of things,” is use of cyber and communication networks to interact with day to day objects and manipulate their usage by sending and receiving data. As the concept is being put into practical usage, smart buildings are being designed where a large number of functions will be automated and manipulated remotely through digital commands. The Government of India’s programmes such as Digital India and Smart Cities would entail possible rapid adaptation of internet of things across the board resulting in development of large number of smart buildings and smart enclaves. Security is a primary concern for smart buildings and will include in the initial stages personnel, electronic and cyber interventions placing new demands on private security agencies.
The aim of this Paper is outline the basics of security of smart buildings with focus on the integrated model.
Smart buildings are automated structures that integrate technologies to facilitate ease of usage of various services – community as well as individual without manual interventions. Combination of cyber and communication technologies facilitate manipulation of various functions in smart buildings from opening of doors, operating of lifts to adjustment of lights based on the time of the day as well as usage. The degree of automation in smart buildings will increase progressively from the basic to advanced and security will be an integral part in each phase. These stages will denote the requirement of manned guarding at the initial stages in tandem with cyber and electronic security indicating a new form of integrated security architecture.
Challenges to Security of Smart Buildings
Some of the challenges envisaged in security of smart buildings are as follows:-
- ➝ In the initial stages conversion of old buildings to intelligent structures may result in transformation problems. In the first phase component rather than structural automation may be undertaken thus each system may have different software and integrating security patches along with software compatibility will be problematic.
- ➝ Criminals keep ahead of law enforcement and security guarding companies on the technology curve thus hackers will combine with traditional thieves to subvert smart buildings gain entry into protected areas and carry out criminal acts without the occupant noticing the same. Basic hacking techniques may be adequate to pick automated locks or tampering with routers.
- ➝ Where systems are integrated compromise of security of one device may lead to neutralisation of the whole building as such exposing vulnerabilities thus inbuilt firewalls may have to be catered for.
- ➝ Apart from software the human aspect will remain the most important from the security point of view. With limited manual supervision, culturally Indians are prone to bypass security controls and also attempt to manipulate operations either out of sheer lethargy or even malafide intent.
- ➝ Importance of privacy of personal information will denote need for high level integrity of systems as compromise of the same at one level will result in ability to breach other systems.
- ➝ A malafide operator will gain control of a system with a view to extort the operator or owner by denial of access or threatening corruption and neutralization of the data. Such controls could be partial such as the energy systems of the building or total affecting all parameters.
- ➝ Smart buildings are also vulnerable to traditional hazards such as fire and may pose greater challenges by disrupting normal functioning thus preventing people from escape on their own. An example is automated door locks preventing personnel from moving out of a car which has caught fire. Thus additional safety will have to be catered for.
Systems Security of Smart Buildings
Some of the considerations in cyber and communication systems security of smart buildings are as follows:-
- ➝ Security physical as well as systems or IT should be incorporated in the design of buildings thus a holistic perspective will be necessary at the initial stage. Occupants or their advisers will have to be incorporated early in planning so that user friendly controls are devised.
- ➝ Very strong access controls and redundancies will have to be inbuilt in the system. This is particularly essential for residential buildings as denial of access to homes can create emotional and social stress thereby providing greater incentive to criminals to target the same for extortion.
- ➝ Familiarity of occupants of the building with the technical, safety and security features would be a preliminary requirement that will have to be catered for at the outset.
- ➝ For investigation of security incidents, ‘black box,’ which can capture all information and survive an accident including an extreme fire hazard, would have to be catered for.
- ➝ Security of information and privacy of the owners and occupants of the building, integrity and sustainability of operations and continuity in availability to the users assumes importance.
- ➝ From the cyber point of view simple as well as complex controls such as passwords and secure codes respectively will have to be built in. Master codes will be required for the security staff or the management for entry for examination of a breach or in case of emergency. A two factor authentication should be standard practice with one being a biometric one such as a finger print or iris scan.
- ➝ All systems should be stand alone and not exposed to the World Wide Web or removable input devices such as pen drives and CD Roms through which system could be corrupted. In fact these are the most common means of compromising a system and in the case of a smart building given access to large number of personnel will need special attention.
- ➝ Care will have to be exercised while implementing software upgrades or patches as this is when most systems are compromised.
- ➝ The building operating network will have to be separated from the business operating network as there could be compromise and interference if these are integrated.
- ➝ Daily testing of security should be inculcated to ensure compromise is detected well in advance.
Integrated Security and Manned Guarding
Smart buildings will not obviate the requirement of manned guarding in the near future; however nature of skills will change. Aspects related to integrated security and manned guarding is as follows:-
- ➝ Smart buildings can integrate functions of security and facility management thus composite service will be preferred by the customer and differentiation in traditional management of these domains may become redundant.
- ➝ For security integrated teams will have to be formed to comprise of manned guards, technical operators and supervisors for holistic management.
- ➝ Physical verification of activity will be an important requirement in a high security building so that double check is ensured. For instance logging entry of an individual can be physically verified by a manual guard discretely or overtly with the identity so that unauthorised entry is prevented.
- ➝ Physical security of the control room assumes importance and access to the same as well as guarding should be given priority as this can compromise the entire network. This should be planned and executed to ensure fool proof arrangements are made.
- ➝ Specialised training of guards, supervisors and managers will be necessary. Managers will have to be skilled in both physical and systems security issues for high degree of assurance.
Transition from traditional to smart structures is inevitable and with the push by the government this change may happen sooner than later, thus private security agencies need to adapt to the same and be prepared to meet the future requirements a brief overview of which is provided herein.