Interoperability also means anticipating the needs of the future. Designers must consider what types of IoT-enabled devices may be used in the building, what would be connected, and what infrastructure would be necessary to support this. These early considerations are important, regardless of whether IoT devices will be used immediately upon building completion, or if the framework is being laid for later adoption. Having a flexible and adaptable infrastructure to meet the building’s future needs as they change and grow is a huge part of the value of IoT.
Cybersecurity
Those responsible for product cybersecurity and providing secure referent operational technology (OT) architectures might not fall under the responsibility of a chief technology officer as different companies organize these functions in different ways. For example, some companies put this in the chief information security officer’s (CISO’s) organization. When it comes to actually implementing these referent architectures in a smart building, it becomes the responsibility of the system integrators, working with security consultants, to ensure a secured solution is provided. Designing security must be top of mind for those undertaking a new building project. Any IoT device connected to a network could pose a risk, but it could be mitigated when the designer brings together OT and information technology (IT) for integrated security.
Cybersecurity must be considered when defining the solution architecture for IoT in a new building, from securing networks all the way to selecting the right devices. With connected devices, cybersecurity starts at product development. Designers should look for solutions and vendors who incorporate a secure development lifecycle (SDL) process when developing products, addressing security measures from concept through execution. They should select products that:
- are secure by design (e.g. products benchmarked against international security standards);
- meet International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 62443-4-1, Security for industrial automation and control systems – Part 4-1: Secure product development lifecycle requirements, and applicable security functions from 62443-4-2, Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components, (e.g. profiles) and standards;
- come from vendors with dedicated cybersecurity test labs; and
- have security advisors keeping up with ever-changing risks and working with product development teams.
Securing the supply chain is becoming increasingly important to end-system owners. Architects and designers must require that similar security measures are followed by the vendors and partners they select. In 2019, connected devices cannot be put online without having proper security measures in place. Secure solutions do exist, and they should be an essential part of the planning process.
Building for future-ready cities
While it is still the early years of smart buildings, the architecture, engineering, and construction (AEC) sector tends to think of them individually rather than in terms of what they can contribute as a cohesive group. Construction of more smart buildings will lead to the advancement of smart cities, which holds a lot of possibilities for the collective future.
The IoT market for commercial buildings is expected to grow 25 percent annually to become a market of more than $85 billion in 2020. By 2025, 50 percent of all building systems and devices will be connected. It is to the benefit of building designers to plan now for how IoT could be incorporated. Much of the technology is wireless so it can be easy to reconfigure these devices if the right communications systems are incorporated into the building from the beginning.
As IoT expands in the industry, it is recommended consultants have an understanding of global standards such as IEC 62443-4-1 (formerly ISA 99) cybersecurity certificate programs and applicable local standards to ensure secure implementation of IoT and industrial automation and control systems (IACS). Certifications on secure design and deployment linked to IEC 62443-3-3, Security for industrial automation and control systems Part 3-3: System security requirements and security levels, and 62443-2-4, Security for industrial automation and control systems, Part 2-4: Security program requirements for IACS service providers, are also available from reputable certifying bodies, which help consultants test their knowledge and experience.
Designers and architects need to have a vision for how IoT will be used, developed in partnership with the building’s owner, and anchor tenant. With this vision in mind, energy management experts and automation vendors can consult on the next steps of the process, including how to integrate and connect all the various IoT systems within a structure for a fully connected, smart, and future-forward building.
