Key actors are joining forces to contribute with guidance for the real estate, building and construction industry, to raise the level of cybersecurity and gain control of its cybersecurity risks going forward.

HRP, Entra, Defendable and Intility are coming together to improve cyber security in smart buildings.

Digitalization has become an important part of the real estate, building and construction industry, and smart buildings and building management systems (BMS) are areas in rapid development. Today's construction projects often have high ambitions with regards to technology, which are typically gathered under the term "smart technology".

In in a joint statement to the press, we argued that this also creates a demand for the industry to put cyber security on the agenda.

When launching the annual report “Nasjonal digitalt risikobilde” for 2022, The Norwegian National Security Authority (NSM) emphasized that cyber attacks have become an everyday occurance. HRP, Entra, Defendable and Intility believe this to be an under-communicated but critical risk for the real estate, building and construction industry. They have therefore assembled their expertise and experience in the area, in a joint effort to contribute to cyber security in smart buildings.

Technology is intended to solve well-known problems in a better and more efficient manner than previously possible. This influences how we construct and use our buildings, which also changes the considerations we must take into account when planning our projects and implementing our solutions. HRP has experienced a rise in the use of the words "smart" and "digitalization" in today's construction projects, whilst the word "security" is often left out. This is problematic as our buildings are connected to an increasing number of internal and external systems, which in turn expands the attack surface and the risk of data attacks.


The contractor's new challenges

The contractor constantly faces new and challenging requirements for sustainable, stable, and flexible solutions with regard to the environment and economy. This has resulted in concepts such as PropTech, circular economy and the Internet of Things entering an industry that still bears the stamp of a culture that is not reconciled with modern ideas. This has meant that the digital level of ambition for smart buildings, both new and restored, has been constructed on traditional IT architectures. Consequently, the solutions have become fragmented and suboptimal and hence left building management systems open to deliberate and unwitting attacks.

We are now seeing a shift in the industry, where more contractors are working towards consolidated ICT solutions, which bring together building management systems into one technical infrastructure, yet the industry and its suppliers are still lagging behind in its traditional thinking. BMS is no longer delivered on dedicated physical solutions that exists locally within the building, by the individual supplier, but rather as composite cloud-based services for local BMS where information exchange across systems (access, fire, lift and ventilation) is expected to be solved seamlessly on the network using TCP/IP.


Challenges in the building's IT architecture

Consolidation alone brings about its own challenges when it comes to the design of the building's IT architecture, but as the complexity has now moved from a physical to a logical level, this places completely new demands on security and technology choices for ICT infrastructure in an industry where project plans, procurement processes and cost-benefit assessments are based on traditional thinking.

With the companies' insight into the industry, HRP took the initiative to establish a partnership with key actors within real estate, IT operations and cyber security – Entra, Intility and Defendable. A joint effort was established with these specific actors as the need for expertise within both the industry and various security disciplines became visible.

A project has now been launched to map the cyber security challenges, and furthermore produce guidance material that can aid the industry to raise the security level and gain control over security risks going forward.

The ambition is to relate the guide to relevant frameworks and best practice, and then industry-specific conditions. In addition to drawing on extensive expertise within their own organizations, an extended consultation group will be established to provide the same opportunity to additional actors to create even more input.

The companies want to create something that is relevant to the masses and will therefore spend time involving everyone who wants to contribute to enhanced cyber security in smart buildings.