7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021
by Dr. Alina Matyukhina
Smart technology is expected to grow in 2021. The pandemic has clearly proven the value of smart, connected assets that can be managed and maintained from remote. However, connecting hundreds and thousands of devices to the Internet and cloud does raise some questions about cybersecurity. So how can we be better prepared to 2021?
Here’s some of my predictions based on the fact that the market will develop quickly into demanding cybersecure operational technology (OT) products and solutions.
1. Continuous patch management and security updates
We will move from “never change a running OT system” to “always update to latest-and-greatest patch level”. This change will be reflected in IT/OT responsibilities: OT manufacturers would provide information and access to updates and IT stakeholders would decide when and on which devices to install them. To scale, this will need ways to distribute just small patches instead of full-blown firmware updates.
2. OT transparency for IT stakeholders
OT network transparency to IT-departments will become a new norm, as lacking network visibility (and OT network complexity in general) can bring serious security issues. We will see more solutions which provide end-to-end cybersecurity monitoring down to the IoT level as a part of operations monitoring.
3. Natively secure OT network
We will move from securing OT networks with costly additional means such as VPNs, firewalls to a more built-in security directly into to standardized OT network protocols provided by the manufacturer.
4. Cloud-based access to remote sites instead of VPN
Today, to access building devices remotely, virtual private networks (VPNs) are being used to secure connections. In my opinion, VPN is not a future proof technology anymore for several reasons: VPNs may be blocked by a network provider or legally restricted; they are costly to setup and maintain. As the alternative, cloud-based access via secure tunneling will become more popular in 2021, as it enables security without making intrusive changes to corporate network infrastructure.
5. Zero touch onboarding
In the future, we will see more and more IoT devices equipped with some form of zero-touch onboarding. This technology will require no configuration by the installer to bring the device into an operational state, saving building engineers a lot of development time and expensive security engineering expertise.
6. More cybersecurity in small facilities
In large facilities and critical infrastructure, typically, cybersecurity is either driven directly by end customer’s IT-department or respective cybersecurity law. In contrast, smaller facilities, such as, kindergartens, often have no own IT-infrastructure for cost- and lack-of-skill reasons. In the future, smaller facilities will catch up to more cybersecurity demands. It is expected that these additional needs will be “outsourced” to cloud-based services.
7. Certified cybersecurity products and solutions
Product manufactures will implement cybersecurity directly into Internet-connected products, as regulations and laws will force to do so. Next generation devices will reach at least Security Level 2 by IEC62443, as well as meet some additional requirements from Security Level 3 and other standards and regulations. In case of IT and cloud-based products, ISO/IEC 27001 certification will be in the rise.
If most of these predictions become true, the connected devices will increase significantly in cybersecurity. At the same time, they will become more user friendly and less prone to misconfiguration. But there is one thing which will not change in 2021: cybersecurity has always been and always will be enabler for business continuity.
About the Author
Dr. Alina Matyukhina is a cybersecurity manager at Siemens Smart Infrastructure Global HQ. In her role, Alina is responsible for ensuring that products and solutions for smart buildings meet the required cybersecurity standards while supporting the needs of users and stakeholders. Previously, she has worked as a cybersecurity researcher at the Canadian Institute for Cybersecurity and Swiss Federal Institute of Technology Lausanne. She holds a Ph.D. in computer science for her work in software security and data privacy. Alina is currently serving as a Chair of "Smart Infrastructure" working group at Swiss Cyber Forum to improve the digital safety and security of society and economy in Switzerland and globally.