A few weeks back I blogged about the IoT (Internet of Things) and its historical ties to and implications for the building automation industry. Given factors I discussed there and in another blog where I talked about the democratization of building controls, the intelligence of building automation systems is expected to grow exponentially in the coming years, creating an integrated network of points within buildings and beyond that could help us reach the holy grail of our industry: a building (or network of buildings) that controls and monitors itself without human intervention other than preventive maintenance/repair.
This is totally awesome right? Well, it is an awesome vision and one that I hope we see come to fruition sooner rather than later, but there is a chink in the armor. Ironically, this reality’s Achilles heel is also the very same thing that makes it so powerful: internet connectivity. You see, for building intelligence to reach the point I speak about above, systems will need smarts (and varying degrees of autonomy) down to the device level and the power of these smarts is only realized when the devices are allowed to communicate something about themselves and/or their environment, or better yet, do something beneficial for themselves or others with the information they gather. So why, you might ask, is this a bad thing? Well, device “empowerment” is not bad, but once Pandora’s box is opened….You know the story.
Security (i.e., control) in a world where more “things” are already connected to the internet than humans has long been seen as a significant (if not ultimately self-destructive) problem for the IoT. In an example that hits very close to home for those of us in the building automation industry, I read today that Google recently learned (rather publicly) that a Tridium based BMS at one of its Australia based offices was breached by a couple of white hat hackers. Fortunate for Google, these “ethical” hackers simply exposed the issue and didn’t exploit it. In the hacker’s own words, “We didn’t (override the system to control the building automation system and gain access to any other systems on the same network)…but we could have!” Scary stuff when you think of not only the sensitive data that could be breached, but ways in which our physical world could be altered by someone with malicious intent.
So where does this lead us? Should we shun the power of device-level embedded intelligence the IoT affords and steer customers away from this technological trend? No, of course not. To do so would surely be futile and to our financial detriment if not demise. Plus, as much of our industry’s history has been, I see this as a story of curiosity and hope. Curiosity about the possibilities that lie ahead and hope for the benefits our buildings (and ultimately their occupants) will realize. Many in the IoT world say that the IoT’s applications are only limited by humanity’s ingenuity. In other words, they are limitless.
Security is and will remain a major consideration when designing building automation systems under the IoT revolution. Inherent in the term “connected building” is the fact that these points of connectivity are two-way streets and ones that must be secured just as diligently (if not more so) than existing points where not only can information be breached but “things” can be controlled. The IoT must help humanity achieve greater security and well-being not hinder it.
Please let us know of security issues you see with the coming IoT and/or hopes you have for the building automation systems of the future under this coming reality.