Products
DEOS composing Portfolio

Discover our extensive product portfolio for building automation. From the BACnet/SC controller to the B-AWS certified building control system OPENweb, you will find the right product for your individual project.

Product Overview
Solutions

Discover our practical solutions for building automation. Benefit from energy monitoring, remote access and site networking, and many other solutions.

Solutions Overview
Services

Discover our range of services for our partners, customers and interested parties.

Services Overview
Why DEOS?

We make our partners more successful. You too can find out why you should work with us.

Learn more
Whitepaper

Here you will find practical information and tips on classic building automation and modern smart buildings in a high-quality format.

Overview
Blog The importance of IT security for buildings: a look behind the scenes
Blog

The importance of IT security for buildings: a look behind the scenes

20. June 2024
Share blog post
IT-Sicherheit in der DEOS Gebäudeautomation

Contents

  1. The importance of IT security for buildings: a look behind the scenes
  2. The growing threat of cyber attacks
  3. The development of technical building equipment
  4. Advantages and disadvantages of digitization
  5. Why is IT security important for buildings?
  6. The challenges of IT security in buildings
  7. IT security at all three levels in building automation: “Defense in Depth”
  8. Measures to ensure IT security in buildings
  9. Effects of cyber attacks on companies
  10. IT security at DEOS
  11. Conclusion

The importance of IT security for buildings: a look behind the scenes

In a world permeated by technology, building security is no longer limited to physical measures such as locks and alarm systems. The increasing Networking of devices and systems has made IT security a crucial componentto protect buildings from potential threats. In this blog post, we take a closer look at the importance of IT security for buildings and building automation and what steps can be taken to ensure it. Find out now and Create your own security concept for your building!

The growing threat of cyber attacks

According to Gartner*¹, spending on security solutions will continue to rise worldwide, which is due to the growing threat of cyber attacks points out. In 2018, spending on security solutions already amounted to 96.3 billion dollars.

Companies are increasingly turning to intelligent products and solutions to increase their productivity and operational efficiency to increase. This The advantages of connectivity and digitalization also increase the vulnerability to cyber risks. In 2013, cybercrime ranked 18th in Aon’s Global Risk Management Survey*². In 2023, the cyber risk in Germany is even in second place, directly behind the commodity price risk/material shortage. Worldwide in 2023, the Cyber risk in 1st place.

A worrying scenario arises, for example, when an IT network is compromised by malware or social engineering attacks is compromised. Hackers or malicious employees could gain access to the building and its networked systems. The consequences can be devastating, as not only is data compromised, but physical systems such as the lighting, fire protection system and access control system can also be manipulated.

Security in building automation

The development of technical building equipment

The importance of IT security in building automation has risen sharply as more building building automation solutions are accessible via the Internet and the Internet of Things (IoT) is expanding. Integration with other devices is now essential, but also brings New attack opportunities for cyber criminals with it. In contrast to conventional IT, building automation not only involves data, but also Physical building facilities at risksuch as ventilation systems, lighting and doors. An attack on the building automation system can therefore potentially Safety-relevant effects on the building have themselves. The risk depends on the sensitivity and integration of the building automation system.

Advantages and disadvantages of digitization

  • Reduction of pollutant emissions

    Improving energy management and energy efficiency can help to significantly reduce CO2 emissions from buildings.

  • Remote Access and Management

    Digital solutions allow users to monitor and manage the building remotely, increasing flexibility and responsiveness.

  • Increasing business productivity

    Integrating technology into buildings and workplace design can increase efficiency and provide important data to optimize business performance.

  • Improved operational efficiency

    By using building data, you can make informed decisions based on real-time data on heating, ventilation, air conditioning, lighting and shading.

    • Nevertheless, it is important to note that it also has potential disadvantages –
    particularly in terms of security.

    Why is IT security important for buildings?

    The integration of IT systems in buildings offers numerous advantages, but also harbors potential risks, as networked systems are vulnerable to cyber attacks. A hacker who gains access to a building’s IT infrastructure could not only steal sensitive data, but also manipulate physical systemssuch as access control systems so that the hackers can hackers can give themselves access to your building. can gain access to your building.

    The challenges of IT security in buildings

    One of the biggest challenges in the field of IT security for buildings is the variety of networked devices and systems. From surveillance cameras to access control systems Any device can be a potential entry point for hackersif it is not properly secured. Outdated software, insecure configurations and a lack of staff training are further weak points.

    IT security at all three levels in building automation: “Defense in Depth”

    The plant safety, network security and system integrity are crucial aspects for IT security in building automation. A multi-layered approachthat follows a concept called “Defense in Depth” is required to protect systems both all around and in depth.

    Plant safety

    Facility security refers to physical access controls, such as building security and access cards. Continuous safety monitoring and analyses help to identify and classify safety-relevant events. Operators receive regular status reports on the safety status of the system.

    Network security

    Network security includes the protection of automation networks against unauthorized access. This includes the Segmentation of networks, the use of firewalls and VPNs and the establishment of a demilitarized zone (DMZ) for secure data exchange. In addition, the Remote maintenance access to the Internet can be controlled and secured.

    Learn more

    System integrity

    Securing system integrity includes the Snsuring system integrity includes protecting automation systems from unauthorized access, authenticating users and hardening systems against attacks. Special attention is also paid to the protection of know-how and access authorization.

    Learn more

    Interest aroused?

    Download the white paper IT security in building automation now.

    Effects of cyber attacks on companies

  • Damage to reputation and brand image

    In today’s connected world, no company remains untouched by the potential impact of cyberattacks. A cyberattack can lead to Serious damage to reputation and brand lead. The manipulation of data or processes can not only affect the shake customer confidencebut also legal consequences and financial losses for the company.

  • Downtime due to operational disruptions

    The operational stability of a company can be significantly impaired by cyberattacks, primarily if they affect the control of operating systems concern. Disruptions in the building automation or physical security systems can lead to serious consequences. ranging from temporary operational disruptions to potentially life-threatening situations. The security of these systems is therefore crucial to ensure business continuity.

  • Beeinträchtigung der Bonität

    The financial stability of a company can be significantly jeopardized by cyber attacks or a lack of preparation for them. Rating agencies are increasingly taking into account the risk of cyber attacks when assessing the creditworthiness of companies. A successful cyberattack can not only lead to direct financial losses, but can also jeopardize the affect the confidence of investors and business partnerswhich can have a long-term impact on the company’s credit rating.

  • Erhöhte Versicherungskosten

    Companies that take inadequate security measures against cyber attacks can face increased insurance costs are confronted with. Insurance companies carefully assess the risk of cyber attacks and adjust their prices accordingly. Companies that cannot demonstrate that they have taken appropriate measures to strengthening their cyber resilience risk paying higher prices and possibly having problems with the settlement of insurance claims.

    • Measures to ensure IT security in buildings

    First of all, all potentially endangered components and then the risk of these attacks be determined. The extent of this risk varies depending on the frequency with which the hazard occurs (estimate of occurrence) and the potential damage that could result. The higher the risk, the more stringent the components are protected.

    The biggest risk factors are mostly:

    • The individualEmployees must be informed about security best practices in order to recognize and prevent phishing attacks, social engineering and other threats.
    • Lack of authentication and authorizationWeak or default passwords, insecure access control and lack of user identity verification can allow unauthorized access.
    • Outdated software and firmwareOperating systems, applications and device firmware that have not been updated may contain known security vulnerabilities that can be exploited by attackers.
    • Lack of encryptionData transmitted between devices in the building automation system should be encrypted to prevent interception and manipulation by third parties.
    • Lack of network segmentationIf the building automation network is not properly segmented, attackers can move around the entire network from a compromised device.

    The basic measures for good IT security for building automation are as follows:

    • Regular Checking and updating the IT infrastructureIt is important that all networked devices and systems are regularly checked for vulnerabilities and kept up to date.
    • Strict access controlAccess to sensitive systems should be strictly controlled and only granted to authorized persons. This can be achieved by implementing multi-level authentication methods can be achieved.
    • Staff trainingEmployees should be informed about the risks of cyber attacks and trained in how to recognize and respond to suspicious activity.
    • Encryption of dataSensitive data should be encrypted to protect it from unauthorized access, especially during transmission over networks.
    • Use of security technologiesFirewalls, intrusion detection systems and antivirus software are just a few examples of security technologies that can help protect building systems.

    IT security at DEOS

    Maximum security with remote services

    The Secure Connect Portal offers a range of remote services that provide maximum level of security guarantee. SSL encryption routes confidential data traffic via HTTPS, while secure VPN connections enable protected communication. Automatic security updates ensure that the system is always up to date and that potential security potential security gaps are closed. are closed.

    Learn more

    Building management system OPENweb Cloud

    The building management system OPENweb Cloud relies on maximum security. Regular Maintenance, virus scans and SSL encryption guarantee the integrity of the data. In addition, the implementation of a 2-factor authentication an additional layer of security to prevent unauthorized access.

    Learn more

    DDC controller and IT security

    The DDC controllers are designed for maximum operational reliability designed. A redundant system structure ensures constant availability, while HTTPS and an integrated firewall increase protection against external threats. These measures help to ensure the security of the building automation system and minimize potential attack vectors.

    Learn more

    Connect Box with maximum IT security

    The Connect Box offers maximum IT security thanks to an SSL-encrypted VPN connection. This secure connection ensures protected operation and protects sensitive data from unauthorized access. The use of state-of-the-art security technologies ensures that Maximum security for the building automation infrastructure is guaranteed.

    Learn more

    More information on security in building automation?

    Find out all about our solutions for security in building automation.

    Conclusion

    The security of buildings and building technology goes far beyond physical measures and today also includes the security of the IT structure. With devices and systems becoming increasingly interconnected, it is crucial that building owners and operators take the necessary steps to protect their protect digital infrastructure from potential threats. Through the planning and implementation of best practices and the The use of modern security technologies can make buildings safer and more resistant to cyber attacks. against cyber attacks.

    *¹ Gartner is a global research and advisory company specializing in information technology and related fields. It provides IT security expertise, analysis, reports and advisory services to organizations in a variety of industries.

    *Aon is a global consulting and services company that specializes in risk management, among other things. Aon’s Global Risk Management Survey is a comprehensive study conducted every two years to identify the current risks and challenges facing companies worldwide.

    Interest aroused?

    Then contact us! We’re glad to help.

    Our references

    All references

    You might also be interested in:

  • Whitepaper

    Download our white papers, case studies or trend reports free of charge and find out more about relevant topics in the field of building automation.

    Learn more

  • LoRaWAN sensors & thermostats

    Our LoRaWAN sensors are ideal for the post-digitalization of existing buildings. You too can turn your building into a smart building.

    Learn more

  • LoRa Gateway

    The LoRa gateway serves as a data collector in the building and collects data from LoRa devices. The special feature: With the integrated Modbus interface, the gateway offers a direct connection to building automation systems.

    Learn more