The real estate industry is undergoing a rapid digital transformation. More and more systems in our buildings are being connected and integrated to increase comfort, optimize energy use, and offer new services. This development blurs the line between traditional IT, which handles information and data, and OT, the operational technology that controls the physical processes in the building. This convergence creates a more complex security environment where threats can come from unexpected directions and have unforeseen consequences.
OT in buildings: The invisible nervous system
In modern buildings, OT systems are the backbone that keeps many critical functions running. This includes control systems for heating, ventilation, and air conditioning (HVAC), lighting systems, access control systems, elevators, and fire alarm systems. These systems, which were often isolated in the past, are now connected to networks to enable remote monitoring, data analysis, and smarter control. This connectivity brings great benefits in terms of efficiency and user-friendliness, but it also introduces new vulnerabilities that must be managed.Why is integrated security so critical?
Traditionally, security in buildings has focused on physical protective measures such as locks, alarms, and surveillance cameras. In the digital era, this is no longer sufficient. A cyberattack can potentially compromise the entire building’s functionality, from shutting off heating in the middle of winter to manipulating access control systems. The consequences can range from financial losses and operational disruptions to, in the worst case, endangering people’s safety.Protecting these integrated systems requires a holistic view of security where IT and OT are not seen as separate domains but as a cohesive whole. It involves understanding how an intrusion in an IT system can potentially be exploited to affect OT systems, and vice versa.The multifaceted threats
The threat landscape against buildings’ IT and OT systems is complex and constantly evolving. Some of the most common and concerning threats include:- Ransomware: Criminals can encrypt critical systems and demand ransom to restore them. This can paralyze important functions such as energy management or even access control systems.
- Sabotage: State actors or others with malicious intent may attempt to cause damage by manipulating or shutting down critical systems. In a country with a cold climate, this can have serious consequences if, for example, heating systems are disabled during winter.
- Data breaches: Unauthorized access to networks can enable theft of sensitive data, such as energy consumption, tenant information, or even blueprints and system configurations. This information can then be used for extortion or other criminal purposes.
- Denial-of-Service attacks (DDoS): By overwhelming systems with traffic, attackers can cause operational disruptions and make critical services unavailable.
The way forward: A proactive security strategy
Building robust IT and OT security in buildings requires a strategic and proactive approach. Here are some key components:- Thorough mapping and risk analysis: The first step is to identify all connected systems and the data they handle. Then, potential threats and vulnerabilities need to be analyzed to understand which risks are most urgent.
- Network segmentation: Separating different systems into logical network segments can limit the spread of a potential attack. If one system is compromised, segmentation prevents the attacker from easily reaching other critical parts of the building’s infrastructure.
- Implementation of security measures: This includes firewalls, intrusion detection systems, strong authentication, and regular patching of systems and software.
- Monitoring and logging: Continuous monitoring of network traffic and system logs can help detect anomalies and early signs of an attack.
- Training and awareness: People are often the weakest link in the security chain. Educating staff and tenants about cybersecurity risks and how to avoid them is crucial.
- Incident management plan: Having a clear plan for how to act in the event of a security incident is important to minimize damage and quickly restore normal operations. This includes procedures for identification, isolation, remediation, and recovery.
- Collaboration between IT and OT: To effectively manage security in integrated systems, it is important that IT and OT departments cooperate and share knowledge. Often, these teams have different expertise and perspectives that complement each other.
From reactive to proactive
Many real estate companies are still in a reactive mode regarding cybersecurity, where measures are taken only after an incident has occurred. The step to a proactive security strategy, where risks are continuously identified and mitigated before they are exploited, is crucial to protect the buildings of the future.The digital transformation of the real estate industry offers enormous potential, but it also comes with increased responsibility for security. By taking IT and OT security seriously, property owners can ensure a safe and sustainable future for their buildings and the people who occupy them.What do we do at PiiGAB?
At PiiGAB, we continuously work to strengthen cybersecurity in our products – a natural part of protecting the connected buildings of the future. Recently, we have made several important improvements to our gateways: we have upgraded to a new version of the operating system, introduced completely randomly generated and more advanced passwords, and ensured that all passwords added afterwards are encrypted. In the next update, we will also launch support for user management, providing even better control and security.At PiiGAB, we actively ensure that our products and processes comply with current regulations. Therefore, we closely follow both the Cyber Resilience Act (CRA) and the NIS2 Directive, which aim to raise cybersecurity standards within the EU. By adapting to these requirements today, we strengthen our customers’ security. To maintain a high level of security, it is crucial to always use the latest software. Therefore, we recommend regularly updating your gateways. To make this as smooth as possible, we offer PiiGAB Connect – a powerful tool where you can easily manage and update your entire gateway fleet directly from the browser. You don’t have to log in to each device separately; instead, you can quickly roll out the latest security updates and drivers to all your devices simultaneously. Simpler, safer, and more efficient.To further enhance security and availability, we offer smart IoT SIM cards with LTE connectivity. These are connected via a closed APN network, meaning that only authorized users can access the devices – no outsiders get access. Combined with our PiiGAB Connect service, you also get a secure VPN connection to your products, providing a safe and encrypted communication flow – no matter where your devices are located. A complete solution for secure and reliable remote access.Want to upgrade your gateway? Feel free to contact us at support@piigab.se and we will assist you further.Together, we build a safer digital infrastructure – one building at a time.Read more about our latest updates in PiiGAB 900 Gateways software