Smart Buildings | Establishing Trust with IoT Security

Skip to content

The following article is written by our partners at Embedded Planet as part of our “In Conversation With…” series.

Now more than ever, we all want to make the most of the space available to us. At home, we might remodel the bathroom or extend the kitchen. In a commercial setting, the work could extend to reconfiguring a retail space or refurbishing several floors of an office block. With digital transformation on the horizon, emerging technologies enable us to focus less on the bricks and mortar and more on managing and optimizing our indoor areas in less visible ways.

In fact, an increasing number of business leaders now see the value of using Internet of Things (IoT) devices to provide data and insight into the indoor environment. These new smarter spaces are often called ‘connected spaces’. So, what are the benefits of these new spaces, and what hurdles do we need to overcome?

The IoT is Changing the Way We Manage Our Buildings

If sensors are installed in buildings to monitor temperature, humidity, air quality, or lighting levels for example, they can help owners or occupiers in a number of ways including: saving energy, improving efficiency, optimizing space, enhance the customer experience and of course, reducing cost.

At Embedded Planet, we’re lucky enough to work closely with lots of partners, including one property owner who wanted to remotely monitor their vacant buildings. Our technology was installed to capture temperature and humidity data, and alert the owner to fluctuations in it, which are signs of potential problems. The owner was able to act on the information and detect a leaking pipe before it caused damage. That meant it could avoid an expensive and time-consuming clean-up.

In this case, connectivity provided considerable benefits, but temperature and humidity sensors are also well-known targets for hackers and can be used to create disruption. In this example, if security is not implemented correctly, hackers could stop a device from reporting damaging conditions, such as poor air quality, to property managers. Or, they may tell the product to report a problem that doesn’t exist in reality. That means the building’s tenants will be adversely affected by a potentially unsafe living or working environment or time and resources will be invested to address an issue unnecessarily. On top of this, the devices could be used as a ‘way-in’ the wider enterprise system, which could have a whole host of problems.

In all three scenarios, the problems generated by the compromised IoT device and its unreliable data would also have an impact on our customer’s reputation and bottom line. In fact, this was a reality in October 2016, when hackers targeted vulnerable property management systems in Finland. Residents of two apartment buildings were left in the cold when a distributed denial-of-service (DDoS) attack on the internet-connected heating system caused it to fail.

Trusted Devices Generate Trusted Data

If we’re going to maximize the opportunities for device makers and promote the widespread adoption of IoT technologies in this sector, we need to build our customer’s trust in the products we’re developing and in the data they generate. Building owners and managers must be assured the data we’ve captured is genuine, the problems that have been identified are real, and the intelligence they’re basing their solutions on is robust.

Sensors are becoming more sophisticated and that means we can offer organizations deeper insights into their operations. But as we improve the capability of our devices, we’re also giving hackers more opportunities to take advantage of any vulnerabilities.

Our experience tells us that customers want to benefit from technologies that provide insight and offer a seamless and touch-free experience. So, how do we continue to innovate without exposing them to risk?

Multiple Trusted Components Coming Together

At Embedded Planet, we help our customers develop and maintain devices that provide building management information. Our Biblios wireless module, for example, is a versatile solution for anyone who wants to help their customers maximize the potential of the IoT. It acts as a standalone edge node or a data aggregator and features cellular, LoRaWAN, WiFi, and Bluetooth connectivity as well as a number of onboard sensors. That means it can be deployed in a diverse range of scenarios.

Importantly for us and our customers, it was designed with security at its core. The platform is powered by the Infineon PSoC™ 64 secure microcontroller and utilizes the Arm Mbed OS operating system, both of these components are PSA Certified. The Pelion Device Management Platform helps us ensure our device and the data are secured and accessible.

This enables us to offer our customers peace of mind because they know the devices they’re deploying have security built in – and they don’t have to take our word for it, as the foundations we’ve built our platform on and the platform itself are PSA Certified.

This framework and assurance scheme enable us to build on the experience and reputation of well-established partners and address security at the outset. Adding industry-leading protection during production would be near impossible.

See how we built trust in our devices in this video:

Establishing Trust Now Creates More Opportunities in the Longer Term

The foundation of trust will help us to unlock many other key benefits, including:

Be Prepared for the Next, Big Step Forward

IoT devices are generating unprecedented volumes of data and the potential applications of it remain largely untapped. Some of the more obvious uses include breached thresholds but there are hidden patterns in enormous data sets that are not currently visible and could be soon.

Machine learning will enable massive amounts of remotely collected data to be processed and turned into unique insights. That will generate efficiencies and drive economic activity in ways we can only imagine.

Together, the IoT and machine learning will enable extraordinary achievements – if we have established trust in the devices and the data that underpin it. It’s forward thinking – and critical – that we do that now.