skip to Main Content
Building IOT And Cyber Security – The Next Frontier?

Building IOT and Cyber Security – The Next Frontier?

Quality, Consequences and the Construction Industrial Complex (part 179).   

Is the built environment plus “IOT” an opportunity for cyber security firms such as Palo Alto Networks? 

Current State of Play

Big players such as Siemens, Honeywell and Johnsons dominate building automation. They are increasingly providing one stop, integrated solutions for BMS / BAS / Security / Life-Safety / Fire Protection via a fibre optic back bone. However, integration of multiple 3rd party propitiatory systems, in my experience, can be an issue. 

On new buildings the big players go in at cost or below cost to ensure they lock in their proprietary systems for the 20 to 30 year life of the building. Once they have the maintenance contract they make “bank” due to the lock in of their proprietary system and equipment. This is possible because property development rewards “first costs” focus. Running costs are the “other guys” problem. 

I believe cyber security threats via networked building automation are real and increasing. In my experience BMS / BAS login, credentialing and verification protocols are non-existent for building operators. IMHO, any building I have worked on in the last 10 years could be hacked in minutes. 

Currently, IOT is a trendy buzz word in the building sector. If you believe the IOT “buzz”, in the next 5 years IOT devices could be deployed in buildings at an exponential rate. However, IOT devices are a gateway for bad actors to hack building systems. Therefore cyber security risks could increase at an “exponential rate” due to:

  • Rapid deployment of building IOT devices
  • Continuing increase in hacking activities by bad actors and state sponsored cyber warfare teams

Potential Market Sectors

I believe the built environment is a massive opportunity for cyber security firms but some sectors will be difficult to sell to due to owner indifference. 

The main building market sectors can be ranked based on their mission criticality: 

1. Nuclear power plants

2. Other power generation plants

3. Date centres

4. Bio-hazard Labs

5. High security government buildings

6. Infrastructure such as airports

7. Hospitals 

8. Offices

9. Hotels

10. Residential

The above can be further split between new construction and existing buildings. For every 100 buildings ~ 1 is new and 99 are existing. However, there is a dichotomy:

  • New construction has the advantage of approved budget but everyone involved is rewarded for cutting costs and has zero post occupancy interest. 
  • Existing building operators care about long term issues such as mission critical up time and IT Security but tend to have under funded budgets. 


IOT sells potential to manage buildings based on data i.e. IOT sells:

  • Measurement for management solutions.
  • Optimization potential based on real time measurement.
  • Data harvesting.

In the long run, IOT is selling FOMO. Fear of not being able to optimize and lower operating costs like the other guy. IOT is also selling the possibility of running a building autonomously i.e. a 90% reduction in the FM team.

Cyber Security Firms sell based on fear i.e. they sell:

  • Risk management solutions.
  • Defence plus operator control.
  • Peace of mind for uptime in mission critical buildings.

I also believe that in the future blockchain solutions will be used to:

  • Objectively record data from IOT for billing and contractual service level agreements. 
  • Objectively document cyber breeches for the record and remove the possibility for “mischief” in covering up cyber attacks.

It all comes down to a game of consequences. As attacks increase the potential costs increase and in the end, governments take notice and start to legislate. Think about the legal requirement in the USA for firms to notify users of any data breach. One day this will be extended to important buildings and infrastructure. 

I think opportunities for cyber security firms rank as follows: 

  • Cyber security firms should focus on building sectors 1 thru 7.
  • Sectors 1 thru 5 are where the money resides. 
  • Sector 8 only has opportunities with AAA office buildings.
  • No one cares about sectors 9 & 10.

Ultimately, to sell cyber security to new or existing buildings you have to get to board level people who worry about risk related to their financial health and personal reputations. 

Is the built environment plus “IOT” an opportunity for cyber security firms such as Palo Alto Networks?  I say YES!

Twitter: @BLDWhisperer

Related posts & links

#106 – The “Who Cares” Building Index ( )

#163 – Amazons Housing Play ( )

Edifice Complex Podcast


Podcast on YouTube: 

Podcast on Facebook:

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top