IoT Security in the Built Environment

Improving O&M and IT Collaboration to Keep Our Buildings Smart and Secure

Internet of Things (IoT) devices are increasingly a standard component of buildings. These devices increase a building's energy performance while decreasing its operational costs. As these sensors are connected to the internet and networked to building technology (such as heating and lights), they introduce potential security vulnerabilities. Although technical solutions exist to counter security issues, implementation of these solutions are often impeded by the challenges that an organization’s Information Technology (IT) staff and a building’s Operations and Maintenance (O&M) staff have when they work closely together and share their knowledge about computer security and how buildings operate. These difficulties arise from different ways of working and different points of view about how technology works. These challenges, in combination with a policy environment that rarely regulates IoT devices, increases risk, leaving buildings vulnerable to attack.

The University of Washington is conducting an NSF-funded research project to address these challenges by studying two critical areas: (1) how O&M and IT groups currently share their knowledge and skills in order to improve IoT security and (2) how public policies and an organization’s own rules regarding privacy and security impact how IT and O&M collaborate. The results of this study will generate knowledge around how IT and O&M professionals can work more effectively together to improve the security of our nation’s buildings and offer insights into how public policy may affect professional cybersecurity collaboration to manage IoT risk.

This project is a part of the Communication, Technology, and Organizational Practices (CTOP) Lab and the Cybersecurity in the Built Environment (Cyber-BE) Lab in the Center for Education and Research in Construction (CERC), in the Department of Construction Management, College of Built Environments. This project is a collaboration between team members representing CTOP/Cyber-BE, the Jackson School for International Studies' Cybersecurity Initiative, and University of Washington's Director of IoT Risk Mitigation Strategy.