The buildings we work, live, and play in are increasingly networked to the internet directly or via private operational information Technology (IT) networks through the introduction of smart devices or Internet of Things (IoT). Implementing IoT into building systems comes with many potential benefits, such as enhanced energy efficiency and thoughtful & purposeful data-driven operations. However, IoT systems and devices also come with risk for owners. IoT devices are vulnerable to security breaches that can lead to device breakdown, device or enterprise data theft, data loss, or even (especially) repurposing large numbers of devices for attacks on other targets. These threats are prevalent and rising. The 2021 Sonicwall Cyber Threat Report announced that 56.9 million IoT malware attacks occurred globally with North America seeing an 152% rise in IoT attacks, the vast majority of which occurred in the education and government sectors. Breaches in IoT cybersecurity can result in heightened financial, legal liability, reputational, healthy and safety, and building operational risks.
For building owners, this is an overwhelming problem. But it can and needs to be addressed. Addressing these challenges requires knowing what questions to ask in order to understand the problem, act strategically, identify critical infrastructure priorities and goals, and approach the implementation and management of IoT as a continual improvement project.
This class will help address the challenges of IoT through providing attendees with an overview of the state of the practice for smart buildings/smart campus cybersecurity and risk mitigation. The goal of this class is to give attendees the ability to ask better questions from vendors, designers, builders, and operators when planning, designing, and operating IoT in the built environment. To achieve this goal, this course will cover key challenges building owners and operators face throughout the building lifecycle as they pertain to different areas of IoT risk and data management. Over a ten week period, this class will help attendees move past the hype of IoT to provide a more nuanced, pragmatic, and cost-effective understanding about the work required to make IoT work and reap the rewards of thoughtful and purposeful data-driven operations.
Week 1: Defining IoT and Introducing IoT Benefits, Costs, and Risks (April 4th 1 pm - 2:30 pm EST)
This first week will focus on defining IoT, and introducing the benefits of IoT as well as IoT cybersecurity risk in the built environment. At the end of this week, students will learn about the multiple forms of risk that IoT introduces for owners and operators (e.g., financial, liability, compliance, reputational, health and safety, operational), learn different definitions of IoT, and define and identify types of IoT systems commonly found in complex built environments, such as smart cities and institutional campuses.
Week 2: Benefits of IoT, or Why Do We Have All These “Things” (April 11th 1 pm - 2:30 pm EST)
This week will focus on what is motivating the increasing integration of IoT devices and the design of IoT systems in the built environment. Topics include energy efficiency and compliance, potential operational efficiencies, enhanced health and safety, and enhanced working and living experiences.
Week 3: Managing the Data Pipeline (April 18th 1 pm - 2:30 pm EST)
This week takes a closer look at the multiple aspects of data workflow for multiple stakeholders. Topics include assessing multiple stakeholder needs and perceptions of value for IoT data, the work behind data collection, management, curation, and governance and forms of data analysis, visualization, and publication.
Week 4: Understanding Threats and Risk Mitigation (April 25th 1 pm - 2:30 pm EST)
This week reviews some of the different types of vulnerabilities, threat actors and threats that require the need for cyber risk mitigation processes, policies, and practices. This week also reviews the challenges that IoT brings that make devices vulnerable and high risk for owners.
After this course, you will be able to:
- Identify major components of an IoT System
- Identify the IoT System life cycle
- Begin to analyze impacts, risks, and opportunities as different phases of the building life cycle & IoT System life cycle intersect
- Begin to be able to ask strong, thoughtful questions of IoT systems providers regarding functionality, performance, and cybersecurity
- Distinguish between IoT Systems vendor/marketing hype and IoT systems, products, and services that have demonstrated actual performance with positive returns on investment
- Discern between ‘what could be possible’ and ‘what is possible’
- Identify the impacts of policy and lack thereof in smart buildings and, by extension, smart cities and smart campuses
- Begin planning for organizational governance, coordination approaches, and resource requirements for IoT operations, maintenance, and repair
ULI Learning Platform