Q&A with Louise Monger: The rapid evolution of building security

In this interview, Louise Monger, Vice President of Digital Buildings, Australia at Schneider Electric, discusses the many vulnerabilities of automated buildings — and what can be done to protect them.

What are the biggest security issues you are seeing in the building automation industry right now?

One of the biggest security risks facing building managers and their tenants right now is data breaches. Encouragingly, we are seeing new laws implemented to hold large organisations accountable for the way they handle personal information. Yet many organisations are struggling to implement efficient and secure systems.

While laws like the GDPR (General Data Protection Regulation) only apply to Europe, the regulation is applicable to anyone processing data for European citizens.

To meet these regulations, organisations are resorting to outdated methods of handling and processing personal information, due to a lack of support for secure integration between systems. For example, passing employee information around on spreadsheets in order to integrate the security systems has become a norm in the industry. It’s safe to say this is not best practice.

Concern for the handling of personal information and potential data breaches is exacerbated by the fact we’re seeing an increase in cyber attacks, both in terms of their frequency and sophistication. Criminals are now using advanced techniques like artificial intelligence, machine learning and automation to carry out targeted attacks, resulting in data breaches, ransomware incidents and, in many cases, huge financial losses.

This is only set to get worse with the proliferation of new tech, which is expanding the attack surface from the growing connectivity of devices and systems. For example, the Internet of Things (IoT), cloud computing, mobile devices and interconnected networks have introduced new avenues for attackers to exploit.

Against this backdrop of increased regulations, data breaches, sophisticated cyber attacks and new technology, it’s imperative that industry leaders take action on their security solutions. It’s never been more important to consider technology and software partners that can develop tailored solutions for end-to-end cybersecurity.

Has the security landscape changed in recent years? If so, what changes have you observed?

The security landscape has undergone significant changes in recent years and continues to evolve quickly where new threats are emerging.

From increased frequency and sophistication of cyber attacks, through to AI-powered security solutions, there have been various large-scale changes to the landscape in the past few years that have completely reshaped the industry.

Aside from AI and increased sophistication of cyber attacks, there are four other huge changes to consider:

1. Supply chain security

Firstly, there is an increased emphasis on securing the software supply chain. Cybercriminals recognise the potential vulnerabilities in the supply chain and target software updates, third-party components and dependencies to infiltrate systems. Incidents like the SolarWinds attack [the hack on a software company that affected thousands of organisations, including the US Government] have highlighted the risks associated with compromised supply chains. This major cyber attack incident in the past two years opened the industry’s eyes to threat actors constantly adapting new strategies as they learn more information.

2. Regulatory changes and data privacy

Governments and regulatory bodies worldwide have implemented or strengthened data privacy and protection regulations. Organisations now face more stringent requirements in handling and safeguarding personal data. For example, the rapid popularity of ChatGPT also made way for conversation around its threats and a review of laws to make AI work in our favour to protect critical infrastructure.

3. Shift to cloud and hybrid environments

The adoption of cloud computing and hybrid environments has introduced new security challenges. Securing data stored in the cloud, managing access controls and ensuring compliance with regulations require specific security measures and expertise.

4. Evolving threats to critical infrastructure

Finally, there is increased recognition of the vulnerability of critical infrastructure systems, such as power grids, transportation networks and healthcare systems, to cyber attacks. Sophisticated threat actors and nation-state adversaries are targeting these systems, raising concerns about potential disruptions and cascading effects.

Overall, there is a growing awareness of cybersecurity risks across industries and society. Organisations are investing more in cybersecurity measures, threat intelligence sharing and collaboration with industry peers, government agencies and cybersecurity communities to better understand and address emerging threats.

Can automation make buildings more secure?

Automation is key to making buildings more secure. Although it’s important to note that while automation can enhance security, it should be implemented alongside robust cybersecurity measures to mitigate potential risks associated with interconnected systems. Regular maintenance, updates and monitoring are crucial to ensuring the continued effectiveness and reliability of automated security systems.

There are various benefits for building automation but there are three core tools to focus on:

Firstly, automation can be utilised for advanced access control systems that enhance building security. This includes the use of electronic access cards, biometric authentication and facial recognition to control entry to restricted areas. Automated systems can track and monitor access events in real time, providing detailed audit trails and alerts for unauthorised access attempts.

Automation is also integral to building security through alarm and intrusion detection. Automated alarm systems can be integrated with various sensors, such as motion detectors, door/window sensors and glass break detectors. These sensors can trigger alarms and activate response protocols when unauthorised access or suspicious activities are detected. At Schneider, our access control system covers the alarm system and intrusion detection, minimising the risk of breaches or intrusions going unnoticed.

Finally, automation can facilitate incident reporting and security analytics by automating the collection, aggregation and analysis of security-related data. By leveraging data visualisation tools, security teams can gain insights into patterns, trends and potential vulnerabilities. This enables proactive security measures and decision-making based on data-driven intelligence.

Does the choice of lighting system have an impact on a building’s security?

The choice of lighting systems can have a huge impact on a building’s security. This is due to the fact it helps to remove basic problem areas. For example, alerting residents to unknown ‘unlocked’ doors which can then be fixed by security experts. Good lighting in public areas of a precinct leading to a building also reduces crime opportunities, particularly for anyone coming to or leaving an office space.

Lighting can also help in conjunction with security monitoring of public parks under buildings, further increasing user safety confidence.

Louise Monger is Vice President of Digital Buildings, Australia at Schneider Electric and a member of the executive zone Pacific team. With over two decades of experience in electricity and real estate tech, she brings a high level of commercial, operational and technology expertise to Schneider. A respected thought leader in the real estate technology industry, she has spoken on many panels both domestically and internationally and is also a known voice on diversity and inclusion in the industry.

Image credit: iStock.com/hamzaturkkol