IT and OT security in buildings 

The property sector is undergoing a rapid digital transformation. More and more systems in our buildings are being connected and integrated to increase comfort, improve energy efficiency and offer new services. These developments are blurring the line between traditional IT, which manages information and data, and OT, the operational technology that controls the physical processes in the building. This fusion creates a more complex security environment where threats can come from unexpected places and have unexpected consequences. 

OT in property: the invisible nervous system 

In modern buildings, OT systems are the backbone that keeps many critical functions running. These include heating, ventilation and air conditioning (HVAC) control systems, lighting systems, access control systems, lifts and fire alarm systems. These systems, which were often isolated in the past, are now being networked to enable remote monitoring, data analysis and smarter control. This connectivity brings great benefits in terms of efficiency and ease of use, but it also introduces new vulnerabilities that need to be addressed. 

Why is integrated security so critical? 

Traditionally, security in buildings has focused on physical protection measures such as locks, alarms and surveillance cameras. In the digital era, this is no longer enough. A cyber attack can potentially compromise the entire functionality of a building, from switching off the heating in the middle of winter to manipulating access control systems. The consequences can range from financial losses and operational disruptions to, in the worst case, jeopardising human safety. 

Protecting these integrated systems requires a holistic approach to security where IT and OT are not seen as separate domains but as a coherent whole. It is about understanding how an intrusion into an IT system can potentially be exploited to affect OT systems, and vice versa. 

The multifaceted threats 

The threat landscape to property IT and OT systems is complex and constantly evolving. Some of the most common and worrying threats include: 

• Ransomware: Criminals can encrypt critical systems and demand a ransom to restore them. This can paralyse important functions such as energy management or even access control systems. 

• Sabotage: State actors or others with malicious intent may try to cause damage by manipulating or shutting down key systems. In a country with a cold climate, this can have serious consequences if, for example, heating systems are knocked out during the winter. 

• Data breaches: Unauthorised access to networks can allow the theft of sensitive data, such as energy consumption, tenant information or even blueprints and system configurations. This information can then be used for blackmail or other criminal purposes. 

• Denial of service attacks (DDoS): By overloading systems with traffic, attackers can cause disruption and make essential services unavailable. 

The way forward: a proactive security strategy 

Building robust IT and OT security in buildings requires a strategic and proactive approach. Here are some key components: 

• Thorough mapping and risk analysis: The first step is to identify all connected systems and the data they handle. Next, you need to analyse potential threats and vulnerabilities to understand which risks are most acute. 

• Segmentation of networks: Separating different systems into logical network segments can limit the spread of a possible attack. If one system is compromised, segmentation prevents the attacker from easily reaching other critical parts of the building's infrastructure. 

• Implementation of security measures: This includes firewalls, intrusion detection systems, strong authentication and regular patching of systems and software. 

• Monitoring and logging: Continuous monitoring of network traffic and system logs can help detect anomalies and early signs of an attack. 

• Education and awareness: People are often the weakest link in the security chain. Educating staff and tenants about cybersecurity risks and how to avoid them is crucial. 

• Incident management plan: Having a clear plan for responding to a security incident is important to minimise damage and quickly restore normal operations. This includes procedures for identification, isolation, decontamination and recovery. 

• Interaction between IT and OT: To effectively manage the security of integrated systems, it is important for IT and OT departments to collaborate and share knowledge. Often, these teams have different expertise and perspectives that complement each other. 

From reactive to proactive 

Many property companies are still in a reactive mode when it comes to cybersecurity, taking action only after an incident has occurred. The move to a proactive security strategy, working continuously to identify and mitigate risks before they are exploited, is crucial to protecting the future of property. 

The digital transformation of the property industry offers huge potential, but it also comes with increased responsibility for security. By taking IT and OT security seriously, property owners can ensure a safe and sustainable future for their buildings and the people who occupy them. 

What do we do at PiiGAB? 

At PiiGAB, we are continuously working to strengthen the cybersecurity of our products - a natural part of protecting the connected buildings of the future. Recently, we have made several important improvements to our gateways: we have upgraded to a new version of the operating system, introduced completely randomly generated and more advanced passwords, and ensured that all passwords added afterwards are encrypted. In the next update, we will also launch support for user management, which provides even better control and security. 

At PiiGAB, we work actively to ensure that our products and processes comply with current regulations. Therefore, we carefully follow both Cyber Resilience Act (CRA) and NIS2 Directive, which aims to improve cybersecurity in the EU. By adapting to these requirements today, we are strengthening our customers' security.
In order to maintain a high level of security, it is crucial to always use the latest software. That's why we recommend you regularly update your gateways. To make this as smooth as possible, we offer PiiGAB Connect- a powerful tool that allows you to easily manage and update your entire gateway inventory directly from your browser. You don't have to log in to each device separately, and can instead quickly roll out the latest security updates and drivers to all your devices at once. Easier, safer and more efficient. 

To further strengthen safety and accessibility, we offer IoT smart SIM cards with LTE connectivity. These are connected via a closed APN networkwhich means that only authorised people can access the devices - no outsiders can access them. In combination with our service PiiGAB Connect you also get a secure VPN connection to your products, providing a secure and encrypted communication flow - no matter where your devices are located. A complete solution for secure and reliable remote access. 

Do you want to upgrade your gateway? Please contact us at support@piigab.se and we will help you further. 

Together, we are building a safer digital infrastructure - one property at a time.