Security and building technology

The long lifespan of installed systems is a key aspect of building technology and smart homes. While electrical installations last for decades, IT components such as controllers, touch panels, or surveillance cameras may no longer be up-to-date after just a few years. How can security, durability, and safe operation be combined? This article highlights the biggest challenges and explains the benefits of industrial touch panels with integrated security functions in building technology.

Die Digitalisierung und die durchgehende Vernetzung haben auch die Gebäudetechnik grundlegend verändert. Moderne Gebäude auch bekannt als Smart Home sind heute intelligent vernetzt, von der Heizungs-, Lüftungs- und Klimatechnik (HLK) über Zugangskontrollen bis hin zur Beleuchtungs- und Sicherheitstechnik. Diese Systeme sorgen für vielfältige Funktionen, Komfort und Energieeffizienz bei der Verwaltung und dem Betrieb von Gebäuden – können jedoch auch für erhebliche Sicherheitsrisiken sorgen.

Digitalization and continuous networking have fundamentally changed building technology. Modern buildings, also known as Smart Home, are now intelligently connected, from heating, ventilation, and air conditioning (HVAC) systems to access control, lighting, and security technology. These systems provide a variety of functions, comfort, and energy efficiency for the management and operation of buildings – but they can also pose significant security risks.

Until complete loss of control

Cyberattacks on insecure building control systems and other components in building technology can cause significant damage. Whether it’s manipulation, espionage, or complete failure of the building technology – the functional, security-related, and economic consequences can be severe.

Durable infrastructure vs. short-lived IT

In traditional building technology, many components are designed for decades of use. Electrical installations, heating systems, or access controls are built for long-lasting operation. IT-based systems, on the other hand, which are linked to these infrastructures for control and operation, evolve rapidly.

Challenges from the lifecycle approach:

• Software updates expire: Many IT components no longer receive security updates after just a few years.
• Old protocols persist: Older systems use insecure communication protocols that cannot be replaced or updated.
• Long-term hardware availability: When a manufacturer discontinues a product line, spare parts and support are often no longer available for long.
  
  

Risks from cheap customer components

Another issue is the widespread use of consumer-grade hardware in building technology. Low-cost systems and devices are often used, but their manufacturers do not provide long-term security updates.

Risks from short-lives consumer hardware:

• No long-term support: Updates, if provided, are only available for a few years. Later-identified security vulnerabilities remain unaddressed.
• Outdated security technologies: Cheap systems and IoT devices often use outdated or insecure protocols and default passwords. Configuration and administration are complex, making them error-prone.
• Lack of update capability: Many systems cannot be updated manually or require cloud services that may not be permanently available.
• Data privacy risks: Many "cheap" devices send data to external servers, over which the operator has no control. Moreover, often there is no way to delete the data from the device or cloud once the device is no longer in use.
  
  

Industrial quality vs. samrtphone

Controlling building technology via smartphone has become widespread. In some cases, this is practical. People typically have their smartphone with them, and it has become a universal communication tool.

However, there are important reasons to opt for industrial-quality touch panels to control and operate building technology or a smart home:

Image: tci GmbH; F10A in the heating control

• Fixed, installed touch panels are a closed system on which new apps or updates aren’t installed daily. They also don’t receive a multitude of incoming messages, reducing phishing risks.
  
  
• Fixed installation reduces manipulation risks, while smartphones lying around can easily be used, hacked, or stolen by unauthorized persons.
  
  
• Industrial touch panels are designed for continuous operation, while smartphones must be replaced regularly and no longer receive software updates from the manufacturer.
  
  
• Thanks to their rugged construction, touch panels can withstand environmental conditions such as dust and humidity. They have a permanent power supply and are not dependent on battery levels.
  
  
• Larger displays offer more space to display relevant information and enable easier operation compared to small smartphones optimized for mobile use.
  
  
• Touch panels operate independently of cloud services and can work offline, which enhances both availability and security. There are no distractions from constant notifications or calls.
  
  

Image: luna series by tci

Long-term planning and professional hardware

Security in building technology is a long-term challenge that extends beyond the rapid innovation cycles of standard IT. Durable, updateable systems are crucial to avoid security gaps in building technology. Instead of proprietary solutions, systems with open standards should generally be preferred to allow for future updates. Segmenting networks into small logical units can help ensure that insecure systems and devices do not compromise the entire system.

Passwords, Encryption and Two-Factor Authentication 

Another critical aspect of IT security in building technology is ensuring secure access to computers and control systems. Standard passwords, which are easy to guess or already publicly known, are still commonly used. Instead, secure, unique passwords of sufficient length and complexity should be employed. Password managers can help generate and securely manage strong passwords.

It is crucial that all communications over Wi-Fi are encrypted. Insecure, unencrypted connections can be easily intercepted by attackers, potentially compromising critical control data. Therefore, strong encryption technologies like WPA3 for Wi-Fi and TLS for network communication should always be used.

To further secure access to building controls and user interfaces, two-factor authentication (2FA) should be used wherever possible. In addition to the password, another security component is required, such as a one-time code from an authenticator app or a smart card. This makes unauthorized access much harder, even if the password has been compromised.

Practical example

tci GmbH offers durable touch panels for use in building technology and smart homes that are designed according to the security-by-design approach. With Secure Boot and Trusted Platform Module (TPM), long-term and tamper-proof operation is guaranteed. It ensures that only signed and trusted software is started. Even if an attacker gains access to the system, they cannot load malicious software onto the system.