Nicolai Solling

DUBAI, UAE, 28 April 2020: Facility managers and property owners in the Middle East need to start taking the maintenance of control systems as seriously as the maintenance of the actual assets in the building, said Nicolai Solling, CTO, Help AG, who believes there is a massive need to educate stakeholders in the building sector in this regard. “The real issue is that many of the IT systems supervising buildings are not seen as critical elements of the building,” he said. “But, as we move towards more and more automated buildings to deliver more efficient operations, the supervisory systems become increasingly critical.”

Solling pointed out that most buildings in the UAE today utilise solutions such as building management systems (BMSes) and that the level of complexity and digitalisation of these systems varies greatly with the age of these properties. “In large malls, for example, controls for air conditioning, video surveillance as well as for fire and life safety are no longer manual – instead, these are orchestrated by fully automated systems,” he said. “While you may think you are just pressing a button in your elevator, there is most likely a computer somewhere supervising the lift, air, lights, water, cooling and emergency systems of the building.” Solling said that unfortunately, many property owners and building management organisations have a ‘set and forget’ approach to these systems. “But, as with any technology solutions, these systems need to be maintained,” he said. “When we are dealing with IT systems, the angle of cybersecurity is something that needs to be maintained the same way as lifts go through periodic maintenance and inspections. They require regular updates, patching and vulnerability assessment. Having critical building functions dependent on centralised surveillance networks that are regularly hardened against new exploits and vulnerabilities ensures that these systems are operating correctly for the wellbeing of the people living in the building.”

In the current market, Solling said, cybersecurity is not high on the agenda of the construction industry. “Even today, most BMS systems and other control networks in buildings are implemented by organisations that aren’t cybersecurity or IT experts,” he said, adding that this can lead to a number of costly problems. Pointing to the 2013 data breach of Target Corp, as an example, he said, “The breach, which ultimately cost the retailer US 18.5 million in settlements, was achieved due to the exploitation of vulnerabilities in systems not owned by Target itself, but rather by the company in charge of the maintenance of its HVAC systems.”