What is the value of security? We humans value security enough to go to the trouble of building these structures around us. Security from the sun, rain and cold that our bodies seem so ill equipped for. Security for us and our things from others that want to watch, steal from or harm us. Security to have our own piece of the earth without fear of imposing governmental intrusion. Part of the value of real estate is security.
Security isn’t only a physical thing, though. The digital structures that we have built are arguably even more prone to breaches in security than our built environment especially as our physical and digital worlds become increasingly interdependent. When a huge security breach at Yahoo was discovered it lead to a $300 million price cut on their $4.8 billion sale price to Verizon. According to the tax records, this is almost 100 times what it would have cost if their 181,000 sq ft headquarters was rendered unusable. Yahoo is a company built on code, so it follows that a breach of their data would be detrimental to their value. But, companies built around physical assets might be just as susceptible to loss due to cyber security breaches.
Back in 2010 inspectors at Iran’s Natanz enrichment facility noticed that centrifuges used for enriching uranium were failing at a suspiciously high rate. Five months later, a computer security firm called in to troubleshoot a computer crash found a group of malicious files on the system. What was uncovered was called Stuxnet and has been called the world’s first digital weapon. Rather than be merely a data thief or marauder, Stuxnet was designed to cause destruction to the physical world that the affected network controlled. It was programmed to wait until conditions were just right and then manipulate the pressure inside the centrifuges, destroying them and the enrichment process they were facilitating. It is believed that this program was created to disable Iran’s nuclear capabilities, so the intentions were seen (at least by some) to be valiant. But nothing is stopping a similar, malicious, type of file from creating destruction by manipulating physical processes.
Connecting the built world to the internet has created a number of security challenges. Now, there are many independent devices that need protecting, not just a single main frame. These device are often from different OEMs and have unique protocols. Unprotected devices can be used in DDoS (denial of service) attacks, which can take down websites by flooding them with connection requests. This article estimates that there will soon be more IoT devices in the world than people. A property’s devices can be turned against itself, this month a university was attacked by its own vending machines and street lamps. I am sure the next time the dean asks the boosters for extra money for IoT modernization, there might be a little more pushback.
Another challenge is the growing personalization of data. Employers and retailers are increasingly able to identify individual building users and track their every movement. Being able to know where someone is at any given time could be very dangerous in the wrong hands.
Merely installing antivirus software is not a proactive solution. Much like the flu shot, antivirus updates are created to detect malware that has already been identified somewhere else. Infections these days are getting much better at staying unnoticed. Yahoo suspects their security breach lasted for months, stealing an unknown amount of data before they caught on. The better solution is to design the system to be impervious to attacks using Virtual Private Networks (VPN) and a well thought out series of firewalls. All this can be a lot for a property manager and often hiring a dedicated IT department is cost prohibitive.
One of the biggest IoT security providers is Symantec, partnering with Norton to secure almost every thinkable vertical. For more real estate centric solutions, a boutique business technology solutions firm like IBS can provide custom security solutions. When IBS launched operations in 1979, the use of computers in small to mid-size company operations was virtually nonexistent. Today even the smallest property management teams rely on the exchange of data over a variety of networks, all of which are susceptible to cyber attacks if they don’t take precautions.
This is an exciting time for problem solving. Advancements in artificial intelligence has allowed for a number of breakthroughs to humanity’s enigmas. But, this same computational power is also applied to the age old desire to take someone else’s stuff. Weaponized AI might not look like a bodybuilding Austrian, like the movies of my youth suggested, but instead a small piece of code that is able to travel through cyberspace with impunity, either unspotted or immune to the digital antibodies created to destroy them. With the increase in infectable devices, increased viral sophistication and high collateral damage.