Enabling Technology That Makes Smart Buildings & Elevators Secure
Enabling Technology That Makes Smart Buildings & Elevators Secure
The world has seen a smarter digital ecosystem that resulted in a progressive digitalisation of elevators and buildings, as observed in the Italian lift industry and the Indian elevator manufacturing industry. Across the world, cloud technology and remote management systems are being widely used to manage digitally transformed buildings and elevators.
However with this progressive digitalisation comes new risks are emerging. The digitalisation of elevators, buildings, and similar infrastructures make these very same facilities prone to cyberattacks. Such is the case of the 2021 Colonial Pipeline ransomware attack, where hackers took over and held the largest fuel pipeline in the US for ransom, resulting in shortages across the country. However, this problem isn’t limited to the US. Service providers worldwide face many challenges in digitalisation efforts. If these services cannot prove how reliable they are, companies may suffer from cyber issues across the whole process chain.
Unfortunately, no regulating body would help companies review their elevator systems and in the area of cybersecurity. In fact, elevator manufacturers don’t require cybersecurity certificates from their suppliers nor are there any recognised best practices to check a digitalised elevator’s security system. Although, IEC 61508, the technical basic standard for programmable safety components of lift directly refers to cybersecurity requirements, there is also no clear ownership of responsibilities or clearly defined legal consequences regarding the digitalisation of elevators.
Thankfully, operators of digitalised elevators are becoming more aware of the importance of cybersecurity. Manufacturers must now realise that they might have liability for incidents involving their products. They should recognise the need for smart maintenance and cybersecurity standards for their digitalised elevators, especially since they can use it as leverage against their competitors.
As a manufacturer, you need to fulfil the requirements of the digitalisation of elevators and facilities. You need to comply with legal conditions regarding data privacy, and the protection of your digitalised elevators’ users. Likewise, you must follow economic requirements, such as information confidentiality and business continuity. You have to make sure that you can successfully run and manage integer interface communications throughout building control systems.
Ensuring that your products are working with topline cybersecurity measures is a must, namely a high Cybersecurity Readiness Index, accessible risk analysis, durable cyber risk mitigation plan, and certification and attestation of compliance to cyber standards. Such measures will allow you to ensure that the digitalised elevators and building systems you’re offering are backed up with cybersecurity services.
Setting a competitive advantage in the industry ensures organisational growth. With TÜV SÜD, you can preserve trustworthiness through our secure IT systems and help your customers with our single-source security solutions. These protect and limit customers’ data availability and lessen security costs. You can manage risks and legal conflicts with TÜV SÜD.
As the technology leader in the lifts and buildings sector, we at TÜV SÜD have an essential understanding of your industry. We are represented in relevant committees, including mandatory and consulting sectors, allowing us to be one step ahead through constantly monitoring upcoming regulations.
In choosing TÜV SÜD as your partner, you are assured of legal security. Risk assessment is mandatory for all manufacturing industries, and it’s essential to assume that legal cases will also look at cyberattacks. As such, we offer legal security from the get-go to protect you from the consequences of cyber accidents.
TÜV SÜD will also be a part of your products’ development processes. We can guide you in choosing the right cybersecurity components to ensure functional safety from the onset. We design our services to ensure that your company can provide a safe and secure elevator and smart buildings with an enhanced risk assessment system.
As TÜV SÜD is not stock listed, we can provide independent Testing, Inspection and Certification (TIC) services, so no conflict of interests ensues with your company. We have established long-standing business relationships, and you can rely on us to be your trusted partner for sensitive topics of the future.
The TÜV SÜD team of industry-accredited experts can provide you with effective implementation processes. Whatever you require for functional safety and security in elevators and building control systems, we can always provide the right specialist to fit your needs with our global network of experts.
We’ve made it our mission to truly understand your pain points so we can come up with the best solutions for your industry. Based on our research, these are the cybersecurity issues consumer products and retail face today:
Digitalising processes and working remotely
To keep up with the rest of the world, you need to implement digitalisation and remote work. But while these have many advantages, such as lower overhead costs, it also comes with risks. First and foremost is the risk of cyber-attacks that may endanger your customers.
Complying with mandatory regulations
When you can check off all the mandatory regulations for your products, you can assure customers that they can rely on you. By conforming to legal standards and protecting your customers, you build trust.
Being aware of cyber threats and their effects
When you lack awareness of the cybersecurity threats in your lifts and building control systems, you won’t anticipate the impact on your organisation. That’s why you need to be aware of any cyber threat and their effects on your supply chain and infrastructure.
Staying updated with mandatory security standards
While there is a lack of universal mandatory security standards for the elevators, you must make sure: that you are able to keep track of relevant changes of standards and that you can comply with them.
Specifying your legal liabilities
As there is no universal standard for the elevators with regards to cyber security, there is also no standard liability terms regarding them. If you can clarify your level of legal liability in case of a cyber accident, you can reassure your customers with safety and security.
Recognising that cybersecurity means investment
Cybersecurity is essential, but it also comes with investment and running expenses. Unfortunately, security is not for free! Once you are able to implement cybersecurity across your building control systems, you will also need to contend with higher costs for keeping the system running with the intended security level. You need to acknowledge that and manage your expectations.
When you partner with TÜV SÜD, we serve as your partner in assessing your elevators and building control systems to ensure that they conform with existing cyber security regulations, helping you build trust with your clients. We will support you with:
We specialise in combining both security and functional safety. We can train your team to learn the ins and outs of the topline lift and building control systems to ensure that they will possess better security awareness and knowledge that will reduce risks in your business. Our training services include but are not limited to:
We conduct enhanced risk assessments to test the resilience and vulnerabilities of your lift and building control systems to recognise the parts where you need improvement. Our assessments include but is not limited to:
We understand how important it is to comply with mandatory regulations and how a certification can assure your customers that you are legally complying with these regulations. We can help you obtain certification for the following:
As a reliable partner in the smart lifts and buildings sector, TÜV SÜD can help you improve what you already have. We can adapt cybersecurity in lifecycle costing scales as an add-on to your existing core business.
Before you even begin the product development stage of your digitalised elevators, we can already help you obtain the Cybersecurity Readiness Index and conduct Cybersecurity Risk Assessment on your product. Once the elevator has been manufactured, we can examine the product with a focus on its cybersecurity.
When an operator commissions your elevator, we can assist you with the commissioning testing to ensure that your product’s cybersecurity runs smoothly. Once your elevator is sold, installed, and operating, we can help you facilitate the periodic inspection of the elevator and its cybersecurity.