SPAC® NEWS
SBA, new member of the SPAC® Alliance
“ Because of its connectivity, more than ever, a Smart Building needs to ensure the best practices in terms of cyber and physical security. ”
Lidia ZERROUKI, Generale Delegate, SBA
Alexis PEREZ, Head of Digital Domain, CERTIVEA
Created in 2012, the Smart Buildings Alliance works every day to make Smart Buildings an asset for local authorities, businesses and occupants. It works with the CERTIVEA certification body.
Presentation of your business / key figures / areas of development
Lidia ZERROUKI & Alexis PEREZ : The Smart Buildings Alliance was established in 2012 to assist local authorities, businesses and tenants. It supports all players in the real estate value chain in their efforts to make responsible digital strategy a force in the environmental transition. The SBA is open and unique in its multidisciplinary and diverse 400 member companies and organizations. Its actions are structured around 3 pillars: Smart Home (individual and collective housing), Smart Building (commercial buildings) and Smart City (smart cities and regions).
For over 11 years, the SBA has been a strong advocate of a responsible digital strategy, supporting technological neutrality while promoting systems interoperability, the pooling of equipment and infrastructure, and data openness, availability, quality, security and governance. With over 20 committees and working groups, it brings together all trades in a collaborative approach to develop frames of reference, approaches and innovative solutions.
Together with the certification body, CERTIVEA, the Smart Buildings Alliance is behind the Ready 2 Services (R2S) frame of reference and its subsequent versions (Residential R2S, R2S 4 Care, R2S Connect, R2S 4 Grids, R2S 4 Mobility, etc.), along with the BIM for Value frame of reference. The alliance relies on regional chapters working closely on the ground, and also has an international reach with SBA entities in various countries.
What challenges do you face in terms of security?
Lidia ZERROUKI & Alexis PEREZ: Today, security is inseparable from connectivity. No one (developers/landlords, tenants or managers) will invest in Smart Buildings if the sector is not able to use better standards to enhance security. The stakes are high, for:
-
GDPR compliance for the protection of personal data
-
Security to combat cyber or physical intrusions (malicious acts, seizing control of centralized management systems for boiler rooms, air conditioning, elevators, etc.)
-
Security of facilities to guarantee efficient control and maintenance of the various connected systems.
The SBA’s goal is to integrate security requirements that comply with French and European regulations into its R2S framework.
Why did you join SPAC® and its ecosystem of European players?
Lidia ZERROUKI & Alexis PEREZ: Making a building “Smart” means making it connected. This implies the installation of more and more IoT equipment. And the larger the IoT ecosystem, the larger the attack surface. Because of its connectivity, more than ever, a Smart Building needs to ensure that best practices for security are applied and adapted to the different types of buildings or systems. Joining the SPAC® Alliance, a federation of physical and logical security players, was therefore an obvious choice.
What’s more, thanks to its close ties to ANSSI, one of its founding members, and other institutions such as the European Commission, the SPAC® Alliance enjoys genuine credibility with all Smart Building players.
Becoming a member of the SPAC® Alliance also means that we can include top-quality players in our committees and working groups. For example, as interoperability is a major issue for SBA, a committee dedicated to Networks and Protocols will soon be relaunched. This committee will include Mickaël Wajnglas from the SPAC® Alliance and Didier Poiraud from STid (who is also Deputy General Secretary of the SBA). Their presence will enable us to benefit from their expertise and vision. What the SPAC® Alliance and STid have achieved by bringing together the entire security market (institutions, end-users, design offices, manufacturers, integrators, installers, partners and competitors) around a protocol that has become a standard, is a real example for us to follow.
Finally, joining the SPAC® Alliance means benefiting from a reliable technological and regulatory benchmark, on a French, European and international scale.
What benefits can the SSCP® communication standard bring to the security market?
Lidia ZERROUKI & Alexis PEREZ: Digital security is an increasingly important issue. In 2023, for the second year running, the Allianz Group’s annual risk barometer placed cyber incidents and business interruption at the top of major business risks. Research firm Asterès has calculated the average cost of a cyber-attack at €59k, rising to an average of €225k excluding ransom for large companies.
With the R2S label, we are mainly interested in the general services network (BMS, access control, video surveillance, etc.) so that a building can easily provide a variety of digital services (energy, comfort, security, etc.). These networks are considered less sensitive than tenant networks, but in the event of cyberattacks they can cause a number of malfunctions. More and more equipment can be connected to general services (electric vehicle charging stations, automation and control systems with the widespread use of BMS, smart objects, etc.), connected to the Internet or even linked to tenants’ IT networks. This makes these networks all the more sensitive, and therefore all the more important to secure. Imagine in the future if there were malfunctions in server room temperature control... Imagine if access control let anyone through, if video surveillance cameras could no longer be viewed...
Buildings are increasingly the target of hybrid attacks, where the aim is to carry out a physical intrusion first, and then more easily carry out a cyber-attack. There are also “man-in-the-middle attacks” (MITM), where a hacker positions themselves between two items of equipment, such as the badge reader and the concentrator, with the aim of retrieving data for replay or deletion.
Hence the interest in developing standards such as SSCP®, which was historically designed to secure the communication of access control equipment. Using the end-to-end encryption offered by the SSCP® protocol protects against attacks during this phase of digital communication.
One of the aims of the SBA’s work is to promote “non-proprietary”, interoperable and standardized protocols, so that items of equipment in a building can communicate more easily with each other, allowing services to emerge. So, it is good news to see the development of a sovereign European standard certified by ANSSI like SSCP®!
What is the importance of certification (and/or standardization) in the security market?
Lidia ZERROUKI & Alexis PEREZ: As a think-tank, the SBA has produced a large number of best practices over the past 11 years. The challenge is to make them known and to deploy them.
This is what CERTIVEA is doing, in close collaboration with the SBA, by developing frames of reference and labels to anticipate future regulations and apply best practices that will enhance buildings.
As a certification body, we are obviously convinced of the importance of certification and labeling, particularly in the building sector.
With this in mind, the SBA and CERTIVEA have created the R2S label. The aim is to certify the digital qualities of new buildings, those undergoing renovation and those in operation. We use independent third-party audits to assess a number of issues, such as connectivity, Smart Network design and operation, interoperability, digital security, human organization and the digital services the building can deliver (energy monitoring, air quality measurement, etc.).
In this frame of reference, digital security is therefore an issue in its own right - more digital technology in buildings means more digital security. For example, we assess the authentication of equipment that wants to connect to the Smart Network, network segmentation with existing VLANs, data encryption or the presence of hardware and software update procedures. At a time of cyberattacks that can paralyze businesses, and global competition between companies, it is essential to protect oneself and adopt security standards validated by all market stakeholders.