[Draft 1] Summary_Reader_Response: Smart Buildings: “What ‘smart' really means"

In the article “Smart buildings: What 'smart' really means”, Lecomte (2019) states that having certification with standardized metrics is fundamental for smart buildings to wholly emerge in the 'built environment'. Lecomte mentions that the lack of unanimity from various stakeholders has delayed the drafting of standardized rubrics. Hence, private and public sectors design their own metrics to assess smart buildings but their rubrics vary from one another. However, current private and public metrics have been unsuccessful in tackling the complicated and expanding aspect that buildings will perform in ‘smart cities’. Lecomte emphasises that one crucial component to be included in the standardized rubrics would be cyber risk management as cyber threats ‘increase exponentially’ along with more advanced and integrated technology in smart buildings. Lecomte concludes that holistic and reliable 'smart building certifications and rubrics' will be the foundation of a 'functioning market for smart real estate'.

Based on the points elaborated in the article, although Lecomte has discussed about the importance of incorporating cyber risk management in the rubrics, there are other factors that the author fails to discuss the significance of cyber risk management.

                                                                                                                                       

While more smart buildings are popping up all over the world, reducing energy consumption and increasing building efficiency. However, little know about the cyber risks that increase with the increasing smart building. Equipping smart building with the proper security systems would help to minimise and even eliminate potential cyber risks. In the article “Business interruption resurfaces as top business risk in Singapore”, Chan(2019) states that “responders rank cyber as the business interruption trigger they fear most” as cyberattacks can result “in a disruption of operations and services costing hundreds of millions of dollars”. Chan (2019) also gave an example by listing a few companies which have suffered disruption to their logistics line. Marek Stanislawski, deputy global head of cyber, AGCS, quoted “Cyber risk has been a major risk for a number of years but as with any new risk it has struggled with awareness”

Cyber-attacks are causing damages to companies around the world but only a small quantity of companies came forward and disclosed the attacks. In the article “Cyberattacks: Why Companies Keep Quiet”, it states that most companies do not want to reveal the extent of damage due to “possibly scaring off potential or existing customers, damaging their stock value, or incurring potential legal liabilities.”. In my personal opinion, I feel that companies should step up and talk about it since there should not be any reason to hide it from the public or relevant parties. Revealing it will help other companies to look at their cybersecurity system and identify if there are any loopholes. For example, in the article “Uber Paid Hackers to Delete Stolen Data on 57 Million People”, Uber concealed about the fact that their consumer data got stolen for more than a year. “A patchwork of state and federal laws require companies to alert people and government agencies when sensitive data breaches occur.”, but Uber failed to do so on many occasions such as in 2014 for failing to disclose an earlier data breach which Uber was fined for $20,000.

There should be more case study about the cyber breach to explain how the system was breached and identify how to mitigate it. In the article “SingHealth data breach probe reveals ‘blanket’ of basic failings”, it identified the problems SingHealth have in their cybersecurity. There was also a public report “detailing the attacker’s identity and methods” which could assist other company to further enhance their security system The report gave a "blow-by-blow account" which lead to SingHealth leaking 1.5 million data of patients. The article also states the aftermath of the cyber breach and what steps SingHealth have taken to resolve the issues identified. 

In conclusion, there are more plausible ways to raise more awareness and emphasize the importance of cyber risk management. However, care should be taken when identifying cyber risks as different types of buildings face a different type of cyber risks. There should be an identification of the type of building and correspond the different type of risk associated with it. 

538 words

Edited 4/10/2019

Chan, D. (2019, February 4). Business interruption resurfaces as top business risk in Singapore. Retrieved October 2, 2019, from https://www.businesstimes.com.sg/companies-markets/business-interruption-resurfaces-as-top-business-risk-in-singapore.

Lecomte, P. (2019, January 28). Smart Buildings: What 'smart' really means. Retrieved September 25, 2019, from https://www.businesstimes.com.sg/opinion/smart-buildings-what-smart-really-means.

Newcomer, E. (2017, November 22). Uber Paid Hackers to Delete Stolen Data on 57 Million People. Retrieved October 2, 2019, from https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data.

SingHealth data breach probe reveals 'blanket' of basic failings. (2019, January 10). Retrieved October 1, 2019, from https://www.businesstimes.com.sg/government-economy/singhealth-data-breach-probe-reveals-blanket-of-basic-failings