Smart phone showing security code input screen
Smart phone showing security code input screen

Is Your Energy Management System Cyber Secure?

17 December 2020

Great news! But, proceed with caution is our advice.

IoT is everywhere, from boilers to heavy industrial plant and machinery, HVAC and lighting – they can all be connected to the internet to enable remote control, management and maintenance. All with energy efficiency, operational productivity, wellness and cost reductions in mind.

Simply hooking up these devices – and many more including electric vehicle (EV), renewable technologies such as solar PV and battery storage for those businesses employing off-grid technologies – to the internet and walking away is not the answer.

With 75 billion connected devices expected worldwide by 2025, exposure to IoT attacks is only likely to increase.

What IoT can do for business is endless and evolving:

  • digital technology like our CODA system can unlock otherwise untouchable energy savings opportunities
  • track and control energy use across an entire building or site 
  • cut energy use in commercial buildings and generate payback in just a few months
  • increase efficiencies and reduce costs

On the flip side, however, unsecured networks are the breeding ground for cyber-crime. IoT devices are not immune. According to Gartner, nearly 20% of organisations have experienced at least one IoT-based attack in the past three years. IoT vulnerabilities can range from data breaches to malicious attacks from malware software.

The increasing concern that many internet-enabled devices lack security features has brought IoT front of mind for the UK government. Often the most innocuous connected device provides a gateway to other private segments of a network. The government is now developing laws that require manufacturers to ensure these devices cannot be hacked.

Under the proposed laws, manufacturers would have to:

  • ensure all internet-enabled devices have a unique password
  • provide a public point of contact so anyone can report a vulnerability
  • state the minimum length of time a device will receive security updates

Businesses must take the right precautions to prevent cyber-attacks on their IoT architecture:

  • ensure suppliers of IoT devices and systems have built security in from the very start; that it’s engineered into the very heart of the systems and infrastructure they are installing. They’re not simply creating and rapidly deploying IoT devices to gain market share.
  • ensure advanced encryption though all devices from the central hub through to wired and wireless modules, including installation and connectivity to IT networks as well as 3G/5G communication channels.
  • ensure they adhere to or are working towards ISO27001 policies and procedures

At CODA we have engineered security measures into our CODA systems and peripheral devices right from the initial design stage. We also undertake penetration testing of our systems and devices.

The future shows that IoT security laws will hold device manufacturers accountable and businesses themselves will need to accept responsibility for security weakness within their own IT architecture. With proactive security defences in place and a trusted IoT partner like CODA, businesses can put their best foot forward in light of cyber-attacks.

For more information or to find out how the team at CODA can help you, please call us on +44 (0)345 241 2889 or email