Interview with Dr. Stefan Hardt:
Cybersecurity in buildings is an important issue

MeteoViva GmbH’s entire IT and business processes were certified according to ISO 27001. Dr. Stefan Hardt, spokesperson of the Management Board, on the motivation behind the certification, the results and MeteoViva’s new information security system.

Since May, you are ISO 27001 certified. This is a testament to MeteoViva GmbH’s high level of information security. What do you expect from this certification?
As a smart data provider, this is an essential part of securing the future and further expansion of our business. In an increasingly connected world, in which the demands on IT security and data protection are constantly increasing, clients want to know that they have a reliable partner at their side. We offer our customers this security. In addition, with this certification, we gain access to new markets. Especially for customers involved in critical infrastructures - public authorities, public utilities or airports - ISO certification is something like a driver’s license. Nothing works without it.

Simply put, you are a provider of smart data. You receive data from a building, process it along with external data, optimize it and deliver improved control data to the building. How do you ensure that the process remains immune to a cyber-attack?
In the course of this certification, we have broken down every process in every department of the company into their individual components and identified all critical areas. We reviewed them one by one, and took action wherever necessary. At the same time, we developed our own Information Security Management System (ISMS). The ISMS provides the framework in which we implement and control information security within the organization. This includes the ongoing analysis and evaluation of possible new risks and threats. Everything follows the motto: "Know your risks. Deal with them."

How is IT security guaranteed when you send smart data to buildings in other European countries and in the USA?
We do not distinguish between Germany and other countries in terms of data security. Regardless of their geographical location, the building simulations and generation of smart data takes place in our ISO 27001-certified data centers in Germany. In Germany our technical and legal standards guarantee a high level of security. In addition, Europe has the highest data protection standards in the world. Our customers outside Europe appreciate this security as well. They know that their data is in safe hands.

Where do you see the biggest security challenges for smart buildings now and in the future?
Wherever there are no established structures and standards. This is the case with IoT devices that are installed in buildings. The technically feasible currently outpaces the technically meaningful. And this is where new entryways for hackers are potentially created. Cybersecurity in commercial buildings is an important topic, because besides the indoor climate, IT systems can also control security and safety systems such as building access, elevators and fire protection. We will be able to keep up with all new requirements in this area. We actually are at the leading edge with the ISO certification.