Connected building automation systems increasingly serve as targets for cyber-physical attacks, accelerating a sector-wide focus on security-by-design, threat intelligence integration, and standardized defense measures. According to a recent Kaspersky ICS CERT report, building automation systems ranked among the most attacked operational technology (OT) sectors in Q1 2025, with malicious objects blocked on 25% of industrial control system (ICS) computers worldwide. The biometrics sector led with 28.1%1Biometrics and building automation systems were the most attacked operational technology sectors at the beginning of 2025. The scale of these threats is prompting regulatory and industry groups to respond.
Background
Cyber-physical system incidents have demonstrated significant operational impacts. The Swiss National Cyber Security Centre (NCSC) highlighted a July 2024 sabotage that disrupted heating for approximately 600 residential buildings in Ukraine through malware delivered over the Modbus protocol26 May 2025 | National Cyber Security Centre NCSC. A Claroty report found that 75% of organizations operate building management systems (BMS) with known exploited vulnerabilities (KEVs), and 50% use systems with unsecured internet connections frequently targeted by ransomware groups3Building management systems affected by vulnerabilities - B2B Cyber Security. These incidents underscore the need for cybersecurity integration at the earliest stages of building system design.
Details
During the Swissbau 2026 trade fair, January 20-23 in Basel, the NCSC and the Swiss Society of Engineers and Architects (SIA) held sessions on implementing secure-by-design principles in software development, structured emergency response, and clarifying supplier obligations in construction and real estate4The NCSC and SIA put cybersecurity in the spotlight at Swissbau 2026. Industrial trends reflect this shift: Rockwell Automation's 2026 "State of Smart Manufacturing" report cited secure-by-design hardware as a priority, with 31% of manufacturers aiming to reduce OT risk through embedded security controls such as controller-level access rules, signed firmware, and onboard telemetry, reinforced by disciplined lifecycle management and procurement protocols5OT Cybersecurity 2026: Six Data‑Driven Trends from the State of Smart Manufacturing Report | Rockwell Automation | FI.
Standardization efforts are advancing. The IEC 62443 series provides key guidelines for cybersecurity in industrial automation and control systems (IACS). The forthcoming European Cyber Resilience Act (CRA) will require risk-based secure-by-design approaches by mid-December 2027, with harmonized standards expected by late 2026 to guide implementation6Secure by Design macht Fabriken immun gegen Cyber-Attacken.
Outlook
Facility managers, systems integrators, and building owners are increasingly expected to specify security measures in procurement-such as secure-boot and signed firmware-and to integrate threat intelligence into operations. With CRA enforcement nearing, the industry is moving from reactive defense to proactive, embedded cybersecurity. Secure-by-design is poised to become fundamental to safe, interoperable, and resilient building automation systems.
