Authors : Imran Muhammed Awwal; Jamiu Lateef

Volume/Issue : Volume 10 - 2025, Issue 12 - December

Google Scholar : https://tinyurl.com/4h29f3vp

Scribd : https://tinyurl.com/yee8864n

DOI : https://doi.org/10.38124/ijisrt/25dec1366

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : The proliferation of Internet of Things (IoT) devices within smart buildings has enabled significant advancements in operational efficiency, energy management, and occupant experience. This integration, however, converts modern buildings into complex cyber-physical systems (CPS), introducing a new class of vulnerabilities at the intersection of the digital and physical realms. This paper presents a narrative-critical review of the dual challenges confronting these environments: cyber-physical security and system interoperability. A taxonomy of threats is presented, highlighting attack vectors that range from data exfiltration to the physical disruption of building operations. Concurrently, the review investigates the pervasive issue of interoperability, where a fragmented ecosystem of proprietary protocols and data models creates systemic inefficiencies and profound security gaps. This paper critically analyzes current technical and architectural solutions, including AI-based intrusion detection, blockchain, middleware, and digital twins, evaluating their efficacy in addressing these intertwined challenges. This review's core contribution is the synthesis of these domains, arguing that the lack of semantic interoperability is an architectural flaw that precludes the effective deployment of modern security paradigms and that the systemic skills gap presents a non-technical barrier as significant as any technical challenge. The analysis culminates in a strategic research roadmap to address these coupled challenges holistically.

Keywords : Smart Buildings, Internet of Things (IoT), Cyber-Physical Systems (CPS), Cybersecurity, Interoperability, Digital Twin, Intrusion Detection, Building Management Systems (BMS), Operational Technology (OT)

References :

1. Grand View Research. (2024). Smart building market size & share Industry report, 2030. https://www.grandviewresearch.com/industry-analysis/global-smart-buildings-market
2. Madakam, S., Ramaswamy, R., & Tripathi, S. (2015). Internet of Things (IoT): A literature review. Journal of Computer and Communications, 3(5), 164-173.  http://dx.doi.org/10.4236/jcc.2015.35021
3. Forescout. (2024). Rising threats to industrial and building automation systems: A 2024 cybersecurity report. UNDERCODE News. https://undercodenews.com/rising-threats-to-industrial-and-building-automation-systems-a-2024-cybersecurity-report/
4. Siemens. (2024, February 20). Cybersecurity in building automation: The time to act is now! https://blog.siemens.com/2024/02/cybersecurity-in-building-automation-the-time-to-act-is-now/
5. Li, G., Ren, L., Fu, Y., Yang, Z., Adetola, V., Wen, J., Zhu, Q., Wu, T., Candanf, K. S., & O'Neill, Z. (2023). A critical review of cyber-physical security for building automation systems. ArXiv. https://arxiv.org/abs/2210.11726
6. Runge, I. M., Akinci, B., & Bergés, M. (2023). Challenges in cyber-physical attack detection for building automation systems. In BuildSys '23: Proceedings of the 10th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation. https://doi.org/10.1145/3600100.3623738
7. Affonso, E. O. T., Branco, R. R., Menezes, O. V. C., Guedes, A. L. A., Chinelli, C. K., Haddad, A. N., & Soares, C. A. P. (2024). The main barriers limiting the development of smart buildings. Buildings, 14(6), 1726. https://doi.org/10.3390/buildings14061726
8. ESI Technologies. (2025, September 10). Smart building security: Key interoperability trends 2025. https://esicorp.com/smart-building-security-key-interoperability-trends-2025/
9. Garroppo, R. G., Giardina, P. G., Landi, G., & Ruta, M. (2025). Trustworthy AI and federated learning for intrusion detection in 6G-connected smart buildings. Future Internet, 17(5), 191. https://doi.org/10.3390/fi17050191
10. ACCORD Consortium. (2023). Existing ontologies, standards, and data models in the building data domain relevant to compliance checking (Technical Report D2.1). European Union Horizon Europe Programme. https://accordproject.eu/wp-content/uploads/2023/09/ACCORD_D2.1_Technical_Report_Existing_Models.pdf
11. Chamari, L., Pauwels, P., Petrova, E., Dubbeldam, J. W., de Jong, N., & Gunderi, K. M. (2023). Reference architecture for smart buildings. Brains4Buildings Project. https://pure.tue.nl/ws/portalfiles/portal/306532899/B4B-WP4-D4.06_Reference_Architecture-FINAL.pdf
12. Apanavičienė, R., & Shahrabani, M. M. N. (2023). Key factors affecting smart building integration into smart city: Technological aspects. Smart Cities, 6(4), 1832-1857. https://doi.org/10.3390/smartcities6040085
13. Simeoni, E., Gaeta, E., García-Betances, R. I., Raggett, D., Medrano-Gil, A. M., Carvajal-Flores, D. F., Fico, G., Cabrera-Umpiérrez, M. F., & Arredondo Waldmeyer, M. T. (2021). A secure and scalable smart home gateway to bridge technology fragmentation. Sensors, 21(11), 3587. https://doi.org/10.3390/s21113587
14. IEEE IGSC. (2022). 2022 IEEE 13th International Green and Sustainable Computing Conference         (IGSC).  IEEE.      https://doi.ieeecomputersociety.org/10.1109/IGSC55832.2022.9969359
15. Neuron Team. (2023). EMQ Neuron framework documentation. EMQ Documentation. Retrieved from https://docs.emqx.com/en/neuron/latest/
16. Balduzzi, M., Lin, P., Perine, C., Flores, R., Vosseler, R., & Bongiorni, L. (2020). Industrial Protocol Gateways Under Analysis. Black Hat USA Briefings. Trend Micro Research. Retrieved from https://i.blackhat.com/USA-20/Wednesday/us-20-Balduzzi-Industrial-Protocol-Gateways-Under-Analysis.pdf
17. Titterington, J. (2024). 2024 Ransomware Radar Report. Rapid7 Labs. Retrieved from https://www.rapid7.com/globalassets/_pdfs/2024-rapid7-ransomware-radar-report-final.pdf
18. Veridify Security. (2024, March 13). BACnet security issues and how to mitigate cyber risks. Retrieved from https://www.veridify.com/bacnet-security-issues-and-how-to-mitigate-cyber-risks/
19. KNX Association. (2025). KNX Secure - Security for smart buildings. Retrieved from https://www.knx.org/knx-en/for-professionals/index.php
20. Ghobakhlou, A., Al-Hamid, D. Z., Zandi, S., & Cato, J. (2025). A comprehensive analysis of security challenges in ZigBee 3.0 networks. Sensors, 25(15), 4606. https://doi.org/10.3390/s25154606
21. OASIS. (n.d.). MQTT Version 5.0. Retrieved from https://mqtt.org/
22. Shelby, Z., Hartke, K., & Bormann, C. (2014). The Constrained Application Protocol (CoAP) (RFC 7252). Internet Engineering Task Force. Retrieved from https://datatracker.ietf.org/doc/html/rfc7252
23. Trout Software. (2025). How to design VLANs for ICS security. Retrieved from https://www.trout.software/resources/tech-blog/how-to-design-vlans-for-ics-security
24. Martín Toral, I., Calvo, I., Villar, E., & Gil-García, J. M. (2024). Introducing security mechanisms in OpenFog-compliant smart buildings. Electronics, 13(15), 2900. https://doi.org/10.3390/electronics13152900
25. EMBA Project. (2023). EMBA - The firmware security analyzer [Software]. GitHub. Retrieved from https://github.com/e-m-b-a/emba
26. Cisco Blogs. (2020, June 26). Ripple20: Critical vulnerabilities might be putting your IoT/OT devices at risk. Retrieved from https://blogs.cisco.com/security/ripple20-critical-vulnerabilities-might-be-putting-your-iot-ot-devices-at-risk
27. Armis. (2020). URGENT/11: 11 zero-day vulnerabilities impacting billions of mission-critical devices. Retrieved from https://www.armis.com/research/urgent-11/
28. Rapid 7 Labs. (2024). 2024 Ransomware Radar Report. Retrieved from https://www.rapid7.com/globalassets/_pdfs/2024-rapid7-ransomware-radar-report-final.pdf
29. Abd El-Latif, A. A., Tawalbeh, L., Maleh, Y., & Gupta, B. B. (Eds.). (2024). Secure edge and fog computing enabled AI for IoT and smart cities. Springer. https://link.springer.com/book/10.1007/978-3-031-51097-7
30. Alnaser, A. A., Maxi, M., & Elmousalami, H. (2024). AI-powered digital twins and Internet of Things for smart cities and sustainable building environments. Applied Sciences, 14(24), 12056. https://doi.org/10.3390/app142412056
31. Froehlich, A. (2023, September 12). How building technology integration, interoperability, and security can align. Buildings. Retrieved from https://www.buildings.com/smart-buildings/iot/article/33018626/how-building-technology-integration-interoperability-and-security-can-align
32. ASHB. (2023). IoT Cybersecurity for Facilities Professionals in the Smart Built Environment (IS-2023-187). Association for Smarter Homes & Buildings. Retrieved from https://www.ashb.com/public_research/is-2023-187-iot-cybersecurity-for-facilities-professionals-in-the-smart-built-environment/
33. Aliero, M. S., Asif, M., Ghani, I., Pasha, M. F., & Jeong, S. R. (2022). Systematic review analysis on smart building: Challenges and opportunities. Sustainability, 14(5), 3009. https://doi.org/10.3390/su14053009
34. Rahmati, M., & Rahmati, N. (2025). Lightweight post-quantum cryptographic frameworks for real-time secure communications in IoT edge networks. Telecommunication Systems, 88, Article 136. https://doi.org/10.1007/s11235-025-01372-1
35. Guo, Y., Li, L., Jin, X., An, C., Wang, C., & Huang, H. (2025). Physical-unclonable-function-based lightweight anonymous authentication protocol for smart grids. Electronics, 14(3), 623. https://doi.org/10.3390/electronics14030623
36. Shojaei, A., & Naderi, H. (2024). Blockchain technology for a circular built environment. In A Circular Built Environment in the Digital Age (pp. 213-228). Springer. https://doi.org/10.1007/978-3-031-39675-5_12
37. Al-Rakhami, M., & Al-Masri, E. (2023). Artificial intelligence and machine learning in smart building environments: Challenges and opportunities. Sensors, 23(4), 1987. https://doi.org/10.3390/s23041987
38. Veridify Security. (2025, May 9). Zero Trust security for legacy OT devices. https://www.veridify.com/zero-trust-security-for-legacy-ot-devices/
39. Abdullahi, S. M., & Lazarova-Molnar, S. (2024). Toward a unified security framework for digital twin architectures. 2024 IEEE International Conference on Cyber Security and Resilience (CSR). https://zenodo.org/records/14070853
40. Wang, Y., Alnaser, A. A., Maxi, M., & Elmousalami, H. (2024). AI-powered digital twins and Internet of Things for smart cities and sustainable building environments. Applied Sciences, 14(24), 12056. https://doi.org/10.3390/app142412056
41. NIST. (2023). Cybersecurity Framework 2.0. National Institute of Standards and Technology. https://www.nist.gov/cyberframework
42. Tremlet, C. (2023, October 22). Adopting IEC 62443 standards for infrastructure cybersecurity. Embedded. https://www.embedded.com/adopting-iec-62443-standards-for-infrastructure-cybersecurity/
43. Audit Peak. (2023). Benefits & Challenges in Implementing NIST CSF. https://www.auditpeak.com/challenges-in-implementing-nist-csf/
44. Kitchen, M. (2024, October 11). The Cyber Resilience Act Explained: A Roadmap for IoT Manufacturers. EPS Global. https://www.epsprogramming.com/blog/the-cyber-resilience-act-explained/
45. Domas, S. (2024, October 21). What the Cyber Resilience Act Means for IoT Manufacturers. Forbes Technology Council. https://www.forbes.com/sites/forbestechcouncil/2024/10/21/what-the-cyber-resilience-act-means-for-iot-manufacturers/
46. Stenberg, E. (2025, January 22). The Cyber Resilience Act: How Manufacturers Can Meet New EU Standards. Cyber Defense Magazine. https://www.cyberdefensemagazine.com/the-cyber-resilience-act-how-manufacturers-can-meet-new-eu-standards-and-strengthen-product-security/
47. Harper, S., Mehrnezhad, M., & Mace, J. C. (2022). User privacy concerns and preferences in smart buildings. In Proceedings of the International Conference on Human-Computer Interaction. https://link.springer.com/content/pdf/10.1007/978-3-030-79318-0_5.pdf
48. Terabee. (2022). GDPR and People Counters: Smart and Safe Decisions. https://www.terabee.com/people-counters-powering-data-driven-decisions-in-gdpr-compliant-smart-buildings/
49. ISC2. (2024, October 31). 2024 ISC2 Cybersecurity Workforce Study. https://www.isc2.org/Insights/2024/10/ISC2-2024-Cybersecurity-Workforce-Study
50. IFMA. (2024, January 22). Optimizing building management with a lifecycle approach. IFMA Knowledge Library. https://knowledgelibrary.ifma.org/optimizing-building-management-with-a-lifecycle-approach/
51. Aldar, A., Chan, C.-F., & Zhou, J. (2023). Non-intrusive protection for legacy SCADA systems. IEEE Communications Magazine. https://www.bohrium.com/paper-details/non-intrusive-protection-for-legacy-scada-systems/864974017780515085-2442
52. Lavrinovica, I., Judvaitis, J., Laksis, D., Skromule, M., & Ozols, K. (2024). A comprehensive review of sensor-based smart building monitoring and data gathering techniques. Applied Sciences, 14(21), 10057. https://doi.org/10.3390/app142110057
53. Yitmen, I., Almusaed, A., Hussein, M., & Almssad, A. (2025). AI-driven digital twins for enhancing indoor environmental quality and energy efficiency in smart building systems. Buildings, 15(7), 1030. https://doi.org/10.3390/buildings15071030