The internet of things (IoT), or Industrial IoT, trend is sweeping the world. Every day more things are connected to the Internet. Whilst some are native IoT products, designed to be connected, others are industrial systems that have connectivity applied either via a connection to a gateway or directly into a LAN (local area network).

In the lift industry, many of the systems are not native IoT and were therefore not designed with cyber security in mind. The systems were built with the intention that a user would engage with a display on the controller or plug in a ‘test tool’ on site to read off the data.
The rapid adoption of IoT and ‘big data’ means there is a growing trend for connecting lifts to the internet to allow access and control of data directly from the lift controller. However, the main concern for the lift industry has always been, and continues to be, physical security.

Cyber Security and Lift


Traditionally “lift security” has been provided by the motor room door. All the equipment will be located behind this locked door and a physical key is required, preventing unauthorised access.

The concern now is that if the lift equipment is connected to the Internet, the cyber-security of the gateway, as well the software platform to which it is connecting, becomes an additional concern.

The industry is aware of this and concern for cybersecurity continues to grow as it becomes a very real threat to the lift industry. A working group to focus on this topic has already been formed by the European Lift Association and the China Standards Association is also introducing cybersecurity standards.

Previously, the concern had been focused on safety standards in terms of passenger and lift engineers’ safety, but now the focus has expanded to integrate cybersecurity to prevent breaches that can lower the safety of a lift.

The safety of a lift itself could be compromised, for example, if somebody could access the controller and change the safety settings or switch it off. Often a denial-of-service attack is the easiest attack a hacker can make nowadays.

A new vulnerability in the network


Another important issue to consider related to cyber security is that if the lift is connected to a building network, it can become a vulnerable point. Often the IT team in a building won’t allow the lift onto their network due to concerns about the ease of penetrating the network via the lift.

It is important to understand that if the lift is connected to the Internet, specifically if this is done by a direct connection to the controller, what access is being allowed: is it using original hardware (supplied by the original equipment manufacturer) connectivity? What about third-party connectivity?

As IoT and “smart lifts” grow in popularity, lifts will be ever more connected to the Internet. The data gathered can offer valuable information and services, such as remote monitoring. However, as connectivity grows, especially by leveraging older, legacy systems, the potential for risks become significantly higher.

Standards evolve to match changes in technology and security


This continued development in technological abilities means the Standards are regularly reviewed and evolve accordingly, to ensure that the lifts themselves, and the passengers carried, are safe and protected.

An example of this evolution following the capabilities in technology can be seen in the changes in requirements for door safety. In the past it was acceptable to have a mechanical device on the door that, when it struck something, caused the doors to reopen. With the evolution of detection technology, it’s gone from being acceptable for the doors to strike something, to requiring an infrared beam at the top and bottom of the lift doors, to requiring a full height light curtain and even a 3D sensor to detect objects approaching the doors.

Being struck by the doors is the number one cause of accidents.

As the ability to deliver detection technology has improved, the Standards have been updated accordingly, and it is nowadays unacceptable, under a lot of codes & standards, that a passenger be struck by the door.

Safety first

It is always recommended that before any connection into the lift is made, there is a review to ensure that the products match the level of safety required and won’t expose the network to any risks.

Generally speaking, the original equipment included in the lift will be quite limited as to what can be accessed once it is connected. With time, as the equipment is replaced, it is important to continue to review the safety settings as broader access to information will sometimes come at the cost of cybersecurity.

At MEMCO BY AVIRE we take security very seriously. Whilst we constantly develop new solutions that match our customers’ requirements, we ensure all our products – from the hardware solutions to the Avire Hub cloud-based platform – are regularly tested and comply with the highest levels of safety to ensure productivity whilst protecting any connected network and devices.

New technologies and products MUST come hand in hand with the level of safety that customers expect and rely on us for. To find out how to enhance your lift to make it smarter and safer, contact our team.

Related Products