Cybersecurity in retrofit: balancing risk, heritage and resilience
The rise of smart technology has transformed how we manage and monitor buildings, particularly those undergoing retrofit. At its best, this digital integration improves energy efficiency, comfort and control. At its worst, it creates new vulnerabilities with very real consequences.
Cybersecurity is not always top of mind when we think about retrofitting buildings. But for Louise Shea, Cyber and Information Security Director at 海角视频, it is central to how we safeguard critical infrastructure and ensure long-term resilience.
Invisible threats in increasingly visible systems
Smart systems, from occupancy sensors and lighting controls to cloud-based HVAC, offer huge benefits for retrofitted buildings. Real-time data helps us cut waste and emissions, adjust conditions remotely and optimise space usage. But every connected device is a potential entry point for malicious actors.
These IoT devices can be exploited to steal sensitive data or manipulate building systems
Louise Shea, Cyber and Information Security Director
鈥淭hese IoT devices can be exploited to steal sensitive data or manipulate building systems,鈥 Louise explains. In a worst-case scenario, a hacker could override fire alarms, shut down lifts or overheat a space to dangerous levels. The threats are not hypothetical. They are safety and privacy risks with growing precedence across public and private buildings.
Heritage constraints, modern risks
Older and heritage buildings face particular challenges. Many were built before electricity, let alone the internet. Retrofitting these spaces with smart systems often means working around limited wiring capacity and physical constraints. Wireless networks become the default solution, but without proper encryption, they can be easily intercepted.
鈥淟egacy infrastructure is rarely designed with cyber defences in mind,鈥 says Louise. Existing systems might lack even basic protections. Integrating them with new digital controls can create security gaps or compatibility issues, especially where out-of-date software is left unpatched.
Preservation regulations add a further layer of complexity. Drilling through walls or mounting visible sensors on listed features is not an option. 鈥淓verything has to be discreet,鈥 she says. 鈥淲e use wireless, battery-powered sensors and cloud systems where possible; solutions that require no intrusive changes to the building fabric.鈥
Rules that force creativity
Conservation laws often seem to restrict what鈥檚 possible, but Louise views them differently – as drivers of smarter thinking. They push security designers to work creatively, opting for lightweight, low-impact technologies and pre-approved retrofit methods.
Any new system must go through careful approvals to prove it does not compromise heritage value. That includes cybersecurity measures. But instead of being a barrier, this process helps raise the standard. When done right, the outcome is a retrofit that is both secure and respectful of place.
Technical hurdles and tailored responses
So what does secure retrofitting actually involve? For Louise, it鈥檚 about recognising that there is no one-size-fits-all fix. 鈥淓very retrofit comes with a different mix of structural, regulatory and technical constraints,鈥 she says.
Retrofitted buildings often lack server rooms or space for network infrastructure. Wireless devices and cloud-based platforms fill the gap, but they must be protected with up-to-date firmware, strong passwords and robust access controls. Segmentation of networks is key: critical systems must be isolated so that a single breach cannot cascade through the building.
Many projects also require bespoke integration between old and new systems, for example, using middleware to connect analogue HVAC controls to modern monitoring tools. It is delicate work. This integration is delicate, requiring careful configuration to avoid vulnerabilities that could be exploited.
A career built on challenge
Louise did not start out in building design. Her background is in technology and problem solving. She chose to work in cyber and information security because of its complexity, and its importance.
鈥淎 cyber-attack isn鈥檛 just about stolen data,鈥 she says. 鈥淚t can shut down operations, cause harm, or destroy trust. And in buildings, the risks are tangible. Lives and livelihoods can be affected.鈥
That鈥檚 what makes the work meaningful. For engineers focused on resilience, the digital layer is now just as critical as the structural one. The two must evolve together
Louise Shea, Cyber and Information Security Director
Strategies for staying ahead
Cyber threats move fast, so buildings must too. Louise outlines a few essential strategies for long-term security:
- A regular schedule of software and firmware updates across all devices
- Continuous monitoring using AI or analytics to detect suspicious behaviour in real time
- Education for facilities teams and occupants on good cybersecurity hygiene
- Regular cyber table-top exercises to test incident response and recovery plans in the event of a cyber attack
- Modular systems that can adapt as technology evolves
- Partnerships with security experts to anticipate and respond to emerging risks
Together, these approaches build digital resilience into the very fabric of retrofit.
Looking forward
Cybersecurity is now a non-negotiable part of sustainable building design. And in retrofit, it is often the unseen foundation of successful transformation.
鈥淲e鈥檙e not just protecting data,鈥 Louise concludes. 鈥淲e鈥檙e protecting the spaces people rely on, spaces where safety, comfort and continuity must never be compromised.鈥
Related content
Event recap: Old foundations, new futures: Strategic investment through retrofitting
Event recap: Risk, resilience & responsibility: Protecting heritage in a changing climate
Revolution in Retrofit
Redefining obsolescence in the built environment 鈥 opportunity or challenge?
海角视频 participate in Council for Tall Buildings and Urban Habitat (CTBUH) conference and London Real Estate Forum (LREF) 2024, part three.
