Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Publications

Guide On Conducting Threat Identification And Assessing Effectivness Of Controls For Smart Buildings

31 March 2026

1. The Cyber Security Agency of Singapore (CSA), in support of Singapore’s Smart Nation drive, will be publishing the “Guide on Conducting Threat Identification and Assessing Effectiveness of Controls for Smart Buildings” (“the Guide”) in March 2026. The Guide aims to provide building owners and facility managers with steps to identify cyber threats, provide contextualised examples and complement existing publications namely, but not limited to, Singapore Standards Council (SSC) TR 111:2023, Infocomm Media Development Authority of Singapore (IMDA) IoT Cybersecurity Guide and IEC 62442.

2. In smart buildings, computational components are now tightly integrated with physical processes, all interacting through interconnected networks. This Guide provides readers with steps to identify threats that affect both cyber assets and physical safety. It also provides guiding principles to assess the effectiveness of controls implemented to protect cyber-physical systems (CPS).

3. As the adoption of smart building systems continues to grow due to accelerated digitalisation and integration between legacy and smart technologies, the threat landscape inevitably expands for these systems. Malicious actors are increasingly targeting vulnerable building systems, particularly legacy or outdated IT systems that have been integrated with smart devices. These attacks create complex attack surfaces where weaknesses in one component can compromise entire systems, posing risks to occupant safety and operational reliability.

4. Facility teams traditionally focus on tasks such as maintaining and monitoring building automation systems, energy management tools and access controls, which have a direct impact on the resilience and safety of smart buildings. When hackers target these systems, they have the potential to disrupt operations or exploit automation features, which could result in endangerment of occupants’ physical safety and damage to property. The Guide aims to help facility managers and building operators by providing them with actionable steps to protect the growing number of smart building systems connected to the Internet from cyber threats.

5. The Guide focuses on areas such as:

a. Recognising cyber-physical threats within building and automation systems.

b.  Identifying assets with CPS considerations, including those arising when legacy systems are connected to new smart technologies.

c. Identifying and assessing the effectiveness of controls for CPS.

Download the Guide here:

Back to top