Smart Technologies and Historic Buildings: Gaps to be filled

Cybersecurity is a critical concern when implementing IoT smart technologies in heritage buildings, particularly museums. This concern encompasses both safety and security aspects, as the October 2025 theft at the Louvre Museums illustrates.

The primary security vulnerabilities identified can be succinctly summarised as follows:

• Information Security Neglected. Security is often considered only at the technical level and is overlooked during product development and market introduction, especially for new IoT-connected fire safety products.​
• Lack of Standards Compliance. Few devices meet national or international information security standards and approval requirements, increasing regulatory and insurance risks.​
• Superficial Security Principles. Design often prioritizes user-friendliness and easy introduction over robust security protocols, making ease-of-use a weakness.​
• Weak Updates and Patche: IoT systems are rarely updated regularly, with many devices retaining default or weak passwords, outdated software, and lacking routine patch management.​
• Open Network Vulnerabilities. Devices on open or poorly segmented networks are easy targets for attackers, risking not only the devices themselves, but also the wider building automation systems and user data.​
• Poor Process and Human Factor. Processes and systematic approaches to security are insufficient, and staff are often not adequately trained to ensure the secure use and maintenance of these systems.​
• Misleading Product Claims. Marketing may overstate the security or integration with emergency response, leading to gaps between promised and real-world functionality.
• Remote Access Risks. Inadequate planning for remote access/maintenance leads to poorly controlled entry points for hackers.
• Data Privacy and Exposure. Security gaps in data collection and management make it easy for criminals to access sensitive building and personal information (such as absence from home, door lock status, and even credit card data).​
• Device Integration Risks. Networked older devices with “smart” add-ons share the same vulnerabilities as new ones if not secured properly.

Existing gaps

Vulnerabilities inherent in safety-intelligent systems can render buildings susceptible to severe threats that diverge from the fire risk. Nevertheless, these threats still pose a potential risk to the integrity of buildings or collections. The primary concerns associated with these vulnerabilities include:

• Vulnerabilities. IoT devices and sensor networks transmit real-time data over wireless connections, exposing them to threats such as hacking, unauthorized access, malware, and ransomware attacks. A compromised fire safety system could fail, trigger false alarms, or be remotely disabled during a genuine emergency. 
• Data Privacy and Integrity. Sensitive building data (environmental conditions, visitor flow, asset locations) must be protected. Breaches can put confidential information, including security plans and collection inventories, at risk.
• System Interoperability. Device manufacturers use diverse protocols and standards. Inconsistent or outdated security practices in legacy systems can create gaps that attackers exploit. Upgrading or retrofitting historic buildings often compounds these risks.
• Mitigation Strategies:
  • Employ strong encryption and authentication for all device communications and data storage.
  • Regularly update and patch firmware/software.
  • Use secure, dedicated networks rather than generic building Wi-Fi.
  • Develop incident response plans and train staff in cybersecurity best practices.
  • Work with technology providers to ensure compliance with current data protection laws and standards.

These gaps mean that, while smart technologies can make fire detection, warning, and building automation more effective, they also introduce new vectors for intrusion, manipulation, and data theft.

The risks are intensified when manufacturers and users do not match rapid technological advances with robust, process-driven, and regularly updated cybersecurity measures.

Investing in robust cybersecurity is as essential as protecting physical assets—without it, smart fire safety systems could become a new source of risk for heritage sites rather than a safeguard.