Cyber Physical Resilience
– Smart Buildings & Cities

Digitalization of the built environment introduces new vulnerabilities and governance gaps.

Innovation in IoT, OT, and AI outpaces the development of security strategies.

Fragmented responsibilities between owners, operators, and service providers.

Building management systems, access controls, and energy grids becoming high-value targets.

Lack of integrated governance linking technical architecture with operator accountability.

Rising risk of operational disruption, regulatory consequences, and reputational damage.

Compliance with the Cyber Resilience Act and NIS2 often falls short — creating financial and reputational risk.

Our Role as
Strategic Advisors

COMCODE acts as a strategic architect and transformation advisor for operators, developers, municipalities, and construction groups as they build secure and digitally connected ecosystems. We design strategies that integrate technical architectures with governance and operator responsibility — enabling resilience throughout the lifecycle of buildings and urban infrastructures. Our role: to ensure that innovation in smart environments is matched with robust security and governance.

Experience
& Projects

  • Serving as the CISO team of a leading German construction group for more than 10 years.
  • Supported the first German construction company to achieve ISO 27001 certification.
  • Development of the client’s Digitalization Strategy V1.0.
  • Steering digital transformation programs in partnership with IT leadership.
  • Advising boards on strategic security and digitalization initiatives.
  • Deep expertise in integrating OT, IIoT, and smart building elements into overarching security strategies.
  • COMCODE North America with a strategic focus on smart building & city resilience.

Advisory Portfolio

Strategy & Target Operating Models

Development of secure smart building architectures focused on lifecycle and operator responsibility. Integration of physical and digital assets into unified resilience concepts, including digital twins, AI-readiness, and data governance.

Risk & Threat Analysis

Methodical assessment of risks for building and campus infrastructures. Mapping of threats to BMS, networks, interfaces, and OT assets. Derivation of prosection measures based on scenarios.

Governance & Operator Responsibility

Definition of clear responsibilities between owners, operators, and service providers. Development of governance models for safety, security, and digital operations. Integration into ISMS, GRC, BCM, and compliance obligations.

Architecture & Technology Consulting

Evaluation of smart building technologies, platforms, and integration layers. Guidance on secure cloud, on-prem, and hybrid models. Support in tool selection, certification, and monitoring strategies.

Smart City Resilience & Urban Security

Development of security strategies for cities, districts, transportation, and energy infrastructures. Advisory on urban governance, public space, data ethics, and operator networks. Protection concepts for critical urban subsystems.

AI-Ready Buildings & Operational Intelligence

Strategic guidance on transitioning to AI-driven building operations. Risk evaluation of AI in building functions (HVAC, access, energy). Development of operational models for “AI-ready” buildings.

Cyber Defense & SOC Integration for Buildings

Security concepts for cyber-physical attack surfaces (BMS, access control, energy, elevators). Integration of building operations into centralized or decentralized SOC structures (Building-SOC, Urban-SOC). Development of detection use cases and monitoring concepts.

Target Markets

In the area of Smart Buildings & Cities, COMCODE works with actors who want to strategically integrate resilience, security, and digital intelligence into their built environments — from construction and operation to governance and innovation.


  • Construction companies and real estate developers.
  • Operators of critical building infrastructures.
  • Operators of technical infrastructures (energy, water, transport, mobility).
  • Public institutions, municipalities, and utilities with Smart City ambitions.
  • Organizations managing complex campuses, districts, or building ecosystems.
  • Companies focusing on building technology, digitalization, AI, or ESG.
  • Manufacturers of digital solutions and components for smart building or smart city infrastructures.
  • Architecture and planning firms in the digital building and city space.

Partnerships and Engagement

It's about more than just business – that’s why we are active members of reputable organizations.