As a real estate executive, you are responsible for cybersecurity risks that go beyond traditional IT and into your building control systems and contractors. This page will provide foundational information, guidance and a path to risk management.
Since the 1980s, building control systems manufacturers such as Johnson Controls, Honeywell, Siemens, Schneider, Otis, Lutron and others have been designing their operational technology (OT) systems to work on and depend on computer servers, operating systems, protocols, local area networking (LAN) and remote Internet access along with other information technology (IT) attributes.
However, those responsible for designing, installing and maintaining them for the past 40 years such as architects, engineers, contractors, facility managers, property managers, and asset managers have neither IT nor cybersecurity skills. Thus, the systemic risk is that the entire building control systems value chain does not have IT skill sets. Therefore, the size of the risk and the opportunity is immense because this is a legacy building stock problem and not a modern, so-called Smart Building problem.
“…the systemic risk is that the entire building control systems value chain does not have IT skill sets.”
DOWNLOAD: Cyber Brochure
DOWNLOAD: Cyber Whitepaper
To further complicate the problem, traditional IT and IoT companies, solutions, and professionals lack the technical knowledge and cultural awareness of building OT systems.
Many IT firms have attempted to provide Smart Building solutions and services related to controls systems and have failed with the exception of traditional back-office software, such as work order management and asset management, along with some high-level database, data lake and analytics solutions that are generally disconnected from the front-line building systems. As a result, IT companies are virtually non-existent in the building controls OT cybersecurity world.
“…traditional IT and IoT companies, solutions and professionals lack the technical knowledge and cultural awareness of building OT systems.”
CRE building controls systems such as HVAC, elevator, lighting, parking, and access control that are not cybersecurity managed create imminent risks for:
Users that manage these systems include facility employees and vendors and as a result Intelligent Buildings can be seen as providing employee risk management and Vendor Risk Management (VRM)*.
“…Intelligent Buildings provides employee risk management and Vendor Risk Management (VRM)…”
Intelligent Buildings uniquely spans the range of necessary services including:
Consulting for strategy and policy development
Site assessments and new project commissioning
Ongoing compliance monitoring of systems and contractors
We can help you with several, hundreds or even thousands of sites depending on your portfolio. This allows you to have confidence that even with the fragmentation and turnover in the facility environment there is consistency in vendor policy and system set up, profiles, and backup across the entire portfolio. In addition, our cybersecurity systems scans offer a level of asset and lifecycle management not possible in traditional approaches including end-of-life and patching issues.