Cybersecurity

Overview

Overview

There is more to building system cybersecurity than you think. At the building level, cybersecurity is different than enterprise IT, and traditional technology and practices simply don’t work. There is an area of cybersecurity that IT companies and departments have been unable to tame—the vulnerability, fragmentation, and inconsistency from building systems and contractors.
Evidence of Problem

Servers

90%

of building system servers accessed for personal use

(e.g., email, social media, etc.)

Systems

98%

of organizations have no building system
configuration set up requirements for operators

(e.g., passwords, software updates, etc.)

Backups

85%

of organizations have
inadequate or no building
system backup procedures

Servers
Systems
Backups
DOWNLOAD
Cyber Brochure
Cyber Brochure
DOWNLOAD
Cyber Whitepaper
Cyber Whitepaper

DOWNLOAD
Cyber Attacks Whitepaper

Consequences of problem

RANSOMWARE
VIA EMAIL

92 days

to remediate ransomware
due to personal use

ADMINISTRATIVE
MISMANAGEMENT

100 buildings

knocked offline resulting
in 6,000+ manhours

INADEQUATE
BACKUP PLAN

25 floors

unoccupiable for 2 DAYS resulting in $10K
lost rent and 1M HOURS of lost business

Ransomware via Email
Administrative Management
Inadequate Backup Plan

DOWNLOAD
Cybersecurity Incident Infographics

Cancelled Surgeries
FM Achilles Heel
Manual Reboot
IT Shuts Down FM
Tenant Evacuation
Tenant Evacuation
BMS Shutdown
BMS Shutdown
Tenant Evacuation
Low Sophistication Hacking
Source of problem
Real Estate Fragmentation Creates Risks Unlike Any Other Industry
Real Estate Fragmentation Creates Risks Unlike Any Other Industry
Line Graph

100

BUILDINGS

BUILDINGS

300+

OPERATOR
SERVICE COMPANIES

CONTACTOR SERVICE COMPANIES

600+

SILOED BUILDING
CONTROL SYSTEMS

SILOED BUILDING CONTROL SYSTEMS

3,000+

TECHNICIANS

TECHNICIANS
BUILDINGS
CONTACTOR SERVICE COMPANIES
SILOED BUILDING CONTROL SYSTEMS
TECHNICIANS
To further complicate the problem, traditional IT and IoT companies, solutions, and professionals lack the technical knowledge and cultural awareness of building OT systems.

Many IT firms have attempted to provide Smart Building solutions and services related to controls systems and have failed with the exception of traditional back-office software, such as work order management and asset management, along with some high-level database, data lake and analytics solutions that are generally disconnected from the front-line building systems. As a result, IT companies are virtually non-existent in the building controls OT cybersecurity world.

Situations that Can Go Wrong

Categorical Consequences

CRE building controls systems such as HVAC, elevator, lighting, parking, and access control that are not cybersecurity managed create imminent risks for:

LINE SAFETY INCIDENTS

LIFE SAFETY
INCIDENTS

PRODUCTIVITY LOSS

PRODUCTIVITY
LOSS

REGULATORY NON-COMPLIANCE

REGULATORY
NON-COMPLIANCE

EQUIPMENT REPLACEMENT

EQUIPMENT
REPLACEMENT

CORPORATE NETWORK INFILTRATION

CORPORATE NETWORK
INFILTRATION

BRAND DAMAGE

BRAND
DAMAGE

Users that manage these systems include facility employees and vendors and as a result Intelligent Buildings can be seen as providing employee risk management and Vendor Risk Management (VRM).

Solutions

Solutions

Intelligent Buildings uniquely spans the range of necessary services, including:

Advisory Services

Advisory Services

for strategy, commissioning, and policy development

Assessment Services

Assessment Services

for cybersecurity
and system risk
Managed Services

Managed Services

focused on monitoring systems and operators
We can help you with several, hundreds or even thousands of sites, depending on your portfolio. This allows you to have confidence that, even with the fragmentation and turnover in the facility environment, there is consistency in operator policy and system set up, profiles, and backup across the entire portfolio. In addition, our cybersecurity systems scans offer a level of asset and life cycle management not possible in traditional approaches, including end-of-life and patching issues.