It’s Time For Cyber Security To Take Centre Stage In Building Operations

  • Blog
  • Real Estate & Built Environment

It’s Time For Cyber Security To Take Centre Stage In Building Operations

Whether building systems are directly or indirectly compromised, malicious actors are increasingly putting everyday enterprise operations and occupant experiences at risk. Take the recent MGM ransomware event, where among other business systems, patrons’ digital room keys and elevator access were impacted. When firms suffer an incident like this, not only do they need to address the data sources, applications and technical components that have been hacked, they may also need to take other systems offline temporarily to further protect themselves or perform investigative processes. Having strong response plans and back-up operational procedures is a must – including for building and facilities operations.

Awareness of the criticality of cyber security is rising among corporate real estate (CRE) and facilities management (FM) leaders. 83% of respondents to the 2023 Verdantix smart buildings global corporate survey highlighted both “Enhancing physical building security” and “Improving cyber security risk management” as key portfolio initiatives over the next 12 months. Yet, many decision-makers are not sure of how they address these concerns. 27% of CRE and FM leaders were not aware if their organizations used commercial software to address cyber security for buildings, and 21% were not able to state if or to what degree their spending on integrated building security platforms would change. While many firms rely on their IT teams or managed service providers to address cyber security, it really must be seen as an enterprise-wide endeavour – and one that facilities leaders must become more knowledgeable about and involved in.

Not only is addressing cyber security a whole-enterprise endeavour; it is also a whole-industry priority. US technology body NIST published its guide to operational technology (OT) security in September 2023, which advances its view beyond industrial systems to incorporate the broader operational technology spectrum, including physical access control and building automation. Beyond the many cyber-security-specialty consulting, managed services and technology firms, smart building solution providers have also been steadily rolling out services and technical capabilities to help businesses tackle the challenge. In July, Honeywell announced the acquisition of Scadafence, adding to other investments the firm has made to reinforce its cyber security and insights services, and its work with Acalavio Technologies. Johnson Controls (JCI) has been investing in and integrating technology into its solution offerings, such as the 2022 acquisition of Tempered Networks and its investment in Nozomi Networks. Last month the firm announced a dedicated security device performance service. In January, Schneider Electric launched a managed services offering for OT environments and in June it announced a joint solution with Claroty to offer cyber security solutions for buildings.

Ransomware and distributed denial of service (DDoS) events are skyrocketing, causing disruption and costing businesses millions across various industries. Most experts believe that it is not a matter of if, but when, a firm is attacked. JCI was recently hit by a ransomware event and is teaming up with government officials to perform in-depth forensics. A strong cyber security action plan is critical, from mandatory disclosures for publicly traded firms to strategies for how various building and business operations will need to be handled in an emergency. No one is immune – even the greater Manchester police in the UK has been compromised.

Physical security, cyber security, risk management and overall corporate resiliency activities are all highly intertwined. Solid incident management, communication and swift coordination are essential. Every organization, every department and every employee must be aware of risks and remain diligent. The digital evolution of the built world is well underway, especially with IoT advancements and expanding cloud-based system footprints. IT and physical security teams must further align, and facilities teams must ensure to strengthen their systems and up the ante on their cyber security and resiliency programmes. Is your organization prepared in case the dark net hits?

For more research on the steps businesses can take to address building cyber security, see Verdantix Best Practices: Enhancing Your Smart Building Cyber Security Programme, and stay tuned for more findings from our 2023 global corporate study on smart building technology, budgets, priorities and preferences.

It’s Time For Cyber Security To Take Center Stage In Building Operations figure_graphic copy 38

Sandy Rogers

Principal Analyst

Sandy is a Principal Analyst in the Verdantix Smart Buildings practice. Her current research agenda focuses on the intersection of IT and OT digital strategies and technologies, including the IoT landscape. Sandy’s experience prior to joining Verdantix includes work as a research director and technology industry analyst in IT service technologies and operations at Forrester, and at IDC, where she covered software, vertical markets and web services. Sandy has worked in competitive research and strategy consulting at Fuld & Company and developed research for thought-leadership at Deloitte. She holds a Business Degree in Marketing and Management Science from the University of Rhode Island.