What is Building Cyber Security?

Is that not the job of a tenant to make sure and install and maintain their systems securely?  For several years now, buildings have been trending toward the greater use of technology to manage and control systems.  This has had benefits for expense reduction, tenant experience enhancement and the environment.  But the more technologically enabled a building becomes, the more vulnerable it is to cyber attack.  Building cyber security breaks down into several component pieces. The first is the concept of cyber security – just what does this mean? Secondly, what about buildings needs to be cyber secure? Lastly, how do we make a building cyber secure?

When we talk about cyber security, what we are talking about is a level of security wrapped around technological systems, typically referred to as in-building networks. This level of security is intended to prevent external bad actors from accessing internal systems and stealing important information or causing damage or business disruption.  It is important to note, however, that currently there is not one universally accepted standard or metric by which to judge what is “officially cyber secure”.  Without a recognized standard, it is very difficult to accurately diagnose cyber security needs or to compare/contrast solutions offered. 

Buildings, themselves are becoming more technologically advanced year by year. It is important to make a distinction here between tenants within buildings running their own separate business on their internal technological systems and buildings being run by owners or investors.  Tenants within buildings have been protecting their technological systems in various ways for decades. Up to about 10 years ago, building owners have exclusively provided only square footage within their buildings and required tenants to handle and maintain their own technological needs.  Now, with the proliferation of IOT (internet of things) building systems are accessible through remote monitoring and the Internet.  Buildings must formulate a cyber strategy to survive. Systems within buildings that are now often technologically enabled include heating ventilation and air conditioning (HVAC) units, elevators, sprinklers, security cameras and security systems, and sprinklers. Similar to a smart home, where a homeowner can turn lights on and off, open and close garage doors, turn on heat or air conditioning, all from the convenience of their phone, buildings can now be run in a similar fashion. However, anything that someone can access and control with their phone can also be hacked by cyber terrorists and co-opted for their use. Typical means of extracting money from building owners include theft or freezing of data necessary to building operations or tenants and holding it for ransom.  Additionally, physical threats such as capturing elevators mid-floor, turning heat on and off, or running sprinklers during business hours, destroying equipment, and causing significant building operation interruptions. 


What are the essential blocks of Building Cyber Security?

Making a building cyber secure involves much more than just buying the right hardware. A building and its systems must be coordinated centrally to ensure full security throughout. Systems integrators which install hardware equipment and install and register the software that runs them must also have cyber awareness. Those that would access the system either technologically or physically on site must be part of the plan. Finally, all systems for the building must be placed on the cyber secure network. This would consolidate the various building systems that are independently monitored by various vendors for components of the building today. Much coordination and education are needed with building owners and operators, vendors, tenants, and building maintenance personnel to maintain a cyber secure building. 

Currently, building owners are vulnerable to cyberthreats primarily because of lack of knowledge. Understanding cyber security as necessary protection from outside bad actors (like an antivirus program on your computer) is the first step in creating a plan.  Also, recognizing that buildings have become more technologically enabled and therefore more hackable shows the need for true building cyber security. Lastly, recognizing that building cyber security is not as simple as just buying the correct hardware, but also involves correct installation diligent maintenance and access restrictions both electronically and physically, will allow building owners to begin the process of having true building cyber security.


What are the implications of poor Building Cyber Security?

Here is a shot clip from a seminar I gave at a Cyber Security Roundtable put on by Digitalware and the US Navy: