Cybersecurity in smart buildings
There is no question, smart buildings are becoming more commonplace in today’s real estate portfolios, and cybersecurity in smart buildngs is a critical consideration. In an in-depth, 2 part blog post earlier this year called Buildings Re-invented, Schneider EVP and blog author Laurent Bataille highlighted many of the current Smart Buildings megatrends and illustrated the benefits of turning “buildings data chaos into meaningful insights.” There is little question that smarter buildings that leverage Internet of Things (IoT) technologies and Cloud-based analytics can lead to an excellent return-on-investment and are undoubtedly the way of the future, but inherent in this opportunity are risks. Top among these risks are the cybersecurity vulnerabilities that can be inadvertently introduced when the new technologies are deployed without due consideration of how to protect those technologies and smarter systems from hackers and malware.
Cybersecurity and data
With enormous amounts of data flowing in and out of organizations, business leaders are keenly aware of the importance of cybersecure corporate systems and networks, but oftentimes the cybersecurity of real estate and building control systems are overlooked. According to an article by CSO, quoting Dwayne Melancon, chief technology officer for data security company Tripwire, “generally what happens is some new business service needs network access, so, if there’s time pressure, it may be placed on an existing network, (without) thinking through all the security implications.” And Navigant research has declared, “Cybersecurity issues are expected to grow in tandem with the digital transformation of real estate through intelligent building technologies.”
As an executive who is responsible for a large real estate portfolio or a single Class A commercial building, this realization can be jarring. Cybersecurity can seem a complicated and daunting topic full of jargon, buzzwords and tales of catastrophe. Nevertheless, a smart building that lacks appropriate cybersecurity governance is a building that is susceptible to attack, opening up the building assets, data and the people who occupy the spaces to significant peril.
Addressing risks begins with conversation
Like many challenging issues, the first step in addressing these risks begins with a conversation. The people who manage the building control systems (operational technology, or OT) need to engage directly with the people who manage network and information security (information technology or IT). To help facilitate that conversation, Schneider Electric’s cybersecurity consulting specialists developed a practical framework for approaching the cybersecurity topic for smart building control systems. Here’s the link: “A Practical Framework for Cyber Secure, Cloud Connected Smart Building Control Systems.” Consider it a guide for real estate executives who need to better understand some fundamentals of the OT/IT cybersecurity topic in commercial buildings. And if you need more direct support, our OT specialized cybersecurity solutions teams can walk you through a structured process for evaluating your current risk profile and help you to develop and execute a comprehensive cybersecurity strategy for your smart buildings.
To conclude, I would like to share a customer conversation I had following a recent cybersecurity briefing. The customer told me “cybersecurity in our buildings portfolio is becoming one of my top concerns.” My answer to him? If it wasn’t a concern before, it will become a concern soon!