Owners and property managers are vulnerable to cyber risks posed by operating technology (OT) systems, according to attendees in a webinar presented in July entitled "Cybersecurity in the News: What It Means for Commercial Real Estate." The webinar accompanied the publication of a report by the cybersecurity firm Kaspersky.
Although IT-related ransomware attacks have been widely reported in the media, smart buildings are also at risk from OT attacks. An OT system is any system that tenants touch or that works in a way that is comfortable or uncomfortable for them, says panelist John M. Hester, owner of Hester Consulting LLC and a specialist in energy management and intelligent building applications. These include “air conditioning, mechanics, water supply and lighting control. Soft services related to food or cleaning systems are also part of OT. ”An interruption in one of these areas can be a major problem for a building owner or a property manager.
In one case, a 30-story building had to be evacuated after a message came in on a building occupant's printer that a bomb was in the building, says panelist Fred Gordy, who develops and implements secure control systems. “The message came through an OT system – a parking system. I pointed out to the building owner that the owner's name was on the building even though (the attack) came through the parking system – a third party company. ”This meant the owner was facing a branding problem.
Other OT systems include access control, metering, and security cameras, says panelist Tom Shircliff, co-founder and head of Intelligent Buildings. "Fire suppression systems that can be activated by a cyber command can be triggered prematurely and cause all kinds of property damage."
Contractors make security difficult
These problems are compounded by the fact that so many contractors work in one commercial building, Hester adds. “Not only do they have the systems themselves, they also have the people who come and work on the building and break into those OT systems. Building owners have to manage the load on their system on a day-to-day basis, and the way to do that is by realizing the number of people and making sure they are doing the right thing. "
Efforts have been made by the government and private sector to develop OT standards, but the standards haven't been widely adopted and are not widely known, says Lucian Niemeyer, chairman and CEO of Building Cyber Security, a nonprofit that supports the drives physical security. . Internal safeguards “should start with the Chief Information Officer asking, 'What do you have on the network? What has been installed that I don't know? '”The goal is to combine this information and put it into a framework“ in which the IT and OT people communicate and then work together to provide the necessary protection. "
Convincing CEOs and CFOs to invest in cyber protection, including OT, can be a challenge, says Niemeyer. “It's difficult to balance investing in cyber protection versus investing in increasing sales or improving your brand.” One way is to develop a viable framework and work with insurance companies to enable companies that invest in the framework to get lower rates on their Get cybersecurity, property, and casualty insurance.
"OT has the potential to change our lives for the better," says Niemeyer. "We want users to have safeguards in place to ensure that these smart technologies are not being exploited in any way."