Still, though the challenge is complex, it is not insurmountable. Here are five foundational steps to frame the cyber challenge and help smart building stakeholders to keep their foundations safe and secure.
1. Observe and orient around a specific challenge
As a first step, operators and managers need to decide which elements of their smart building matter most. Is it the connected physical security system? Or, ensuring continuous uptime of a data center? From here, the next step is to map the attack surface and the available pathways to sensitive assets. Here, it is useful to incorporate credible cyber threat intelligence that can help gauge the likelihood of different threats. Collectively, this systematic process can assist in determining the real cyber risk landscape—and defending against it.
2. Forget old silos
For cyber risks to be well managed, buy-in from across the business is vital. IT, cybersecurity and facility teams typically have the expertise and the access to take the lead. Working together as one cohesive unit, they also need to coordinate with a range of internal and external stakeholders. Externally, it is important to work with business partners and vendors that materially invest in and value cybersecurity. Across all of these stakeholders, trusted partnerships are indispensable.
3. Change the culture
Even with the smartest team, the most expert capabilities and the most advanced technology solutions, cybersecurity will fail if support from across the ecosystem is lacking. With this in mind, it is vital that the cyber issue is heard loud and clear amongst an organization’s leadership and stakeholders. To foster support, smart building owners, operators and managers must build a culture that understands the intrinsic relationship between cybersecurity and the future of a business.
4. Build the right capabilities
Shoring up a building against a cyberattack is about more than just acquiring the right technologies; deployment of technological tools must be balanced with investments in people and processes. As part of this effort, it is important to incorporate cybersecurity across the smart building lifecycle, being careful not to overburden the process.
5. Get operational
Checking the box on today’s threat is all well and good, but what about the threat of tomorrow? Cyber attackers are ever-evolving adversaries, so it is crucial to continually monitor internal and external intelligence to understand the continuously-changing risk profile. ‘Allies’ such as building controls manufacturers and analytics service providers with a demonstrated commitment to product security can also help smart building stay ahead.