British companies seemingly unmindful of the risks, are potentially drifting towards cybersecurity threats in the realm of smart buildings.
In a recent report titled "Digital Risks in Buildings," the Royal Institution of Chartered Surveyors (RICS) has issued a warning to UK businesses about the rise of smart building cyber threats. The report, published this week, emphasizes the need for a holistic approach to digital risk management in the context of smart buildings.
The report highlights the growing threats posed by the convergence of operational technology (OT) and IT systems in smart buildings. OT infrastructure, often lacking the security maturity of traditional IT, creates a vastly expanded attack surface when integrated with systems such as building management systems (BMS), HVAC, access controls, and IoT sensors with corporate IT networks.
According to the RICS report, 27% of respondents in the RICS Facilities Management survey said their building had experienced a cyber attack in the last 12 months, a sharp increase from 16% the previous year. This underscores the urgency for immediate action to address these risks.
To tackle smart building cyber threats, the RICS report recommends several action plans for building stakeholders. These plans include setting mandatory security requirements, updating and securing systems, monitoring and managing access controls, enhancing cybersecurity awareness, and developing incident response plans.
1. **Set Mandatory Security Requirements**: Establish clear, mandatory security standards for managing digital risks within buildings. This includes integrating cybersecurity into building planning and operations.
2. **Update and Secure Systems**: Ensure that all systems, including operational technology (OT) like building management systems (BMS) and HVAC, are updated and not running on outdated software. For example, avoid using unsupported operating systems like Windows 7. Secure IoT devices by ensuring they are properly configured and regularly updated to prevent exploitation of vulnerabilities.
3. **Monitor and Manage Access Controls**: Implement strong access controls for all systems, including smart CCTV and remote access tools. Ensure that default settings are changed and credentials are secure. Conduct regular security audits to identify and fix vulnerabilities before they can be exploited.
4. **Enhance Cybersecurity Awareness**: Provide training for building managers and maintenance personnel to raise awareness about potential cyber threats and best practices for cybersecurity. Encourage collaboration between IT and facilities teams to ensure that cybersecurity is integrated into all aspects of building operations.
5. **Develop Incident Response Plans**: Implement comprehensive incident response plans that include procedures for responding to and managing cyber attacks when they occur. Consider the impact of cyber attacks on insurance policies and property values, and take steps to mitigate these risks.
The RICS report also analyses the wider business implications of smart building cyber threats, including the risk of invalidated insurance policies, significant reputational damage, and potential digital discounts to a property's value due to poor digital hygiene. However, the report does not provide details about the specific 'digital discount' calculation method for a property's value due to poor digital hygiene, nor does it mention any specific instances or examples of smart building cyber attacks causing operational disruptions such as holding a building's HVAC or access systems to ransom.
In conclusion, by implementing these strategies, building stakeholders can significantly reduce the risk of cyber threats and ensure the secure operation of smart buildings. The RICS report emphasizes the importance of proactive measures to address these rapidly evolving threats. The report does not mention any specific offers or deals related to Google News, ITPRO, or Keeper Security.
- To ensure the secure operation of smart buildings, it is crucial to establish clear mandatory security standards that integrate cybersecurity into building planning and operations.
- Enhance the cybersecurity posture of buildings by updating and securing all systems, including operational technology (OT) like building management systems (BMS) and HVAC, and IoT devices to prevent exploitation of vulnerabilities.
- Implementing strong access controls and conducting regular security audits can help identify and fix vulnerabilities in smart CCTV, remote access tools, and other systems to protect against potential cyber threats.
