Technology is integral to facility managers’ job and workflow, but it’s important to remember that increasing reliance on technological solutions also increases cyber security risks.
Independent research and advisory firm Verdantix notes that there has been an increase in cyber attack threats to building systems that have generally been under-reported.
The company warns that facilities are particularly vulnerable due to the interoperability between operational technologies (OT) and information technologies (IT) from multiple manufacturers, resulting in a convergence of physical and digital threats. IBM research found that cyber attackers increased their targeting of internet-connected OT devices by 2,204 per cent between January 2021 and September 2021.
For example, a commercial REIT-owned Class A office building in Canada was attacked by ransomware that shut down the BMS and damaged central plant equipment, resulting in hundreds of thousands of dollars of cost. In another example, attackers infiltrated around 4,530 internet-connected video cameras installed by a cloud-based access control manufacturer, gaining access to video feeds across 68 organizations.
“Without sufficient security controls, these systems are introducing significant new risks and more entry points for cyber criminals to exploit,” says the company’s blog on the topic. For example, AI algorithms are vulnerable to data poisoning, where data inputs are maliciously altered to impact the decision making of the algorithm.
“The first step for rebooting a smart building cyber security strategy is defining clear responsibilities and embedding cyber management into facilities operations across procurement, technology management, and staff training,” said Rodolphe D’Arjuzon, Global Head of Research at Verdantix.
“Facilities managers should not develop a siloed cyber program on their own, but rather partner with their IT and security peers to integrate cyber security into different building management processes.”
To counteract these threats, Verdantix stresses that facility managers should look to redefine their security protocols, ensure that their technology and data have no weak points, and work with their IT programs to ward off potential threats before they infiltrate.