According to IDG, cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. In addition to lost revenues, businesses that fall victim to a cyberattack can generate legal fees and can damage hard-earned reputations. Even small organizations and entities such as school districts and municipal governments can be held for ransom if their network infrastructure falls under the control of hackers with malicious intent.
Many building owners are now recognizing that implementation of a cybersecure building strategy is good for business. Investments in cyber security not only reduce costs associated with unanticipated downtime, but also help building owners to establish competitive advantage. Cybersecure buildings are more attractive to tenants because they lower occupant risk and more actively promote protection of building occupant identity and privacy.
The rising frequency of cyber security attacks is a growing concern, especially for building owners that invest in “smart” technologies with open, more connected protocols. According to Memoori, a smart buildings research firm, global revenues for smart building cyber security will reach $8.65 billion by 2021, up from an estimated $4.26 billion in 2016.
Although cyber security investments in IT networks within buildings are common, funding for protection of the operations technology (OT) portions of a building portfolio (core power, cooling, heating, ventilation and building automation systems) is not as prevalent. However, as hackers seek new, more vulnerable areas for their cyberattacks, OT systems are becoming a bigger target. Organizations with holes in their building controls cyber platforms are at risk.
A new option for reducing cyber security risk
At Stark Tech, we work as a Schneider Electric EcoXpert partner with expertise in the area of building automation. Our engineers encounter many situations where building owners need help in reducing energy costs and in securing the performance of their OT assets.
We see many of our building owner customers accruing the benefits of digitized energy management and building control technologies. These significant OT savings can now be freed up to build a more robust OT cyber security strategy. By using energy savings to future-proof the cyber security of building assets, building owners lower long-term risk and build competitive advantage.
When discussing energy management and cyber security risks with building owners, we recommend the following actions:
- Invest in energy efficient technologies – First assure that the types of building controls you have in place contribute to creating a pool of energy savings. This is an important first step in securing funds for enabling better cyber security protection.
- Install cybersecure products and platform architecture – As you upgrade OT technologies over time, make sure those components are cybersecure by design. In this way, your OT network backbone is strengthened. Manufacturers like Schneider Electric apply a Secure Development Life Cycle (SDL) approach to all their core products (Achilles Level 2 Certified). Within the context of SDL, secure architecture reviews are performed, threat modeling of the conceptual security design takes place, secure coding rules are followed, specialized tools are utilized to analyze code, and security testing of the product is performed. These actions help to “harden” products, making them more resilient against cyberattacks. Cyber security is also imbedded in Schneider Electric’s EcoStruxure™ platform. The EcoStruxure platform provides a cybersecure envelope across the smart device, edge control, and apps and analytics layers of the building architecture.
- Establish cyber security operational best practices – Protection can be further enhanced through practices such as vulnerability testing (to determine the biggest areas of exposure), application white listing (prevents unwanted software from running on your server by establishing a pre-approve “white list” of validated applications), tightening management of cyber security software updates (many successful malware and ransomware attacks can be traced to not installing available updates), and by training building facilities staff to be vigilant.
Stark Tech is a fully integrated provider of highly engineered, turnkey building technologies solutions and support services. Stark can infuse multiple technologies into new or retrofitted buildings to optimize energy and maintenance requirements, plus implement enterprise systems that deliver actionable data to national real estate portfolios.