In recent years, our world has become increasingly interconnected as technology plays a role in almost everything we do. This interconnectedness has given rise to smart buildings, enhancing productivity and promoting sustainability. However, it has also exposed vulnerabilities of a building’s critical infrastructure. With October being Cybersecurity Awareness Month, there’s more attention on the importance of cybersecurity in buildings now more than ever.
When discussing the growing significance of cybersecurity in the context of buildings, it is essential to recognize that buildings transcend beyond their physical structures. They serve as the hub of modern life, and include spaces like factories, hospitals, offices, entertainment venues, and more. However, the pivotal roles buildings play in our daily routines make them alluring targets for cyberattacks. With the integration of smart systems such as power management, fire protection, access control, and visitor tracking, buildings are increasingly transitioning into digital and cloud-connected entities. This digitalization, while enhancing functionality, also exposes them to a broader spectrum of vulnerabilities. As the boundaries between the physical and digital worlds blur, cyberattackers are able to find new avenues to infiltrate these spaces.
Conversations regarding cybersecurity often focus on information technology (IT) breaches, primarily involving the compromise of data confidentiality, integrity, and availability, including sensitive personal information. However, cybersecurity breaches within operational technology (OT) can yield even more severe consequences than the compromise of personal data. OT breaches have the potential to completely disrupt an organization’s operations, potentially leading to life-threatening and widespread ramifications. The integrity of critical infrastructure remains at risk, highlighting the growing importance of safeguarding against such threats.
In recent years, the frequency of cyberattacks has steadily risen, underscoring the urgent need for enhanced protection. This surge in attacks can be attributed to various factors, including inadequately protected cybersecurity environments, the proliferation of new Internet of Things (IoT) devices and interconnected systems and the escalating complexity of securing OT systems. These challenges emphasize the necessity for organizations to prioritize the security of these critical systems, especially as the threat landscape continues to evolve due to the convergence of IT and OT systems in an increasingly connected IoT environment.
Despite these developments, many professionals still lack a fundamental understanding of securely integrating new technologies that offer business advantages. Moreover, there is a lack of awareness about the critical importance of protecting OT infrastructure from potential attacks, highlighting the need for better awareness and education.
To bolster a building’s resilience against OT attacks, facilities managers, operators, and chief information security officers (CISOs) should adopt a multi-layered security strategy. This approach begins with a thorough security assessment aimed at understanding the assets and their interconnections. After the assessment, stakeholders can pinpoint vulnerabilities and develop a secure configuration and design plan that prioritizes safeguarding critical assets. This step also involves the selection of additional cybersecurity tools and software to reinforce defenses.
Following this, operators can implement comprehensive cybersecurity monitoring and, notably, establish an incident readiness plan, which acts as pivotal steps in preparing for potential future incidents. This integration equips the building with the capability to detect and respond to threats in real time, thereby strengthening its defenses against cyberattacks. It’s imperative to note that while these represent just a selection of measures building owners and operators can adopt to mitigate vulnerabilities, each plan should be tailored to the specific security risk profile and budget of the building in question.
The integration of cybersecurity into the OT ecosystem should no longer be an afterthought, especially considering the ongoing convergence of OT and IT environments. With cyberattacks growing in both frequency and sophistication, cybersecurity is a fundamental element in the design and development of digitized OT systems. The teams responsible for creating these systems must adopt a comprehensive, layered security approach and prioritize privacy from the outset. This proactive approach is essential to safeguard the buildings of the future and their vital role in our ever-changing digital landscape.
Mirel Sehic is the vice president and general manager of cybersecurity for Honeywell. He leads a team that is responsible for educating and helping customers’ efforts to protect their operational technology (OT) cybersecurity critical infrastructure environments. Sehic oversees the cybersecurity business globally, including the integration with development, partnerships, marketing of solutions, sales, and operations.