Cyber activity is evolving at an incredible pace. In today’s world, no organization is safe from being the target of a cyber incident or a vulnerability.
Cyberattacks are increasingly sophisticated, driving an ongoing need for more tools and services. This growing threat cannot be ignored. In fact, it’s forcing companies to invest more time, resources and budget into building a “defense in depth” strategy to protect their operations, systems and data.
Regardless of how technologically advanced your buildings and the systems and devices that operate them are, you should include a path that ensures cyber security and vulnerability management are an integral part of the company’s culture. Make it an operational practice to incorporate security by design and have a comprehensive cyber strategy that includes defined policies, procedures and safeguards. This is especially true as OT and IT continue their convergence and the collaboration between the two increases.
In addition, building infrastructure transformation is giving us more advanced systems and increasingly more embedded IP technology and devices that allow a building to meet the functional needs of its occupants and the operational and financial needs of owners and operators. Furthermore, there are new cyber compliance regulations and mandates that need to be followed.
A new approach
The move to digital within the built environment has required a new approach. It demands more visibility, greater automation and more understanding. As digital transformation makes buildings more responsive to operational demands, security has to follow this same approach, ensuring that the right steps are taken to detect, mitigate and prevent. This involves more collaboration across functions, especially OT and IT.
There are many safeguards that can be implemented as part of this multi-layer approach to security. On one hand, there are technical measures as simple as keeping systems secured, patched and up to date. There are also physical actions that can be taken, such as keeping servers in a secure location and limiting access to your operating system and devices. Others include developing users’ skills and awareness as an integral part of the defense in depth strategy.
Where is a good place to start?
Ask yourself…
Are we secure?
How do we know we were not compromised today?
How would we know?
What would we do about it if we were?
Are we prepared to face a threat?
Do we have company cyber security policies?
What are some things you could be doing now?
- Set the tone from the top and ensure both the OT side and the IT side are engaged and have ownership of the process
- Understand the current state of your system(s) security and focus on a cyber strategy with essential tools and structure to mitigate risks and know how to respond to an incident
- Conduct a risk assessment: the process of identifying, estimating and prioritizing risks to the organizational assets and operations
- Gain a better understanding of what defensive measures your organization needs to take to defend against cyberattacks, including general posturing, access, privileged account management and network and device hardening
- Establish a security-by-design practice—take a risk-based approach to security, deploy zero trust with multistep authentication and secure privileges on applications, devices and endpoints
- Appoint a dedicated team and provide them with ample resources
- Leverage the resources of your technology and service providers
- Secure for today, plan for the future—managing cyber risk of any kind, is never a one and done exercise
Cyber threats directed at the building environment are increasingly sophisticated. There is no issue that has become more important and less understood. Managing cyber security involves looking beyond the risks. As built environments are becoming increasingly smart, cyber security strategies should be built-in and deployed across the entire organization. Having a robust security-first approach enables building owners and operators to defend against cyberattacks, ensure operational safeguards, minimize reputational risk and maintain the trust of occupants. The goal is to mitigate, detect, minimize and prevent.
How Can Albireo Energy Help You?
At Albireo Energy, our goal is to reduce the complexity, time and the lack of understanding within the building environment. In combination with our portfolio of capabilities, services and deployments that encompass millions of square feet throughout the commercial building world in facilities such as data centers, labs, commercial high rise properties, higher education institutions, schools, federal government buildings, military installations, and healthcare institutions, we have a deep understanding of operational cyber security and the risks.