The benefits of implementing smart technology in our buildings is increasingly attractive to commercial real estate (CRE) owners, but the cybersecurity concerns associated with OT deployments have never been higher, as the ability to isolate OT systems becomes increasingly difficult in the built environment.
Traditional OT systems present a number of cybersecurity concerns, including equipment with long life cycles, unpatched software, misconfiguration, missing/poor encryption, and weak credentials just to name a few.
In order to mitigate new risks to OT, CRE owners will need to deploy a combination of traditional IT cybersecurity products and services, along with tailored OT-specific cybersecurity solutions. The implementation of these best practices and tools should follow an “OT Cyber Maturity Model” and be managed by an internal “OT Cyber Governance Team”.
Following an “OT Cyber Maturity Model” is a great way for CRE organizations to build an internal OT team and alignment begins with a comprehensive cybersecurity strategy that considers the entire security lifecycle, beginning at the device level and a dedicated OT team is a step in the right direction.
The OT Cyber Security Model below presents a step by step approach to cyber maturity, with each step being a separate initiative.
This model gives Commercial Real Estate (CRE) owners an alternative plan to the Cybersecurity Capability Maturity Model (C2M2) sponsored by the United States Department of Energy (DOE), the Electricity Subsector Coordinating Council (ESCC), and the Oil and Natural Gas Subsector Coordinating Council (ONG SCC), which focuses on IT and Industrial OT.
The Real Estate Cyber Consortium (RECC) is continuing to take steps towards creating “Cyber Harmony” in our industry one stakeholder at a time. Why re-invent the wheel? The RECC provides a forum for collaboration on cyber security in the built environment.
Help us increase our collective voice on the supply chain and become a member today!
