/content/hbtbt/ae/en/search-results.html

    Why cybersecurity is now table stakes for building operators

    Buildings may not be the first thing that comes to mind when you think about cybercrimes. Yet, a staggering 74% of buildings[i] are unprepared for a cyberattack. Hackers are aware of this potential vulnerability and are targeting any and every type of building, from hotels and hospitals to offices and concert arenas.

    In the past, buildings primarily operated with isolated, air-gapped operational technology (OT) systems that were not connected to the internet. Today’s increasingly intelligent facilities require greater connectivity to deliver the advantages of a fully digital experience. This increased connectedness can also bring potential vulnerability.

    Consider a recent cyberattack on a leading operator of hotel casinos[ii]. The brazen attack wreaked havoc on slot machines, ATMs, digital key cards and electronic payment systems, ultimately causing the casino $100 million in damages. As buildings become smarter and more connected, it is critical that cybersecurity measures keep pace to protect against the growing threat and sophistication of cyberattacks.

    Understand a building’s asset inventory

    Gaining visibility into all assets on their network is one of the most significant challenges for building operators. In order to defend what a building possesses, it is essential to first understand which assets are in possession. The reality is that many building operators are unable to accurately identify the hundreds or even thousands of assets on their network, whether it’s security cameras, HVAC systems, smoke detectors, access card readers or fire alarm control panels.

    Most of these assets now have IP connections making it essential to have a precise understanding of building assets, providing operations teams better visibility into potential threats and vulnerabilities. If bad actors gain access to these assets, they can cripple a building’s ability to function effectively.

    Honeywell Forge Cybersecurity+ for Buildings | Cyber Insights is a software solution designed to help building operators access cybersecurity data in one application and provide near real-time visibility into their overall security posture. Unlike many traditional security information solutions that are designed for IT networks, Cyber Insights is purpose-built for an OT environment.

    The vendor-agnostic solution helps enable building operators to identify threats, anomalous behavior and vulnerabilities to assist building managers in reducing and managing cybersecurity risks at individual sites. For instance, if an unauthorized system is trying to communicate with a building asset such as a security camera, Cyber Insights is designed to raise flags and send alerts about the potential threat. As a result, building operators can be in a much stronger position to improve security and decrease the risks of disruption.

    Monitor for compliance

    Deploying the right security measures is also important from a compliance perspective. There are now industry standards and regional government regulations[iii] that can hold executives and board members personally responsible under certain situations if appropriate cybersecurity measures are not implemented within their organizations. This means that increased regulatory requirements will necessitate a strong relationship between cybersecurity leaders, the C-suite and board members.

    Honeywell Forge Cybersecurity+ for Buildings | Cyber Watch, a separate solution for use with Cyber Insights, is designed to help users get a more complete view of their OT cybersecurity posture and better manage their cyber risks across all operating sites. Aggregating data from multiple installations of Cyber Insights, Cyber Watch leverages this data to help provide a centralized, enterprise view into OT cyber threats. It also features a dashboard designed to help building operators actively monitor all sites for compliance with organizational policies, industry standards and government regulations at any point in time.

    Three steps for stronger cybersecurity

    Building operators must prioritize cybersecurity to safeguard their assets, operations and occupants. Here are three steps building owners and operators can take to implement stronger cybersecurity measures.

    1: Develop an incident response plan. Consider the potential impact if the HVAC system in a hospital was targeted in a cyberattack. Such an event could potentially compromise patient care as healthcare facilities need to maintain specific temperature and humidity levels to prevent the spread of infections, control airborne pathogens and enable the proper functioning of medical equipment. With a well-structured incident response plan in place, building operators can enhance their ability to quickly restore operations in the event of unexpected disruptions or cyber threats targeting critical assets like elevators or HVAC systems. A robust plan enables buildings to more quickly recover from downtime, minimize potential risks and safeguard the well-being of occupants.

    2: Adopt specialized tools for OT cybersecurity. While cyber teams have gotten pretty good at securing IT systems, the truth is that OT cybersecurity is lagging behind because it requires specialized tools and knowledge. Building operators simply can’t use the tools available in the IT space to manage their OT environment. That’s why they need to adopt specialized OT cybersecurity solutions designed for their operational environments. It’s also important for OT and IT teams to learn to work together to deploy a more holistic approach to cybersecurity.

    3: Have a trusted partner. Engaging with experts who specialize in OT security can provide the necessary insights, tools and support to protect your infrastructure. A trusted partner can help navigate the complexities of OT environments, comply with industry standards, and provide rapid response in the event of a security incident.

    As a trusted solution provider and industry leader, Honeywell takes a holistic approach to OT cybersecurity helping building operators mitigate potential damage to their operations and reputation.

    Connect with a Honeywell expert today to learn how to better secure your building’s assets and improve overall resilience.

     


    [i] Security Infowatch.com, Blueprints for disaster? Protecting information in the construction industry [Accessed May 22, 2024]

    [ii] CNN, Casino giant MGM expects $100 million hit from hack that led to data breach [Accessed May 22, 2024]

    [iii] U.S. Securities and Exchange Commission, SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies [Accessed May 22, 2024]

    for