We Need to Stop Overlooking Cyberthreats to Operational Technology

By Mirel Sehic, Global Director of Cybersecurity, Honeywell Building Technologies

Smart buildings are getting smarter. Connected devices are proliferating rapidly throughout buildings as an enterprise-wide view of building control systems is essential to drive productivity, operational efficiency and improved response time to events.

As building connectivity and intelligence grows, buildings are getting harder to protect – not just from physical threats but cyber threats as well. You cannot simply disconnect systems, such as HVAC, power management, lighting and fire protection from the Internet – connectivity is core to their functionality. Vulnerabilities can give cybercriminals a foot in the door to your facilities and more.

Conversations about cybersecurity still primarily focus on information technology systems and safeguarding data and assets. Operational technology (OT) systems in facilities are often overlooked, but they are just as critical to your company’s security, processes, data, reputation and even employee safety. Imagine a ransomware attack on a hospital’s OT system where staff are locked out of their computers and unable to access patient files, dispense medication or even admit patients.

The impact of cyber incidents can go beyond mere financial loss; operational and reputational damage can be equally devastating if not more so. By understanding the cybersecurity risks surrounding building OT systems, facility managers can better position themselves to make smart buying decisions, implement targeted OT security controls and maintain heightened cyber resilience across OT environments.

Survey Reveals OT Cyber Awareness and Pain Points
Honeywell Building Technologies recently conducted a survey of facility managers to better understand OT cybersecurity challenges, concerns and priorities. Participants were in the United States, Germany and China and worked across four sectors – education, healthcare, data centers and commercial real estate.

The survey results across countries and sectors found that 27% of respondents have experienced a cyber breach of their OT systems in the last 12 months. Notably, 33% of surveyed education facility managers reported such an incident – seven percentage points higher than respondents in the data center sector, who reported the next highest incidence (26%).

More than 7 in 10 (71%) of surveyed facility managers consider OT cybersecurity either a “concern” or “worry.” Those working in data centers expressed the highest level of concern, at 74%. Among the three countries, 74% of surveyed U.S. facility managers agree that OT cybersecurity is a concern – just higher than Chinese (72%) and German (67%) respondents.

Alarmingly, less than half (44%) of respondents across all sectors currently have a cybersecurity system in place to protect their OT systems from potential threats. Data center respondents lead the sectors in terms of preparedness, with 51% having implemented a solution, while healthcare facilities trail the other sectors with a surprisingly low adoption rate (39%). U.S. facilities lead the surveyed countries, with 48% of respondents reporting they have an OT cybersecurity solution. The low overall numbers for “current solution in place” may correlate with the fact that 66% of surveyed facility managers say it is difficult to manage OT cybersecurity in general.

OT Cybersecurity: A Look Forward

While the rise of the Internet of Things (IoT) and Industrial Internet of Things (IIoT) create new benefits for organizations, they also are adding complexity to modern systems. More complexity means more risk. As the survey results show, smart building technologies can be a weak point in corporate defenses, providing cyber criminals with a backdoor into targets.  

In an increasingly connected world, it’s easy to imagine bad actors lurking behind every keyboard, waiting for an opportunity to strike. In envisioning the potential threats, companies must not lose sight of the benefits of smart building technologies and the positive impact they have on the occupant experience. Embracing smart building technologies and protecting your organization from cyber threats is not a binary choice – in fact, your company can have both.

  For a deeper dive into cybersecurity issues for OT and the survey results, click here.