Location
- Asia Pacific
  
  Australia - English
  
  China - Chinese
  
  India - English
  
  New Zealand - English
- Europe
  
  Czech Republic - English
  
  Denmark - English
  
  France - French
  
  Germany - German
  
  Italy - Italian
  
  Netherlands - Dutch
  
  Norway - English
  
  Poland - English
  
  Romania - English
  
  Spain - Spanish
  
  Sweden - English
  
  United Kingdom - English
- Middle East
  
  Egypt - English
  
  Saudi Arabia - English
  
  United Arab Emirates - English
- North America
  
  United States - English
|
Contact
|

Currency:

Localize your Content

You can set your preferred currency for this account.

Choose a Currency
Currency
CHOOSE YOUR CURRENCY
Update Currency

Changing Currency will cause your current cart to be deleted. Click OK to proceed.

To Keep your current cart, click CLOSE and then save your cart before changing currency.

- Sign InSIGN IN TO ACCOUNT
  
  Close Side Navigation
  
  Back
  
  Create an Account
  
  My Legacy Account
  
  Sign in to MyBuildings
- Close Side Navigation
  
  Account
  
  My Account
  
  My Profile
  
  My Orders
  
  My Returns
  
  Invoices
  
  My Quotes
  
  Saved Carts
  
  My Contracts
  
  Case History
  
  Work Order History
  
  My Legacy Account
  
  SIGN OUT
Bulk Order

Here’s how your building can meet the updated NIS 2 cybersecurity directive

Modern buildings are increasingly reliant on networked systems and digital technologies. While this brings more efficient operations, it may also introduce vulnerability to disruptive cyberattacks.

Although not every attack makes headlines, they do occur—and are likely to increase in the future. This is particularly concerning given that a staggering 74% of buildings [i] today are unprepared for a cyberattack.

In the past, attacks were less of a threat because building Operational Technology (OT) systems (HVAC, building management systems, security systems, fire and life safety solutions) mainly operated in isolated, air-gapped silos not connected to the internet. Today’s increasingly intelligent facilities require greater connectivity to deliver the outcomes expected by owners. Hackers are aware of this shift. They understand that increased connectedness introduces new vulnerabilities and are quick to exploit any openings they find.

Aiming to address this weakness, the European Commission developed the NIS Directive [ii] in 2016 that aims to improve the security of the European Union’s (EU) information systems. The EU updated its cybersecurity legislation with the NIS 2 Directive last year, which will become law in October 2024 and require many measures pertinent to building operators in the EU. NIS 2 specifically focuses on OT systems and the unique vulnerabilities of OT environments crucial to essential infrastructure sectors.

A cyber-defense plan is no longer optional

In a building, a cyber incident can have severe consequences, disrupting critical systems and potential putting lives at risk. NIS 2 addresses this threat by mandating that building managers perform comprehensive cybersecurity assessments that cover many aspects of their infrastructure.

NIS 2 takes effect in October, but proactive building managers can get a jump on it today. Before conducting a complete cybersecurity assessment, they should put a plan in place that includes containment measures to prevent the spread of an attack, processes for assessing the extent of any damage, and protocols for system restoration.

It might seem overwhelming, but tackling it step by step can make it more manageable. Building managers should start by creating a basic cybersecurity framework tailored to their property’s infrastructure. The framework should include an inventory of critical building systems like HVAC controls, access management systems, lifts and smart building features as these systems can all be potential entry points for bad actors. The framework should also include an immediate incident-response plan that outlines steps to take if a cyber incident occurs to help limit disruption to building operations and potentially reduce threats.

Once the basic cybersecurity framework is in place, building managers should proceed to thoroughly inventory and classify all assets on the network and then run vulnerability scans and threat analyses specific to OT systems. This includes mapping out all digital touchpoints, understanding how they interact and identifying potential weaknesses. Based on this analysis, managers can then develop comprehensive security policies. These policies might include regular software updates, strict access controls and protocols for integrating new technologies into the existing system.

The human element is also critical

New cybersecurity guidelines like NIS 2 reflect a growing recognition of OT systems as potential vulnerabilities given both the the widening attack surface in buildings and increasing sophistication of attacks. For example, attackers often exploit compromised OT systems as entry points to infiltrate broader IT networks. In some cases, hackers use the comprised accounts of third-party vendors to launch an attack. This underscores the importance for building managers to implement integrated security strategies for both OT and IT systems, alongside stringent access controls.

It also highlights the need for basic cyber hygiene and training for staff on best practices and company-specific security protocols to foster a culture of awareness. In the context of buildings and NIS 2, implementing basic cyber hygiene and staff training is a critical component of security of modern building management systems.

For building operators, this means developing a comprehensive training program tailored to the unique aspects of the building’s operations. This includes educating staff on cybersecurity risks focusing on best practices for securely operating building systems, recognizing potential threats and understanding the implications of a security breach in the building environment.

NIS 2 emphasizes the importance of creating a culture of cybersecurity awareness across the organization. In a building management context, make sure all staff, from facility managers to maintenance personnel, understand their role in maintaining their building’s cyber defenses. This could involve training on proper password management for building control systems, regular refresher courses and updates on emerging threats specific to building systems and understanding the potential consequences of unauthorized access to building networks.

Ultimately, this focus on cyber hygiene and staff training helps buildings remain secure, operational and compliant with NIS 2 regulations, safeguarding both the physical infrastructure and the data of building occupants.

Honeywell helps protect OT environments against cyber threats

NIS 2 presents a considerable challenge to building managers, most of whom already have a to-do list that’s meters long. Honeywell Forge Cybersecurity+ for Buildings | Cyber Insights can help. It is designed to guide customers in directly mapping their compliance with the new NIS 2 regulations. The vendor-agnostic solution helps enable building operators to identify threats, anomalous behavior and vulnerabilities to assist managing and minimizing cybersecurity risks.

Unlike many traditional security-information solutions designed for IT networks, Cyber Insights is purpose-built for an OT environment. The solution is designed to detect, analyze and respond to cyber threats in near real time without the need for immediate human intervention. This approach is particularly relevant given the increasing complexity of building systems and the rapid pace at which cyber threats are now evolving.

To learn more about the latest NIS 2 Directive, download our whitepaper here. To learn more about how Honeywell Cyber Insights can help building operators gain real-time visibility into threats and improve their overall security posture, connect with a Honeywell expert today.

^[i] Security Infowatch.com, Blueprints for disaster? Protecting information in the construction industry [Accessed July 23, 2024]

^[ii] European Commission, Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) [Accessed July 23, 2024]