Page 27 - RC19 RealcommEDGE 2019 Fall Issue
P. 27
compliance must be reasonable and manageable given
the deeply embedded cultural realities of building sys-
tems contractors—or it will risk rebellion and failure.
A VRM solution must have a customer-empowering,
customer-owned approach and this approach must
survive contractor turnover and rise above the
inconsistencies caused by the fragmentation of
service providers. VRM is a top-down solution that
is pushed throughout all regions, buildings, systems
and contractors. This will be manifested in new policy
requirements, service contracts and organization-wide
process and controls. The process and controls will
eventually mimic formal IT process and controls such as
SOC2 (Service Organization Control).
So, the next time you say you need to address
cybersecurity for your building portfolio you might
consider saying what you really need is a VRM strategy
that includes cybersecurity.
About the Authors: Tom Shircliff and Rob Murchison are
co-founders of Intelligent Buildings, a nationally recognized smart
It is true that there is a big problem with secure, remote building consulting and services company that leads the industry
access for control systems and this must be addressed; but in OT cybersecurity and vendor risk management solutions for
there are many different, well-established ways to address projects and portfolios at scale.
that technically. Notwithstanding that fact, nearly all of those
IT solution providers do not understand the technology or
the culture of the building systems world—leaving the poten-
tial for a misused or underused solution for remote access.
Still the question remains: “What can go wrong if I estab-
lish secure, remote access?” Putting aside for a moment
whether or not all contractors will adhere to the remote
access procedures, the answer is most things that go
wrong today in building systems are not related to the
proverbial hacking. The cause of approximately 80% of all
cyber-related incidents is human behavior (www.itgover-
nance.co.uk). Hence, the number one cause of disruption in
building systems is ransomware, followed by outdated soft-
ware or firmware and then a variety of site-related problems
caused by poor system configuration.We know multiple real
estate organizations that have never been hacked but have
been completely shut down by these other VRM issues.
Additionally, a related and very common behavioral issue
is that there are no current backups to restore with; and all
backups from all systems are never in the same, validated
place that lasts through contractor turnover. • Smart Building Uses Cases
• Cybersecurity Site Assessments
With or without a remote access solution, if each system • Vendor Risk Management
has its own password complexity, proper configuration
and recent backups they can survive a malicious attack C ONSULTING ON OVER BILLION IN NEW DEVEL OPMENT
CUS TOMERS WITH OVER BILLION SQU ARE FEET
or sloppy mistakes. This is the essence of VRM—having
a proper inventory, policy and policy compliance process 704.759.2700 | Learn more atintelligentbuildings.com
for all systems and contractors. The policy and policy
25
31-IB-RealComm MagFALL Ad_3.625x5_r1.indd 2 9/11/19 2:41 PM
