Page 51 - RC19 RealcommEDGE 2019 Fall Issue
P. 51
Original Equipment Integrator Service Facility/Property Support Services
Manufacturer (OEM) Provider Staff (IT, InfoSec, Legal,
(Product/Solution) (Installation) (Maintenance) (Property, Management, Risk/Compliance)
Engineering, Security, etc.)
Supply Chain/Sourcing
(RFPs, POs, Contracts)
Embedded Security Configure Security Patch & Firmware RFP/Contract Partner with Facility Teams
Management Standards & Providers
Integrator Standards &
Education Lifecycle Management Partnership with Service
Provider & IT
Certification
Access/Account
Management
to address industry-wide threats. Aiming at aligning the Unique aspects of OT building systems and devices
development, deployment and ongoing support of build- demand modified approaches to minimizing the risk for
ing technology solutions with a core set of security prin- the built environment.
ciples and standards, the Real Estate Cyber Consortium
was officially formed in July 2018. The IT Security for OT Systems working group takes
best practices in the real estate industry to provide
The 13 founding members of the consortium—organi- guidelines for: traditional IT staff who generally have
zations that own, operate and/or manage real estate, as little awareness of OT requirements; building operators,
well as Realcomm as supporting entity—formed the RECC who may lack experience with IT lifecycle management;
Leadership Board, which has since grown to include 19 and industry service and solution providers, whose prod-
companies. Leadership Board company representatives from uct and service offerings must be aligned with crucial
facility management and IT, as well as additional contribut- cybersecurity requirements.
ing real estate members join the efforts of the consortium.
The best practices are grouped into three categories:
The Leadership Board meets once a month to share insight • Technical (device-specific and system-wide)
on best practices, policies and procedures and discuss the considerations;
industry’s adoption of cybersecurity protocols. External • Policy and Process management reviews, and
cybersecurity experts from within and outside the industry Employee;
are invited as guest lecturers to provide briefings on secu- • Third-Party specific cybersecurity protocols.
rity related topics relevant to the built environment.
2. IT Security Assessment for OT Systems
Industry Cybersecurity Best Practices and Guidelines Effectively evaluating IT security in smart building tech-
Since the formation of the RECC, three working groups have nology solutions requires a comprehensive assessment
developed best practices and guidelines that were presented of vendor practices.
at the Cybersecurity Forum at Realcomm 2019 in Nashville:
The IT Security for OT Systems working group identified
1. IT Security for OT Systems elements of a vendor questionnaire based on industry
Many IT-focused cybersecurity frameworks don’t work best practices, covering the following categories:
for next generation building operational technology.
Continued on page 51
49
