Weekly Briefing

Real Estate Cyber Consortium (RECC): Creating a Path to Cyber Harmony – Challenging CRE’s Supply Chain

Listen to this article

The origins of Real Estate Cyber Consortium (RECC) date back to June 23rd, 2016 when a very informal, very private meeting of concerned leaders met at Realcomm 2016 in San Jose. The conversation coalesced a sense of urgency of the rising cyber threats to commercial real estate. The term Operational Technology (OT) was just being introduced as part of the vernacular.

In early 2017, the RECC was formally established at a meeting in Chicago as an industry group to elevate security industry standards, influence the supply chain and share best practices. The Cyber Forum at Realcomm has become the group’s platform for continually advancing the conversation and shared cyber journey that we are all on. In early 2022, RECC was officially incorporated as a not-for-profit industry organization and continues to be a leading force in driving cyber security standards for the built environment.

RECC represents over 45 leading organizations that are responsible for over 12.5 billion square feet of commercial and industrial property management operations worldwide and generate annual revenues of over $280 Billion. Participants range from CIOs, CTOs, CISOs to cyber ‘OT’ leads. To attract an even more diverse group of ‘OT’ stakeholders to the conversation and further drive change, we modified our membership levels in 2023.

Our Leadership Board meets virtually monthly where thought leaders and guest speakers share insight on best practices, distrust trends, policies, and procedures across commercial real estate owners, operators, and solution providers. These calls also feature presentations from industry leaders on topics relevant to threats, products and solutions that help our members protect and manage their built environments. Some of the hot topics swirling around our membership are network monitoring tools, risk frameworks, incident response plans, integrating cyber into new construction and cyber commissioning to name a few.

Our members gather for an in-person meeting over two days every spring. In March, the meeting in Austin, Texas was filled with content from our members and other industry leaders all relating to the various cyber challenges that commercial real estate (CRE) owners face on a daily basis. One of the hot topics for both days was the effect that OT has had on how CRE owners approach managing and securing their built environments. After listening to the challenges that CRE owners face with OT deployments and the potential vulnerabilities that they present, the first thing that came to my mind was that we as an industry need Cyber Harmony. The playbook for IT cybersecurity has been established and is still evolving. I believe that we are still in the discovery phase with developing the playbook for CRE OT.

So, what is Cyber Harmony? I would define Cyber Harmony as being a well-orchestrated collaboration between the multiple project stakeholders within the CRE IT and OT industries. This collaboration would result in the development of best practices, owner project requirements (OPR), specifications and commissioning processes that are adopted by organizations in the OT space such as ASHRAE, the Construction Specification Institute (CSI), Building Commissioning Association (BCA), AABC Commissioning Group (ACG). These best practices, specifications and procedures should then be implemented by the systems integrators who are responsible for OT deployments in the CRE built environment.

Understanding what needs to be done for our industry to achieve cyber harmony is not an easy task and will require thought leaders from multiple disciplines within our industry to come together and strategically attack this issue together. To put this into perspective, we need CRE owners, AE firms, General Contractors, Construction Managers, Mechanical Contractors, OT Manufacturers, Electrical Contractors, System Integrators and Commissioning Agents all to first understand the importance of cyber awareness and to also understand their roles and responsibilities in ensuring that the process of implementing the OPR into the construction process. The entire effort must start with the primary project stakeholder, which is the CRE owner. CRE owners must bridge the gap between their facilities and their IT departments. One of the results of bridging that gap should be the implementation of an internal OT Team that’s capable of coordinating with their facilities department and developing a set of owner's project requirements (OPR) that lay out the roles and responsibilities of the systems integrators as it relates to cyber and deploying OT. The internal OT Team should be comprised of both technical and business individuals who are capable of tracking and enforcing the OPR from implementation into the construction documents all the way through the commissioning process.

Although we are in the early stages of developing our CRE OT playbook, major steps are being taken on the technology side. ASHRAE has taken a step in developing a more cyber secure protocol with BACnet Secure Connect and solution providers are creating network monitoring tools specifically for the BMS and OT environment. These innovations are being adopted abet a slow rate. The RECC is in the process of creating the road map for others in the industry to follow and is calling out to other industry leaders and organizations to join us in creating Cyber Harmony.

Why re-invent the wheel? The RECC provides the industry forum for collaboration on cyber security in the built environment. To increase the impact of our collective voice on the supply chain and join others on the cyber journey, become a member today!

Greg Fitzpatrick, Executive Director, RECC & Business Development Leader, Cochrane Supply Greg Fitzpatrick is the Business Development Leader for IoT and Integration at Cochrane Supply and Engineering, where he supports end users, consulting engineers and systems integrators in the area of IoT, Integration and Enterprise Software. With over 25 years in the Building Systems and Controls business, he helps clients match new technology for Smart Buildings through specification writing, technology presentations and design assistance. Greg is also Executive Director for the Real Estate Cyber Consortium (RECC) focused on promoting cyber security awareness for operational technology.

Read Next

11/7/2024
Shadow IT: The Hidden Threat to Real Estate Companies In today's rapidly evolving technological landscape, the emergence of Shadow IT poses significant challenges for organizations, particularly in the commercial real estate sector.

10/31/2024
How Bridge Investment Group Cut Manual Data Entry and Improved Onsite Productivity In CRE, efficiency isn't just a goal; it's a necessity for survival. Leveraging technology as a means to cutting through operational drag and optimizing employee productivity has become a competitive imperative for success.

10/24/2024
Updated Enterprise Architecture Overview for Corporate Real Estate and Facilities: Are We Still Treading Water or Making Progress? Realcomm has released an updated version of its Corporate Real Estate and Facilities Information Management Systems Enterprise Architecture Overview infographic.

10/24/2024
Building LinkedIn’s Office of Tomorrow It’s a sunny summer’s day in Sunnyvale, and LinkedIn’s employees are getting ready for work. As they step out of their homes and head to LinkedIn’s redesigned campus, they know today’s work experience will be seamless, thanks to the cutting-edge technology that awaits them.