Weekly Briefing

article sponsor image

Real Estate Cyber Consortium (RECC): Creating a Path to Cyber Harmony – Challenging CRE’s Supply Chain

4 min read
listen to article Listen to this article

The origins of Real Estate Cyber Consortium (RECC) date back to June 23rd, 2016 when a very informal, very private meeting of concerned leaders met at Realcomm 2016 in San Jose. The conversation coalesced a sense of urgency of the rising cyber threats to commercial real estate. The term Operational Technology (OT) was just being introduced as part of the vernacular.

In early 2017, the RECC was formally established at a meeting in Chicago as an industry group to elevate security industry standards, influence the supply chain and share best practices. The Cyber Forum at Realcomm has become the group’s platform for continually advancing the conversation and shared cyber journey that we are all on. In early 2022, RECC was officially incorporated as a not-for-profit industry organization and continues to be a leading force in driving cyber security standards for the built environment.

RECC represents over 45 leading organizations that are responsible for over 12.5 billion square feet of commercial and industrial property management operations worldwide and generate annual revenues of over $280 Billion. Participants range from CIOs, CTOs, CISOs to cyber ‘OT’ leads. To attract an even more diverse group of ‘OT’ stakeholders to the conversation and further drive change, we modified our membership levels in 2023.

Our Leadership Board meets virtually monthly where thought leaders and guest speakers share insight on best practices, distrust trends, policies, and procedures across commercial real estate owners, operators, and solution providers. These calls also feature presentations from industry leaders on topics relevant to threats, products and solutions that help our members protect and manage their built environments. Some of the hot topics swirling around our membership are network monitoring tools, risk frameworks, incident response plans, integrating cyber into new construction and cyber commissioning to name a few.

Our members gather for an in-person meeting over two days every spring. In March, the meeting in Austin, Texas was filled with content from our members and other industry leaders all relating to the various cyber challenges that commercial real estate (CRE) owners face on a daily basis. One of the hot topics for both days was the effect that OT has had on how CRE owners approach managing and securing their built environments. After listening to the challenges that CRE owners face with OT deployments and the potential vulnerabilities that they present, the first thing that came to my mind was that we as an industry need Cyber Harmony. The playbook for IT cybersecurity has been established and is still evolving. I believe that we are still in the discovery phase with developing the playbook for CRE OT.

So, what is Cyber Harmony? I would define Cyber Harmony as being a well-orchestrated collaboration between the multiple project stakeholders within the CRE IT and OT industries. This collaboration would result in the development of best practices, owner project requirements (OPR), specifications and commissioning processes that are adopted by organizations in the OT space such as ASHRAE, the Construction Specification Institute (CSI), Building Commissioning Association (BCA), AABC Commissioning Group (ACG). These best practices, specifications and procedures should then be implemented by the systems integrators who are responsible for OT deployments in the CRE built environment.

Understanding what needs to be done for our industry to achieve cyber harmony is not an easy task and will require thought leaders from multiple disciplines within our industry to come together and strategically attack this issue together. To put this into perspective, we need CRE owners, AE firms, General Contractors, Construction Managers, Mechanical Contractors, OT Manufacturers, Electrical Contractors, System Integrators and Commissioning Agents all to first understand the importance of cyber awareness and to also understand their roles and responsibilities in ensuring that the process of implementing the OPR into the construction process. The entire effort must start with the primary project stakeholder, which is the CRE owner. CRE owners must bridge the gap between their facilities and their IT departments. One of the results of bridging that gap should be the implementation of an internal OT Team that’s capable of coordinating with their facilities department and developing a set of owner's project requirements (OPR) that lay out the roles and responsibilities of the systems integrators as it relates to cyber and deploying OT. The internal OT Team should be comprised of both technical and business individuals who are capable of tracking and enforcing the OPR from implementation into the construction documents all the way through the commissioning process.

Although we are in the early stages of developing our CRE OT playbook, major steps are being taken on the technology side. ASHRAE has taken a step in developing a more cyber secure protocol with BACnet Secure Connect and solution providers are creating network monitoring tools specifically for the BMS and OT environment. These innovations are being adopted abet a slow rate. The RECC is in the process of creating the road map for others in the industry to follow and is calling out to other industry leaders and organizations to join us in creating Cyber Harmony.

Why re-invent the wheel? The RECC provides the industry forum for collaboration on cyber security in the built environment. To increase the impact of our collective voice on the supply chain and join others on the cyber journey, become a member today!

Greg Fitzpatrick, Executive Director, RECC & Business Development Leader, Cochrane Supply
Greg Fitzpatrick is the Business Development Leader for IoT and Integration at Cochrane Supply and Engineering, where he supports end users, consulting engineers and systems integrators in the area of IoT, Integration and Enterprise Software. With over 25 years in the Building Systems and Controls business, he helps clients match new technology for Smart Buildings through specification writing, technology presentations and design assistance. Greg is also Executive Director for the Real Estate Cyber Consortium (RECC) focused on promoting cyber security awareness for operational technology.

This Week’s Sponsor

Embracing open software/hardware platforms, Lynxspring develops, manufactures, and distributes edge-to-enterprise solutions creating smarter, sustainable buildings, better energy management systems, equipment control and specialty machine-to-machine and IoT applications. Lynxspring technologies simplify connectivity, integration, interoperability, data access and normalization and analytics from the edge to the enterprise. The company’s solutions are commercially deployed in millions of square feet in the United States and internationally. www.lynxspring.com