Problems

We are in a totally new risk environment for building owners, managers, and building system contractors who are at the heart of the matter and on the front lines of all facilities. Owners and managers have historically not had a comprehensive risk policy that spans all systems and contractors. In today’s environment, neither the new conditions nor the historical risk areas can be ignored, including public health, building systems cybersecurity, and contractors and staff phishing.

Public Health

Every site visit creates risk conditions for community spread and must be screened and mitigated by property management. As a result, building owners and managers agree that contractors should access building systems remotely when they can, but that onsite work is required to properly maintain building assets. This includes maintaining safe potable and mechanical water conditions, managing humidity and mold conditions, monitoring temperature and air quality, including particulate matter and carbon monoxide as well as equipment cycling and other management issues.

[More...]

The International Facility Managers Association (IFMA) stated that “Facility management professionals are essential to keeping business and critical infrastructure facilities operational during the COVID-19 pandemic.” The Building Owners and Managers Association says that “continued operation during shutdowns is critical.” Additionally, a senior REIT executive recently stated: “Our contractors and integrators must keep going on site during this time so that buildings are not only maintained but stay safe in other ways including environmental, cybersecurity and physical life safety.”

At an individual contractor level, there should be awareness of the health-risk status of anyone entering a building, including contractors and maintenance staff. There are concerns regarding a lack of screening, restricted area requirements, and sanitization and cleaning of the area after completion of the service call.

Environmental

Environmental conditions in buildings have always been important but now have heightened awareness, as virus transmission conditions have reminded us about many other important measurements in air, water, and surface conditions in the built environment.

[More...]

Waterborne risks in both potable and process water are inconsistently monitored due to the fragmented contracting process across larger portfolios. This calls for a consistent way to measure for conditions that can lead to problems such as legionella and corrosion.

Air quality has long been an occupant priority ranging from carbon dioxide (CO2) levels for health and productive work environment, carbon monoxide (CO) for more immediate health risks, particulate matter (PM), and volatile organic compounds (VOC).

Previously, buildings focused more on limiting humidity for mold conditions, but now we know viruses are more easily transmitted to humans in low humidity environments. Humidification in commercial buildings is difficult, but that does not mean we cannot monitor and notify occupants of at-risk conditions.

Now, programmatic surface testing is being considered for building touchpoints, such as doors, desks, common area furniture, and many others, along with technology-verified cleaning procedures.

Contractor Phishing

Exploitation of the coronavirus pandemic actively includes contractor-specific phishing attacks, which are up substantially and require a campaign and automated training for all contractor staff with access to building systems. Contractor-specific phishing attacks have been a problem preceding the coronavirus exploitation and should be taken seriously.

Building Systems

Increased remote access has put stress on already poorly configured building controls systems, including passwords, user credentials, software revisions, backups, and suspect remote access procedures and equipment. While rogue networks may be unacceptable, poorly configured systems on owner networks put the entire organization at risk. However, this is not a new problem, only accentuated by the societal emphasis on remote work and teleworking.

[More...]

To further complicate the problem, traditional IT and IoT companies, solutions, and professionals lack the technical knowledge and cultural awareness of building OT systems.
Many IT firms have attempted to provide smart building solutions and services related to controls systems and have failed (with the exception of traditional back-office software, such as work order management and asset management, along with some high-level database, data lake and analytics solutions that are generally disconnected from the front-line building systems). As a result, IT companies are virtually non-existent in the building controls OT cybersecurity world.

Since the 1980s, the building control systems manufacturers such as Johnson Controls, Honeywell, Siemens, Schneider, Otis, Lutron, and others have been designing their operational technology (OT) systems to work on and depend on computer servers, operating systems, protocols, local area networking (LAN), and remote Internet access along with other information technology (IT) attributes.

However, those responsible for designing, installing, and maintaining them for the past 40 years, such as architects, engineers, contractors, facility managers, property managers, and asset managers have neither IT nor cybersecurity skills. Thus, the systemic risk is that the entire building control systems value chain does not have IT skill sets. Therefore, the size of the risk and the opportunity is immense because this is a legacy building stock problem and not a modern, so-called smart building problem.

Since the 1980s, the building control systems manufacturers such as Johnson Controls, Honeywell, Siemens, Schneider, Otis, Lutron and others have been designing their operational technology (OT) systems to work on and depend on computer servers, operating systems, protocols, local area networking (LAN) and remote Internet access along with other information technology (IT) attributes.

[More...]

However, those responsible for designing, installing and maintaining them for the past 40 years such as architects, engineers, contractors, facility managers, property managers, and asset managers have neither IT nor cybersecurity skills. Thus, the systemic risk is that the entire building control systems value chain does not have IT skill sets. Therefore, the size of the risk and the opportunity is immense because this is a legacy building stock problem and not a modern, so-called smart building problem.

“…the systemic risk is that the entire building control systems value chain does not have IT skill sets.”

;

OT Cybersecurity Whitepaper

To further complicate the problem, traditional IT and IoT companies, solutions and professionals lack the technical knowledge and cultural awareness of building OT systems.

[More...]

Many IT firms have attempted to provide smart building solutions and services related to controls systems and have failed with the exception of traditional back-office software such as work order management and asset management, along with some high-level data base, data lake and analytics solutions that are generally disconnected from the front-line building systems. As a result, IT companies are virtually non-existent in the building controls OT cybersecurity world.

“…traditional IT and IoT companies, solutions and professionals lack the technical knowledge and cultural awareness of building OT systems.”

This is where Totem steps in to bridge the gap between OT and IT and automate cybersecurity oversight of multiple OT building systems. This allows owners and managers to have confidence that even with the fragmentation and turnover in the facility environment, there is consistency in the inventory, set up, profiles, and backup of their systems across the entire portfolio.

» Learn more about the Totem Solution

The Totem Solution - Bridge the gap between OT and IT

Ready to Make Your Building a Totem Building?

Request a Demo