Every site visit creates risk conditions for community spread and must be screened and mitigated by property management. As a result, building owners and managers agree that contractors should access building systems remotely when they can, but that onsite work is required to properly maintain building assets. This includes maintaining safe potable and mechanical water conditions, managing humidity and mold conditions, monitoring temperature and air quality, including particulate matter and carbon monoxide as well as equipment cycling and other management issues.
The International Facility Managers Association (IFMA) stated that “Facility management professionals are essential to keeping business and critical infrastructure facilities operational during the COVID-19 pandemic.” The Building Owners and Managers Association says that “continued operation during shutdowns is critical.” Additionally, a senior REIT executive recently stated: “Our contractors and integrators must keep going on site during this time so that buildings are not only maintained but stay safe in other ways including environmental, cybersecurity and physical life safety.”
At an individual contractor level, there should be awareness of the health-risk status of anyone entering a building, including contractors and maintenance staff. There are concerns regarding a lack of screening, restricted area requirements, and sanitization and cleaning of the area after completion of the service call.
Waterborne risks in both potable and process water are inconsistently monitored due to the fragmented contracting process across larger portfolios. This calls for a consistent way to measure for conditions that can lead to problems such as legionella and corrosion.
Air quality has long been an occupant priority ranging from carbon dioxide (CO2) levels for health and productive work environment, carbon monoxide (CO) for more immediate health risks, particulate matter (PM), and volatile organic compounds (VOC).
Previously, buildings focused more on limiting humidity for mold conditions, but now we know viruses are more easily transmitted to humans in low humidity environments. Humidification in commercial buildings is difficult, but that does not mean we cannot monitor and notify occupants of at-risk conditions.
Now, programmatic surface testing is being considered for building touchpoints, such as doors, desks, common area furniture, and many others, along with technology-verified cleaning procedures.
To further complicate the problem, traditional IT and IoT companies, solutions, and professionals lack the technical knowledge and cultural awareness of building OT systems.
Many IT firms have attempted to provide smart building solutions and services related to controls systems and have failed (with the exception of traditional back-office software, such as work order management and asset management, along with some high-level database, data lake and analytics solutions that are generally disconnected from the front-line building systems). As a result, IT companies are virtually non-existent in the building controls OT cybersecurity world.
Since the 1980s, the building control systems manufacturers such as Johnson Controls, Honeywell, Siemens, Schneider, Otis, Lutron, and others have been designing their operational technology (OT) systems to work on and depend on computer servers, operating systems, protocols, local area networking (LAN), and remote Internet access along with other information technology (IT) attributes.
However, those responsible for designing, installing, and maintaining them for the past 40 years, such as architects, engineers, contractors, facility managers, property managers, and asset managers have neither IT nor cybersecurity skills. Thus, the systemic risk is that the entire building control systems value chain does not have IT skill sets. Therefore, the size of the risk and the opportunity is immense because this is a legacy building stock problem and not a modern, so-called smart building problem.
Since the 1980s, the building control systems manufacturers such as Johnson Controls, Honeywell, Siemens, Schneider, Otis, Lutron and others have been designing their operational technology (OT) systems to work on and depend on computer servers, operating systems, protocols, local area networking (LAN) and remote Internet access along with other information technology (IT) attributes.
“…the systemic risk is that the entire building control systems value chain does not have IT skill sets.”
OT Cybersecurity Whitepaper
To further complicate the problem, traditional IT and IoT companies, solutions and professionals lack the technical knowledge and cultural awareness of building OT systems.