6 Steps for Cybersecurity Competence

12/12/2023

While it is important that facility managers understand the basics of their technology systems, they don’t need to be experts in IT or cybersecurity. However, they do need to understand their systems bring vulnerabilities and take practical steps to enhance cybersecurity.  

Here are six steps facility managers can take: 

1. Collaboration with IT Professionals: Foster collaboration and communication between building personnel and IT professionals to ensure a holistic approach to cybersecurity. Both groups play critical roles in building security, and their synergy is essential. 
2. Access Control Measures: Implement robust access control measures to prevent unauthorized physical and digital access to sensitive areas. This includes securing remote access and contractor access. 
3. Risk Assessment: Perform regular assessments to identify the top threats and vulnerabilities. 
4. Continuous Monitoring: Implement continuous monitoring of building systems, networks, and security measures. This allows for the early detection of potential cyber threats and vulnerabilities. 
5. Incident Response Plans: Work with IT to develop and regularly update incident response plans that outline the steps to be taken in the event of a cybersecurity incident related to building technology systems. Coordinate with IT and ensure that all building personnel are familiar with these plans. 
6. Training: Include training on facilities-related cybersecurity competencies in your workforce development programs. Conduct regular cybersecurity drills and exercises to test the preparedness of building personnel. These simulations can help identify weaknesses and improve incident response. 

Enhancing the facility manager workforce competence in cybersecurity is critically important to protecting the organization. Luckily, there are resources to help managers figure out what they need to know and what training programs fit best. One resource is the Federal Buildings Personnel Training Act (FBPTA). The FBPTA is a federal law enacted in 2010 that requires all federal personnel providing building operations and maintenance services to demonstrate competencies necessary to effectively operate government facilities. The law was passed with the understanding that if we consistently train those who run buildings, the buildings will perform better and the federal government will save money. A major component of the law was the continual updating of the competency model to allow for adapting to workforce trends.  

In 2016, cybersecurity competencies were added to the competency model. This is a great resource to understand what about cybersecurity the FM workforce needs to know and where to find relevant training. The competencies focus on Cybersecurity in Facility Management and Building O&M and Cybersecurity in Design and Acquisition.   

Facility management and building personnel, in their various roles, are essential in maintaining the cybersecurity of these facilities. By aligning them with the necessary training and resources, the FBPTA empowers them to serve as a critical line of defense against cyber threats.  

As facility management and building technology continue to advance, the importance of cybersecurity in these domains cannot be overstated. HVAC and building automation systems are essential components of modern facilities, and their proper functioning is critical for operational efficiency and occupant comfort. Protecting these systems from cyber threats is not just a matter of technology; it's a matter of safeguarding the entire organization.  

Facility managers should utilize the resources available to them, including the internal IT organization, to learn more about how to protect the organization from cybersecurity threats. In today's interconnected world, cybersecurity competence is not an option but a necessity for building technology professionals. 

Maureen Roskoski is vice president for FEA with 28 years of experience in strategic planning, resilience planning, and workforce development consulting. Maureen is an expert in ISO management systems standards, including the ISO 55000 series on asset management and the 41000 series on facilities management, and a member U.S. Technical Advisory Group to ISO/TC 267 Facility Management. She supports clients with continuity of operations planning (COOP), organizational assessments, FM technology process improvement, sustainability, and resilience planning.