The ransomware attack on the Colonial Pipeline this week certainly caused its share of headaches and aggravation. And while managing a thousands-mile pipeline is a bit different than managing a thousands-square-foot facility, the attack on the pipeline holds some important lessons for facility managers considering cybersecurity in their buildings.
Most importantly, it’s another stark reminder that FMs must work with IT to stay diligent about cybersecurity and to have a plan in place for a cyberattack, whether building systems are directly affected or not. You probably don’t need to be reminded by now that the Target hack in 2013 was a direct result of poor password management and a vulnerable BAS.
Last year, two ransomware attacks that didn’t get nearly the press the Colonial Pipeline attack did directly affect facilities. At Universal Health Systems in Pennsylvania, a chain that operates 400 facilities, cyber criminals allegedly used a phishing attack to take control of certain IoT devices and hold some of the organization's data and computers hostage. Another attack at Danish facilities management firm ISS, which has more than 500,000 employees worldwide, caused the organization to go partially dark for more than a month in early 202. ISS ultimately had to spend between $45 and $75 million to restore its systems.
A FacilitiesNet article also describes five real-world cyberattacks that also directly affected facilities. The piece also explains some best practices for FMs to help prevent these nefarious incursions. The first and probably most important strategy is not to wait until an attack to work closely with IT on facility cybersecurity. Seems like common sense, of course, but in the day-to-day rush of FM, cybersecurity is one of those things that can get left behind. But as buildings are smarter and increasingly relying on IoT connection these days, cybersecurity must take on increasing priority.
This post was submitted by Greg Zimmerman, deputy editor, Building Operating Management and FacilitiesNet.com.
