With the increasing prevalence of smart building solutions comes increased cybersecurity vulnerability, JLL, Red Bison Technology Group and Fortinet say in a new white paper. “As we technologically enable our buildings, we are also making them more hackable,” said Jason Lund, managing director of JLL’s property management technology division.  

“We can’t leave behind the tremendous benefits of technology in buildings for the environment, cost efficiencies, safety and other uses so we must actively pursue a parallel strategy of ensuring cybersecurity even as we enable our buildings,” he continued. 

The white paper identifies several risks associated with implementing modern intelligent building systems. These risks include:  

• Lack of end-to-end network and cybersecurity monitoring and visibility  

• Multiple, disparate internet connections installed throughout the building with no centralized control  

• Poor network and device patch management practices

• Insecure remote access technologies and processes  

“Commercial property owners, that JLL works on behalf of, seek to eliminate as many of these risks as possible,” the white paper states. “The reasons for this are twofold. First, JLL paid close attention to recent high-profile hacking cases within enterprise organizations and wished to protect their clients against the growing threat of data loss and theft for their clients and tenants within the buildings they manage.”  

Second, existing intelligent building solutions constitute an area “where risk is difficult—if not impossible—to quantify. Most were designed and deployed to solve a single problem inside or outside a facility. However, this created a situation where disparate systems, networks and remote access connectivity were deployed without the appropriate management processes and monitoring that is required to properly protect digital assets and data from cyber criminals.  

“Because of the lack of visibility and control, building owners can never fully understand the extent of their existing technology vulnerabilities. Thus, it makes sense that many have grown hesitant when it comes to integrating new technologies into their buildings as it will only further expand their liability risk.” 

To help put the magnitude of that vulnerability into a broader context, a separate study from CyberCube, AM Best and Aon found that sufficient cyber risk is accumulating in the U.S. commercial property insurance market to trigger a one-in-100-year loss of $12.5 billion. Such a loss would be enough to cause a downward transition of the Best’s Capital Adequacy Ratio for 18 U.S. property carriers. 

At the property level, taking a more unified approach would help to mitigate that risk.  “A move toward a centralized or converged network as a ‘backbone’ for technology infrastructure within buildings allows building owners to monitor all systems at once with end-to-end visibility and allows for quicker identification and resolution of cybersecurity breaches,” said Lynn Martin, CEO of Red Bison.