Cybersecurity Competence for Facility Managers
Maureen Roskoski writes about the 6 Steps for Cybersecurity Competence for facility managers in this article for FacilitiesNet.
In the realm of facility management, the imperative to bolster workforce competence in cybersecurity is paramount for safeguarding organizations against evolving threats. While facility managers need not be IT or cybersecurity experts, a fundamental understanding of the vulnerabilities within their technology systems is essential.
To fortify cybersecurity measures, facility managers can follow these six crucial steps:
1. Collaboration with IT Professionals: Encourage collaboration and communication between building personnel and IT professionals, fostering a holistic approach to cybersecurity. The synergy between these two groups is indispensable for comprehensive building security.
2. Access Control Measures: Implement robust access control measures to thwart unauthorized physical and digital access to sensitive areas. This encompasses securing remote and contractor access, fortifying the overall cybersecurity posture.
3. Risk Assessment: Conduct regular risk assessments to pinpoint top threats and vulnerabilities, providing a proactive strategy for mitigating potential risks.
4. Continuous Monitoring: Institute continuous monitoring of building systems, networks, and security measures to swiftly detect and respond to potential cyber threats and vulnerabilities.
5. Incident Response Plans: Collaborate with IT to develop and regularly update incident response plans, outlining precise steps to be taken in the event of a cybersecurity incident related to building technology systems. Ensure all building personnel are familiar with these plans.
6. Training: Integrate facilities-related cybersecurity competencies into workforce development programs. Conduct regular cybersecurity drills and exercises to assess the preparedness of building personnel, identifying weaknesses and refining incident response capabilities.
Facility managers can leverage resources like the Federal Buildings Personnel Training Act (FBPTA), enacted in 2010, to enhance cybersecurity competence. The FBPTA mandates federal personnel providing building operations and maintenance services to demonstrate competencies crucial for effective facility management.
Cybersecurity competencies were incorporated into the model in 2016, focusing on Cybersecurity in Facility Management and Building O&M, as well as Cybersecurity in Design and Acquisition.
As facilities advance in technology, the significance of cybersecurity cannot be overstated. HVAC and building automation systems are integral components, and safeguarding them is not solely a technological concern but a necessity for the entire organization. The FBPTA, by aligning facility management with essential training, empowers personnel as a critical line of defense against cyber threats.
In an interconnected world, cybersecurity competence is not merely an option but a necessity for building technology professionals. Facility managers should utilize available resources, including internal IT organizations, to fortify their organizations against cybersecurity threats.