The Institution of Engineering and Technology (IET) has launched a new guide, Code of Practice: Cyber Security in the Built Environment, to help building owners develop more effective cyber security management to protect their building management systems and information from cyber attack.
The document covers how to protect a building’s systems from hackers and other unavoidable incidents, and how to improve business continuity. It also covers personnel security advice as building management must also consider threats from disgruntled staff or contractors, the IET adds.
The idea behind the code of practice is that building owners, operators and occupiers need to understand cyber security and promote awareness to a building’s stakeholders. This includes giving appropriate briefing to the design, construction and facilities management staff.
Hugh Boyes, IET Cyber Security Lead and author of the Code of Practice, said: “It’s common practice now for all parties involved in building construction and management to operate in line with stringent health and safety practices. Failure to address cyber security risks could have just as dire consequences as neglecting health and safety, such as serious injury or fatality, disruption or damage to building systems and loss of use of the building, and yet awareness of the issue is markedly lower.
“It’s tempting to think that hackers attacking buildings and their operating systems are the reserve of science fiction movies, but these kinds of attacks are already starting to happen in real life. Hackers have attacked building management systems governing heating, ventilation and air conditioning systems. There is also the example of a cyber-attack on the Target group of stores in the US, which was initiated using remote access credentials from one of the company’s contractors. In this example, the hacker was able to gain access to the corporate network, resulting in the theft of card details for over 140 million credit cards. While hacker attacks of this kind remain relatively rare, building owners and managers can’t afford to be complacent.”
The IET makes the point that buildings are becoming increasingly complex and dependent on information and communications technologies. The Code of Practice explains why it is essential that cyber security is considered throughout a building’s lifecycle and the potential financial, reputational and safety consequences that may arise if cyber threats are ignored.
It provides guidance to help people from a range of technical and non-technical backgrounds understand how managing cyber security applies to their job roles – and outlines their personal responsibilities in maintaining the security of the building. Visit: http://www.theiet.org/resources/standards/index.cfm.
