Resilience and Cybersecurity: Putting Theory into Practice, Part 1

At one time, cybersecurity was a lower priority for many building managers. Attacks like the Target hack roughly 5 years ago and the more recent Equifax data breach changed that as they started making national headlines. Unfortunate instances like these have helped bring awareness to an issue that many technology consumers knew little about.

To make matters worse, many modern devices run on systems with weak or even nonexistent security measures, making it difficult for vendors and building managers to ensure a degree of privacy. As phones, buildings, and cities become smarter, it is vital that our growing reliance on these things does not outweigh their resilience.

In this three-part blog series, I will explore the theoretical applications of resilience-based concepts and why building managers today are starting to integrate this line of thinking into cybersecurity frameworks. This first blog examines resilience theories to help stakeholders gain a deeper understanding of what is involved.

Resilience Theories

Applying a resilience lens in the analysis of cybersecurity helps decision makers prioritize vulnerabilities and learn how to build resiliency. Theories surrounding socio-economic or socio-ecological systems loosely define resilience as the ability of a system to withstand and absorb shocks while still maintaining its structural integrity. This adaptive capacity is a measure of an organization’s vulnerability to an unexpected or unpredictable disturbance and is exactly what cybersecurity is all about.

The real estate industry is starting to wake up to the benefits and vulnerabilities of big data and how weak operational architectures have led to a myriad of cyber threats like phishing attacks, ransomware, and digital signage hacks. Unfortunately, instances like these are certain to escalate as today’s building stock has the weakest adaptive capacity of all industries. 

What’s at Stake?

Understanding where a system is most susceptible to a breach is increasingly complex in a world of Internet of Things (IoT) connectivity and interoperability. Resilience-based theories state that the increased complexities of IoT systems make them more vulnerable to breaches and hacks. For instance, advances in translating tools have enabled disparate protocols to communicate with each other, supporting operational procedures like remote monitoring, building automation systems, and user-interface capabilities. However, these advancements have developed outside the realm of basic IT security, leaving many critical systems exposed and unprotected. Yet locating these gaps is less of an IT issue and more of an organizational problem and requires a vulnerability assessment. Understanding where the risk exists makes it that much easier to mitigate.

Check the Environment

Assessing the building environment is the first step toward ensuring a more secure system and developing an appropriate response. I will discuss these responses and options for asset protection in my next blog, Resilience and Cybersecurity: Putting Theory into Practice Part 2. In the final blog in this series, I will explore ways practitioners can continue strengthening their line of defense in a world of ongoing and evolving threats.