Cybersecurity:

 
C
y
b
e
r
s
e
c
u
r
i
t
y
:
 
S
a
f
e
g
u
a
r
d
i
n
g
 
F
M
s
d
i
g
i
t
a
l
 
t
r
a
n
s
f
o
r
m
a
t
i
o
n
 
Jeffrey Saunders, Director of Research, IFMA and
CEO, Nordic Foresight
Dr. Erika Pärn, Cambridge University
Ted Ritter, LMI360
Re-invent the industry
Re-invent the industry
Substitute products & services
Substitute products & services
Craft new digital businesses
Craft new digital businesses
Reconfigure delivery models
Reconfigure delivery models
Rethink value propositions
Rethink value propositions
 
Digital transformation is enabling Facility Managers to:
 
Automate and augment:
 
Empowering FM’ers to:
 
FM is rapidly digitizing to:
 
While the market is investing into the following areas:
 
Download IFMA’s
DT study
 
Digitizing the following building functional areas:
 
Fire Systems
Fire Detection Systems (alarms)
Fire Protection Systems (sprinklers)
 
HVAC Systems
Ventilation, Chillers, Air Handling, Purification
Air Quality, Health
 
People Transport Systems
Elevators
Escalators
Moving walkways
 
Lighting Systems
Standard lighting and shades
Emergency lighting
 
Utility Systems
Gas
Water, Boilers, Filtration
Electric (including Backup Generators, UPS, Solar, Wind)
 
Physical Access Systems
Physical Security Control
Video Surveillance
People Count
 
A/V and Digital Signage
Standard
Emergency
 
Voice Communication Systems
Standard
Emergency
 
Voice Communications (wired & wireless)
Parking Systems
Access
EV Charging
 
Building Automation Systems
IT Systems
Owner Network
Property Management
 
Source: Building Cyber Security, 2023
 
This Photo
 by Unknown Author is licensed under 
CC BY-SA-NC
 
Digitization of FM operations and assets create new:
 
 
 
 
Targets
Vectors
Means
Surfaces
Mechanisms
 
…for targeting buildings
which have become the
focus of attacks
themselves.
 
 
“Alongside a rise in cybercrime, attempts to disrupt critical
technology-enabled resources and services will become
more common, with attacks anticipated against agriculture
and water, financial systems, public security, transport,
energy and domestic, space-based and undersea
communication infrastructure.” World Economic Forum
2023
The Global Risks Report 2023
World Economic Forum: The Global Risks Report 2023
 
Cyber security risks are on building owners’ agendas.
They should be on FM’s agenda too:
 
2022
 
2023
 
L
e
a
d
i
n
g
 
c
y
b
e
r
 
r
i
s
k
s
 
f
a
c
i
n
g
 
f
a
c
i
l
i
t
y
 
m
a
n
a
g
e
r
s
 
L
e
a
d
i
n
g
 
o
b
s
t
a
c
l
e
s
 
f
a
c
i
n
g
 
f
a
c
i
l
i
t
y
 
m
a
n
a
g
e
r
s
L
L
i
i
m
m
i
i
t
t
e
e
d
d
 
 
b
b
u
u
d
d
g
g
e
e
t
t
s
s
 
But, we are not prepared
 
 
 
BUILT ENVIRONMENT SYSTEM
 
CDBB VISION
 
 
COMPLEX SYSTEM
SYSTEM OF SYSTEMS
H
A
C
K
I
N
G
 
A
 
B
U
I
L
D
I
N
G
H
A
C
K
I
N
G
 
A
 
B
U
I
L
D
I
N
G
 
C
O
N
T
R
O
L
 
S
Y
S
T
E
M
 
 
 
INCREASED PRESSURES ON FM PROFESSIONAL
 
FM AT THE NEXUS OF CHANGE
 
Institutional Pressures
 
FACILITY MANAGEMENT
INDUSTRY
 
To transform digitally
 
To comply with new
measures
 
Organizational self-interest
 
 
 
WHAT IS A CYB
ER-
PHYSICAL ATTACK
 
 
 
CYBER-PHYSICAL ATTACKS OF BUILDINGS
 
 
Nye J., S. (2016) International Security, Vol. 41, No. 3 (Winter 2016/17), pp. 44–71, DOI:
http://dx.doi.org/10.1162/ISEC_a_00266
Peng,Y., Wang,Y., Xiang, C., Liu, X., Wen,Z., and Chen, D., (2015) Cyber-physical attack-oriented industrial control
systems (ICS) modeling, analysis and experiment environment, 2015 International Conference on Intelligent
Information Hiding and Multimedia Signal Processing, pp. 322- 326, DOI: 
http://dx.doi.org/
10.1109/IIH-MSP.2015.110
 
C
y
b
e
r
-
a
t
t
a
c
k
 
i
s
 
t
h
e
 
a
c
t
i
v
i
t
y
 
o
f
 
u
s
i
n
g
 
c
o
d
e
 
t
o
 
i
n
t
e
r
f
e
r
e
 
w
i
t
h
t
h
e
 
f
u
n
c
t
i
o
n
a
l
i
t
y
 
o
f
 
a
 
c
o
m
p
u
t
e
r
 
s
y
s
t
e
m
 
f
o
r
 
s
t
r
a
t
e
g
i
c
,
a
m
b
i
g
u
o
u
s
,
 
e
x
p
e
r
i
m
e
n
t
a
l
 
o
r
 
p
o
l
i
t
i
c
a
l
 
p
u
r
p
o
s
e
s
 
(
N
y
e
,
 
2
0
1
7
)
.
 
C
y
b
e
r
-
p
h
y
s
i
c
a
l
 
a
t
t
a
c
k
s
 
e
x
t
e
n
d
 
s
u
c
h
 
t
h
r
e
a
t
s
 
v
i
a
 
p
h
y
s
i
c
a
l
h
a
r
m
,
 
d
i
s
r
u
p
t
i
o
n
 
o
r
 
d
a
m
a
g
e
 
t
o
 
p
h
y
s
i
c
a
l
 
a
s
s
e
t
s
 
l
e
a
d
i
n
g
 
t
o
h
e
a
l
t
h
,
 
s
a
f
e
t
y
 
a
n
d
 
e
n
v
i
r
o
n
m
e
n
t
 
(
H
S
E
)
 
c
o
n
s
e
q
u
e
n
c
e
s
 
i
n
p
h
y
s
i
c
a
l
 
w
o
r
l
d
 
(
P
e
n
g
 
e
t
 
a
l
.
,
 
2
0
1
5
)
.
H
O
W
 
I
S
 
A
N
 
A
T
T
A
C
K
 
F
O
R
M
E
D
?
B
L
A
C
K
 
H
A
T
:
E
G
O
,
 
P
E
R
S
O
N
A
L
 
A
N
I
M
O
S
I
T
Y
,
 
A
N
D
 
E
C
O
N
O
M
I
C
 
G
A
I
N
 
B
L
A
C
K
 
H
A
T
:
E
G
O
,
 
P
E
R
S
O
N
A
L
 
A
N
I
M
O
S
I
T
Y
,
 
A
N
D
 
E
C
O
N
O
M
I
C
 
G
A
I
N
 
Snapshot of RISI Online Incident Database of cyber-physical hacking examples [available online at 
http://www.risidata.com/
]
G
R
E
Y
 
H
A
T
:
 
A
M
B
I
G
U
O
U
S
Snapshot of RISI Online Incident Database of cyber-physical hacking examples [available online at 
http://www.risidata.com/
]
 
W
H
I
T
E
 
H
A
T
:
I
D
E
A
L
I
S
M
,
 
C
R
E
A
T
I
V
I
T
Y
,
 
R
E
S
P
E
C
T
 
F
O
R
 
T
H
E
 
L
A
W
Snapshot of RISI Online Incident Database of cyber-physical hacking examples [available online at 
http://www.risidata.com/
]
 
I
T
 
A
N
D
 
O
T
 
C
O
N
V
E
R
G
E
N
C
E
D
I
G
I
T
A
L
 
T
W
I
N
 
O
F
 
A
S
S
E
T
S
C
R
I
T
I
C
A
L
 
I
N
F
R
A
S
T
R
U
C
T
U
R
E
S
Federated 3D BIM Information
Set of structured Data
+
 
D
I
G
I
T
A
L
 
T
H
R
E
A
D
 
A
N
D
 
F
A
B
R
I
C
 
D
I
G
I
T
I
S
I
N
G
 
A
S
S
E
T
 
L
I
F
E
C
Y
C
L
E
 
F
O
R
 
O
&
M
 
P
U
R
P
O
S
E
S
 
D
I
G
I
T
A
L
 
F
A
B
R
I
C
 
D
I
G
I
T
I
S
I
N
G
 
A
S
S
E
T
 
L
I
F
E
C
Y
C
L
E
 
F
O
R
 
O
&
M
 
P
U
R
P
O
S
E
S
 
BIM
 
FM Systems
 
HVAC/energy
 
V
U
L
N
E
R
A
B
I
L
I
T
I
E
S
 
Unauthorised access to BIM data could jeopardise security of
sensitive facilities, such as banks, courts, prisons and defence
establishments, and in fact most of the Critical National
Infrastructure (Boyes, 2013).”
 
Smart
residential
buildings
 
Public
Buildings
 
Ports
 
Boyes H. (2013) Resilience and Cyber Security of Technology in the Built Environment The Institution of Engineering and Technology, IET Standards Technical Briefing,
London. Available via: 
https://www.theiet.org/resources/standards/-files/cyber-security.cfm?type=pdf
 
Government
facilities
 
Military
facilities
 
Infrastructure
(bridges and
highways)
 
Manufacturing
plants
 
C
Y
B
E
R
S
E
C
U
R
I
T
Y
 
F
R
A
M
E
W
O
R
K
S
undefined
 
 
IFMA:
CYBERSECURITY
SURVEY FOR FM
 
FSQCA ANALYSIS
 
 
 
DIFFERENT ROUTES SAME OUTCOME
 
OUR RESEARCH APPROACH
This Photo
 by Unknown Author is licensed under 
CC BY
This Photo
 by Unknown Author is licensed under 
CC BY-NC-ND
 
COMPLEXITY
 
EQUIFINALITY
 
 
 
STRUCTURE
 
RESEARCH DESIGN
 
 
 
WHY USE FSQCA?
 
FUZZY SET QUALITATIVE COMPARATIVE ANALYSIS
 
 
 
CRISP VERSUS FUZZY SET
 
FSQCA
 
Cause: Studies a lot
 
Outcome: Scores high
 
Cause: Studies a lot
 
Outcome: Scores high
 
QCA
 
fsQCA
 
Cause: High IQ score
CASE 1
CASE 2
CASE 3
CASE 1
CASE 2
 
 
 
FM CYBERSEC. PREPAREDNESS ARCHETYPES AND
OUTCOMES
 
RESEARCH AGENDA 2023
 
P
r
o
b
l
e
m
 
S
t
a
t
e
m
e
n
t
I
t
 
i
s
 
u
n
c
l
e
a
r
 
w
h
a
t
 
a
r
e
 
t
h
e
 
c
y
b
e
r
s
e
c
u
r
i
t
y
 
o
u
t
c
o
m
e
s
 
o
f
 
F
M
 
s
e
r
v
i
c
e
 
p
r
o
v
i
d
e
r
s
 
w
i
t
h
 
d
i
f
f
e
r
e
n
t
 
a
p
p
r
o
a
c
h
e
s
 
t
o
 
s
e
c
u
r
i
t
y
p
r
e
p
a
r
e
d
n
e
s
s
.
 
T
h
e
r
e
f
o
r
e
,
 
q
u
a
n
t
i
t
a
t
i
v
e
 
s
u
r
v
e
y
 
w
i
l
l
 
b
e
 
u
s
e
d
 
t
o
 
i
d
e
n
t
i
f
y
 
w
h
i
c
h
 
a
r
c
h
e
t
y
p
e
s
 
r
e
s
u
l
t
 
i
n
 
n
e
g
a
t
i
v
e
 
o
u
t
c
o
m
e
s
 
f
r
o
m
c
y
b
e
r
s
e
c
u
r
i
t
y
 
b
r
e
a
c
h
e
s
.
 
Objectives
 
Descriptive statistics on negative cybersecurity outcomes
 
Median cost of negative cybersecurity outcomes
 
OB1
 
OB2
 
OB3
 
Definition of FM cybersecurity preparedness archetypes
 
 
 
PROJECTED RESEARCH JOURNEY
 
RESEARCH STATUS
 
Phase 1
 
Phase 2
 
Phase 3
 
Data collection
of surveys
 
Build
configurations of
FM preparedness
 
Final report and
presentation on
findings
 
2023
 
Qualitative
 
 
 
CONFIGURATIONS OF FM CYBERSECURITY
PREPAREDNESS
 
SURVEY DESIGN
A
s
s
e
t
 
T
y
p
e
s
P
e
r
c
e
p
t
i
o
n
 
o
f
 
c
r
i
t
i
c
a
l
i
t
y
P
r
e
p
a
r
e
d
n
e
s
s
 
a
n
d
 
a
w
a
r
e
n
e
s
s
T
y
p
e
s
 
o
f
 
b
r
e
a
c
h
e
s
S
c
a
l
e
 
o
f
 
d
a
m
a
g
e
T
e
c
h
n
o
l
o
g
i
c
a
l
 
t
u
r
b
u
l
e
n
c
e
E
n
t
r
e
p
r
e
n
e
u
r
i
a
l
 
o
r
i
e
n
t
a
t
i
o
n
O
v
e
r
a
l
l
 
p
e
r
f
o
r
m
a
n
c
e
 
Outcomes
 
Configuration characteristics
 
 
 
CONFIGURATIONS OF FM PREPAREDNESS
 
SURVEY DESIGN
A
s
s
e
t
 
T
y
p
e
s
P
e
r
c
e
p
t
i
o
n
 
o
f
 
c
r
i
t
i
c
a
l
i
t
y
P
r
e
p
a
r
e
d
n
e
s
s
 
a
n
d
 
a
w
a
r
e
n
e
s
s
 
S
t
a
r
t
s
 
w
i
t
h
:
Understanding the types of assets that
are vulnerable to cyber breaches.
 
K
e
y
 
Q
u
e
s
t
i
o
n
s
:
Which of the following sectors best
represents the industry your facility(ies)
serves?
 
S
t
a
r
t
s
 
w
i
t
h
:
Identifying level of criticality for different
services in the asset.
 
K
e
y
 
Q
u
e
s
t
i
o
n
s
:
Please rank the following immediate
threats facing your facility(ies)?
Which of the following would
be perceived as critical cybersecurity
risks affecting your organisation?
 
S
t
a
r
t
s
 
w
i
t
h
:
Understanding what the preparedness
and knowledge of cybersecurity
frameworks and standards.
 
K
e
y
 
Q
u
e
s
t
i
o
n
s
:
Which organisations' frameworks, if
any, do you use to assess and manage
the cyber security risk to your
organization?
 
 
 
CONFIGURATIONS OF RESPONSIVENESS
 
SURVEY DESIGN
O
v
e
r
a
l
l
 
p
e
r
f
o
r
m
a
n
c
e
E
n
t
r
e
p
r
e
n
e
u
r
i
a
l
 
o
r
i
e
n
t
a
t
i
o
n
T
e
c
h
n
o
l
o
g
i
c
a
l
 
t
u
r
b
u
l
e
n
c
e
 
S
t
a
r
t
s
 
w
i
t
h
:
Understanding what is the overall
business performance have they
experienced any negative growth.
 
K
e
y
 
Q
u
e
s
t
i
o
n
s
:
Please evaluate the overall
performance of your business. Please
focus on customer (end-user)
satisfaction relative to your major
competitors over the past year?
 
S
t
a
r
t
s
 
w
i
t
h
:
Identifying ability to respond to
competitors in the market and how
much do they lead or follow their
competitors.
 
K
e
y
 
Q
u
e
s
t
i
o
n
s
:
Please indicate the extent to which you
agree or disagree with the following
statements about your firm’s
entrepreneurial orientation.?
 
S
t
a
r
t
s
 
w
i
t
h
:
Understanding how well organisation
responds to technological change in the
market and how quickly they adopt new
technology.
 
K
e
y
 
Q
u
e
s
t
i
o
n
s
:
Please indicate to what extent you
agree or disagree with the statements
on technology change in FM industry?
 
 
 
CONFIGURATIONS OF NEGATIVE OUTCOMES
 
SURVEY DESIGN
T
y
p
e
s
 
o
f
 
b
r
e
a
c
h
e
s
S
c
a
l
e
 
o
f
 
d
a
m
a
g
e
 
S
t
a
r
t
s
 
w
i
t
h
:
Understanding the types of breaches
that have been knowingly identified, not
all breaches will be recorded or
identified.
 
K
e
y
 
Q
u
e
s
t
i
o
n
s
:
As far as you know, has your
organization ever experienced a cyber
security incident?
 
S
t
a
r
t
s
 
w
i
t
h
:
Identifying level of damage and
disruption to services with cybersecurity
incidents and breaches.
 
K
e
y
 
Q
u
e
s
t
i
o
n
s
:
How damaging to the organisation was
the incident?
Which of the following impacts of a
cyber breach has your organization
experienced?
 
Register to participate in the survey!
 
Panel debate
Slide Note
Embed
Share

Safeguarding digital transformation in Facility Management is crucial for empowering FM professionals to automate, reinvent the industry, and rethink value propositions. FM is rapidly digitizing to enhance occupant health, reduce environmental impacts, and provide better operational telemetry. Investments in information for action, secure transactions, management and control, and greater interactivity with prosumers are shaping the future of FM. Digitizing building functional areas such as fire systems, physical access control, HVAC systems, and IT networks is essential for building cybersecurity resilience.


Uploaded on Mar 26, 2024 | 1 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Cybersecurity: Safeguarding FM s digital transformation Jeffrey Saunders, Director of Research, IFMA and CEO, Nordic Foresight Dr. Erika P rn, Cambridge University Ted Ritter, LMI360

  2. Digital transformation is enabling Facility Managers to: Empowering FM ers to: Automate and augment: Re-invent the industry Substitute products & services Craft new digital businesses Reconfigure delivery models Rethink value propositions

  3. FM is rapidly digitizing to: Improve occupant health & well-being Reduce environmental impacts FM's transformation Provide better operational telemetry Controlling flows into the built environment

  4. While the market is investing into the following areas: Information for action: Ubiquitous sensors and near real-time data collection on people, operations, processes, and buildings enable FM'ers to conduct evermore powerful descriptive, diagnostic, predictive, and prescriptive analytics for more sustainable operations and assets. Faster and more secure transactions: The emergence of identity authentication, the Internet of Things, and distributed ledger technologies enable fast and more secure transactions, large and small, in the built environment. New transaction opportunities could allow alternative ways to time slice assets. Greater management & control: New interfaces and dashboards that enable more sophisticated control over assets in the built environment. Greater interactivity with prosumers: Digital interfaces and emergent grid technologies enable increased interactivity of people with buildings and buildings with neighborhoods. FM ers will increasingly engage with these operating models. Download IFMA s DT study

  5. Digitizing the following building functional areas: Fire Systems Fire Detection Systems (alarms) Fire Protection Systems (sprinklers) Physical Access Systems Physical Security Control Video Surveillance People Count HVAC Systems Ventilation, Chillers, Air Handling, Purification Air Quality, Health A/V and Digital Signage Standard Emergency People Transport Systems Elevators Escalators Moving walkways Voice Communication Systems Standard Emergency Lighting Systems Standard lighting and shades Emergency lighting Voice Communications (wired & wireless) Parking Systems Access EV Charging Utility Systems Gas Water, Boilers, Filtration Electric (including Backup Generators, UPS, Solar, Wind) Building Automation Systems IT Systems Owner Network Property Management Source: Building Cyber Security, 2023

  6. Digitization of FM operations and assets create new: Targets Vectors Means Surfaces Mechanisms for targeting buildings which have become the focus of attacks themselves. This Photo by Unknown Author is licensed under CC BY-SA-NC

  7. World Economic Forum: The Global Risks Report 2023 Alongside a rise in cybercrime, attempts to disrupt critical technology-enabled resources and services will become more common, with attacks anticipated against agriculture and water, financial systems, public security, transport, energy and domestic, space-based and undersea communication infrastructure. World Economic Forum 2023 The Global Risks Report 2023

  8. Cyber security risks are on building owners agendas. They should be on FM s agenda too: 2022 2023

  9. But, we are not prepared Leading obstacles facing facility managers Leading cyber risks facing facility managers Unauthorized access to building control systems Unaware of cyber risks & unsure of responsibility Lack of unified contracting models & commercial relations & Obsolete legacy systems Data manipulation & unauthorized access to systems with confidential information System & Keeping abreast of rapidly evolving technology & threat picture service disruption & long-term interruption Physical damage to buildings systems that could lead to loss of life Balancing building security with accessibility Insurers refusing to cover costs (including P&C) of cyber attack Limited budgets

  10. CDBB VISION BUILT ENVIRONMENT SYSTEM 10

  11. SYSTEM OF SYSTEMS COMPLEX SYSTEM 11

  12. HACKING A BUILDING HACKING A BUILDING HACKING A BUILDING CONTROL SYSTEM HACKING A BUILDING CONTROL SYSTEM

  13. FM AT THE NEXUS OF CHANGE INCREASED PRESSURES ON FM PROFESSIONAL Institutional Pressures To transform digitally To comply with new measures FACILITY MANAGEMENT INDUSTRY Organizational self-interest 13

  14. WHAT IS A CYBER-PHYSICAL ATTACK CYBER-PHYSICAL ATTACKS OF BUILDINGS Cyber-attack is the activity of using code to interfere with the functionality of a computer system for strategic, ambiguous, experimental or political purposes (Nye, 2017). Cyber-physical attacks extend such threats via physical harm, disruption or damage to physical assets leading to health, safety and environment (HSE) consequences in physical world (Peng et al., 2015). Nye J., S. (2016) International Security, Vol. 41, No. 3 (Winter 2016/17), pp. 44 71, DOI: http://dx.doi.org/10.1162/ISEC_a_00266 Peng,Y., Wang,Y., Xiang, C., Liu, X., Wen,Z., and Chen, D., (2015) Cyber-physical attack-oriented industrial control systems (ICS) modeling, analysis and experiment environment, 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 322- 326, DOI: http://dx.doi.org/10.1109/IIH-MSP.2015.110 14

  15. HOW IS AN ATTACK FORMED? ? HOW IS AN ATTACK FORMED

  16. BLACK HAT: BLACK HAT: EGO, PERSONAL ANIMOSITY , AND ECONOMIC GAIN EGO, PERSONAL ANIMOSITY , AND ECONOMIC GAIN USA, 2014 Power and utilities - Hackers took advantage of a weak password vulnerability where mechanical devices were disconnected from the control Hacktivists system for scheduled maintenance. Poland, 2008- Transport - A 14-year old Polish student, hacked into the tram system which enabled him to change track points in Lodz, Poland. Four trams were derailed, consequently, twelve people Script kiddies were injured. USA, 2001- Petroleum- The network monitoring PC provided a path from the internet, via the company business network onto the Automation network. Making the company vulnerable to the Code Red Worm, used to deface the Automation Web Pages of a large oil company. Cyber insiders Iran, 2012-Petroleum - Iran has been forced to disconnect key oil facilities after suffering a malware attack. The computer virus is believed to have hit the internal computer systems at Cyber terrorists Iran s oil ministry and its national oil company. Spain, 2011- Traffic- Malware detected on the Spainair central computer system was a Trojan. On August 20, 2008 Spanair flight 5022 crashed just after take-off from Madrid-Brajas International Airport killing 154 with 18 survivors. The systems delivering power to the take-off warning system had failed. Trojan is speculated to have played a role in the crash by causing the computer to fail to detect three technical problems with the aircraft. Malware authors

  17. BLACK HAT: BLACK HAT: EGO, PERSONAL ANIMOSITY , AND ECONOMIC GAIN EGO, PERSONAL ANIMOSITY , AND ECONOMIC GAIN USA and Europe, 2014 Energy sector-Dragonfly group operating since 2011, has targeted defence and aviation companies in the U.S. and Canada cyber- espionage. In 2013, the group targeted U.S. and European energy firms. Dragonfly gains entry through these methods: 1. spear phishing emails, malware , watering hole attacks , infecting legitimate software from three different ICS (industrial control systems) equipment manufacturers As of now Dragonfly s main motive seems to be, with a likelihood of sabotage in the future. Organized cyber criminals Canada, 2012 Energy sector- Telvent Canada, Ltd were subject to information theft, where installed malware and stole project files related to OASyS SCADA. Telvent, software and services provider used to monitor large sections of the energy industry. Security experts identify that the digital fingerprints leads to a Chinese hacking group known as the Comment Group . Patriot Hackers Iran, 2010, Nuclear One of the most prolific cyber-physical attacks remains as an exemplified case of government and civilian blurred lines, creating a new forefront of cyber militia and becoming the first proclaimed cyber weapon. Stuxnet malworm shut down uranium enrichment at Natanz for a week from Cyber militia Nov. 16 to 22, 2010. Snapshot of RISI Online Incident Database of cyber-physical hacking examples [available online at http://www.risidata.com/]

  18. GREY HAT: GREY HAT: AMBIGUOUS AMBIGUOUS USA, 2012- Water/waste management- Former employee of The Key Largo Wastewater Treatment District hacked the company resulting in modification and deletion of files. Script Kiddies Venezuela, 2002 -Petroleum- Venezuela s state oil company became embroiled in a bitter strike was extensively sabotaged by an employee who gained, remote access to a program terminal to erase all PLC programs in port facility. Ordinary Citizens Snapshot of RISI Online Incident Database of cyber-physical hacking examples [available online at http://www.risidata.com/]

  19. WHITE HAT: WHITE HAT: IDEALISM, CREATIVITY , RESPECT FOR THE LAW IDEALISM, CREATIVITY , RESPECT FOR THE LAW Canada, 2002- Petroleum- A whitehat hacker simulated attack on a DCS, where network access to the control LAN was to connect to selected DCS operator stations and obtain full administration privileges. This was accomplished through the vulnerabilities in the Windows operating system and a number of Netbios that lacked proper password protection. Hacktivists USA, 2014 Traffic - One of the first hacks on a traffic management incurred on a road sign in San Francisco, where signs were photographed flashing Godzilla Attack! Turn Script Kiddies Back . Snapshot of RISI Online Incident Database of cyber-physical hacking examples [available online at http://www.risidata.com/]

  20. IT AND OT CONVERGENCE IT AND OT CONVERGENCE

  21. DIGITAL TWIN OF ASSETS DIGITAL TWIN OF ASSETS CRITICAL INFRASTRUCTURES CRITICAL INFRASTRUCTURES Single source of Project Information (e.g. Design & Construction data, Asset information, etc.) made available to the RIGHT PEOPLE AT THE RIGHT TIME Built Asset Digitaltwin + Set of structured Data Federated 3D BIM Information

  22. DIGITAL THREAD AND FABRIC DIGITAL THREAD AND FABRIC DIGITISING ASSET LIFECYCLE FOR O&M PURPOSES DIGITISING ASSET LIFECYCLE FOR O&M PURPOSES

  23. DIGITAL FABRIC DIGITAL FABRIC DIGITISING ASSET LIFECYCLE FOR O&M PURPOSES DIGITISING ASSET LIFECYCLE FOR O&M PURPOSES BIM L A E I B FM Systems D K C H F G J HVAC/energy

  24. VULNERABILITIES VULNERABILITIES Unauthorised access to BIM data could jeopardise security of sensitive facilities, such as banks, courts, prisons and defence establishments, and in fact most of the Critical National Infrastructure (Boyes, 2013). Public Buildings Infrastructure (bridges and highways) Military facilities Government facilities Smart residential buildings Manufacturing plants Ports Boyes H. (2013) Resilience and Cyber Security of Technology in the Built Environment The Institution of Engineering and Technology, IET Standards Technical Briefing, London. Available via: https://www.theiet.org/resources/standards/-files/cyber-security.cfm?type=pdf

  25. CYBERSECURITY FRAMEWORKS CYBERSECURITY FRAMEWORKS

  26. IFMA: CYBERSECURITY SURVEY FOR FM FSQCA ANALYSIS

  27. OUR RESEARCH APPROACH DIFFERENT ROUTES SAME OUTCOME COMPLEXITY EQUIFINALITY This Photo by Unknown Author is licensed under CC BY This Photo by Unknown Author is licensed under CC BY-NC-ND 27

  28. RESEARCH DESIGN STRUCTURE Research question What business preparedness configurations lead to negative cybersecurity outcomes with facilities managers? Methodology Cybersecurity preparedness framework and environmental conditions for competitive advantage Measure characteristics of business model configurations. Find generalized patterns of complex causality to develop business preparedness configurations and asset plausible pathways to business success with digital twins. Min. 200 in depth survey responses Purpose Data Analysis Configurational analysis of multiple conjectural causality through fuzzy-set analysis (Ragin, 2008) 28

  29. FUZZY SET QUALITATIVE COMPARATIVE ANALYSIS WHY USE FSQCA? Seek causal pathways to the same outcomes, which may be achieved with various combinations of conditions. Causation must be understood in terms of necessary and sufficient conditions. Causal connections (causal complexity) are analysed to explain the pathways to a particular outcome. For example: What are the pathways for FM awareness configuration that lead to negative cybersecurity outcomes (i.e. number of breaches)? The same negative outcome (i.e. breached facility systems) can have multiple pathways (equifinality). 29

  30. FSQCA CRISP VERSUS FUZZY SET Outcome: Scores high Outcome: Scores high Cause: Studies a lot Cause: Studies a lot CASE 1 CASE 2 CASE 3 CASE 1 CASE 2 QCA fsQCA Cause: High IQ score 30

  31. RESEARCH AGENDA 2023 FM CYBERSEC. PREPAREDNESS ARCHETYPES AND OUTCOMES Problem Statement It is unclear what are the cybersecurity outcomes of FM service providers with different approaches to security preparedness. Therefore, quantitative survey will be used to identify which archetypes result in negative outcomes from cybersecurity breaches. Investigate FM cybersecurity preparedness by conducting a mass survey and quantitative analysis of outcomes from archetypes. Aim Definition of FM cybersecurity preparedness archetypes OB1 Objectives Descriptive statistics on negative cybersecurity outcomes OB2 Median cost of negative cybersecurity outcomes OB3 31

  32. RESEARCH STATUS PROJECTED RESEARCH JOURNEY 2023 Qualitative Phase 1 Phase 2 Phase 3 Final report and presentation on findings Build configurations of FM preparedness Data collection of surveys 32

  33. SURVEY DESIGN CONFIGURATIONS OF FM CYBERSECURITY PREPAREDNESS Asset Types Perception of criticality Preparedness and awareness Overall performance Entrepreneurial orientation Technological turbulence Outcomes Types of breaches Scale of damage Configuration characteristics 33

  34. SURVEY DESIGN CONFIGURATIONS OF FM PREPAREDNESS Asset Types Perception of criticality Preparedness and awareness Starts with: Starts with: Starts with: Understanding the types of assets that are vulnerable to cyber breaches. Identifying level of criticality for different services in the asset. Understanding what the preparedness and knowledge of cybersecurity frameworks and standards. Key Questions: Key Questions: Which of the following sectors best represents the industry your facility(ies) serves? Please rank the following immediate threats facing your facility(ies)? Which of the following would be perceived as critical cybersecurity risks affecting your organisation? Key Questions: Which organisations' frameworks, if any, do you use to assess and manage the cyber security risk to your organization? 34

  35. SURVEY DESIGN CONFIGURATIONS OF RESPONSIVENESS Overall performance Entrepreneurial orientation Technological turbulence Starts with: Starts with: Starts with: Understanding what is the overall business performance have they experienced any negative growth. Identifying ability to respond to competitors in the market and how much do they lead or follow their competitors. Understanding how well organisation responds to technological change in the market and how quickly they adopt new technology. Key Questions: Please evaluate the overall performance of your business. Please focus on customer (end-user) satisfaction relative to your major competitors over the past year? Key Questions: Key Questions: Please indicate the extent to which you agree or disagree with the following statements about your firm s entrepreneurial orientation.? Please indicate to what extent you agree or disagree with the statements on technology change in FM industry? 35

  36. SURVEY DESIGN CONFIGURATIONS OF NEGATIVE OUTCOMES Types of breaches Scale of damage Starts with: Starts with: Understanding the types of breaches that have been knowingly identified, not all breaches will be recorded or identified. Identifying level of damage and disruption to services with cybersecurity incidents and breaches. Key Questions: How damaging to the organisation was the incident? Which of the following impacts of a cyber breach has your organization experienced? Key Questions: As far as you know, has your organization ever experienced a cyber security incident? 36

  37. Register to participate in the survey!

  38. Panel debate

Related


More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#