• Home
  • Best Practices
  • 6 Jan 2023 5:00 PM | Anonymous member (Administrator)

    Organizations may be just starting their journey, or further along. We offer these tips and suggestions for anyone starting on their journey.* 

    • Smart Building Security should follow the same process patterns provided by US-CERT (Cyber Emergency Response Team), CIS (Center for Internet Security), NIST. The models all follow a Plan-Do-Check-Act process.

    • Define security metrics for continuous improvement
    • Put cascading security expectations in Vendor contracts and audit against national/international recognized standards
    • Harden field-based devices
    • Ensure strong password management and that no default passwords are used
    • Consider having passwords externally tested for security
    Identify – Protect – Detect – Respond – Recover
    • Educate the workforce to be deputies in security. If they receive or see something unusual they should report it.  
    • Keep systems current with security software updates
    • Ensure a properly configured firewall protects the network
    • Segregate corporate networks from BMS networks (IT vs OT separation)
    • Restrict or deny the use of USB flash drives
    • Consider an "assumed breach" model – establish tiered access control, identify choke points, segment assets, and install detection capabilities
    * RECC makes no warranties on these recommendations.

  • 6 Jan 2023 12:30 PM | Anonymous member (Administrator)

    Click for: IT Security Best Practices for OT Systems

    Building Operational Technology (OT), considered a subset of Internet of Things (IoT) technology, broadly refers to systems used to control and monitor critical physical processes within buildings. Unique aspects of OT systems and devices demand modified approaches to minimizing cyber security risk. This best practice list serves as a summarization of industry best practice by corporate, commercial, educational and governmental real estate professionals focused on the design, installation, commissioning, operations, and maintenance of next generation BuildingOperational Technology.

  • 6 Jan 2023 12:00 PM | Anonymous member (Administrator)

    Click for: IT Security Assessment for OT Systems

    This questionnaire views building Operational Technology through the lens of an IT security assessment. The modular nature of the questionnaire provides the ability to quickly identify questions for each a specific assessment phase.

  • 6 Jan 2023 11:30 AM | Anonymous member (Administrator)

    Click for: Supply Chain Guidelines for OT Systems

    Guiding Principles to Improve Vendor Cyber Security Contract Requirements are sourcing and contract guidelines to help improve cyber security protections in all aspects of the building technology supply chain.

© Copyright 2023 Real Estate Cyber Consortium Inc.™ All Rights Reserved. Real Estate Cyber Consortium (RECC) is a 501(c)6 non-profit organization.  Privacy Policy and Terms of Use.
Powered by Wild Apricot Membership Software