Cyber security: New guide

The guide explains how to protect a building’s systems from hackers and other unavoidable incidents, as well as how to improve business continuity processes. It also covers personnel security advice as today’s building management must also consider threats from disgruntled staff or contractors.

The premise for the Code of Practice is that building owners, operators and occupiers need to understand cyber security and promote awareness to a building’s stakeholders.  This includes giving appropriate briefing to the design, construction and facilities management teams.

Hugh Boyes, IET cyber security lead and author of the Code of Practice, said: "It’s common practice now for all parties involved in building construction and management to operate in line with stringent health and safety practices.  Failure to address cyber security risks could have just as dire consequences as neglecting health and safety, such as serious injury or fatality, disruption or damage to building systems and loss of use of the building, and yet awareness of the issue is markedly lower.

"It’s tempting to think that hackers attacking buildings and their operating systems are the reserve of science fiction movies, but these kinds of attacks are already starting to happen in real life. Hackers have attacked building management systems governing heating, ventilation and air conditioning systems. There is also the example of a cyber-attack on the Target group of stores in the US, which was initiated using remote access credentials from one of the company’s contractors. In this example, the hacker was able to gain access to the corporate network, resulting in the theft of card details for over 140 million credit cards.

"While hacker attacks of this kind remain relatively rare, building owners and managers can’t afford to be complacent.”

Buildings are becoming increasingly complex and dependent on the extensive use of information and communications technologies. The Code of Practice explains why it is essential that cyber security is considered throughout a building’s lifecycle and the potential financial, reputational and safety consequences that may arise if cyber security threats are ignored.

It provides user-friendly guidance to help people from a wide range of technical and non-technical backgrounds understand how managing cyber security applies to their job roles – and outlines their personal responsibilities in maintaining the security of the building.