In today’s fast-evolving technological landscape, cybersecurity has emerged as a crucial component of building safety management. Ari Reubin, head of KMC Consulting™, recently sat down with industry experts to dissect the intricate layers of cyber physical security gaps and building safety. This discussion featured prominent voices such as Don Goldstein, Fred Gordy, and Lucian Niemeyer, industry leaders of expertise, accomplishment, and a passion for always doing the right thing.  

Don Goldstein, who boasts a unique background in social work in addition to his role as Chief Information Security Officer and Partner at 5Q, explored the psychological dimensions that complicate cybersecurity efforts. He pointed out, “We have a propensity to trust… people are the weakest link in the people, process, technology triad.” When we see an email in our inbox, our first instinct is to open it, neglecting the simple 9-second rule. If you haven’t heard of this, it is the practice of waiting 9 seconds before opening to make sure it is a wise choice and is one of the easiest ways to safeguard yourself from cyberattack. Our tendency to trust unfortunately makes systems vulnerable to breaches, emphasizing the need for awareness and education. 

The conversation took an intriguing turn when Lucian Niemeyer, CEO of Building Cyber Security, highlighted the limitations of government regulation in cybersecurity. He stated, “Society is asking government to do too much… innovation needs to start in the private sector.” This perspective suggests a pivotal shift towards leveraging private sector capabilities in advancing cybersecurity solutions. Lucian advocated for a reframing of cybersecurity to emphasize safety, mirroring traditional safety protocols within industries. He suggested talking about cyber safety as a mandatory engineering requirement. Hard hats and other safety gear were not always required in potentially dangerous work environments; however, as workers suffered injuries and business suffered losses due to lax safety standards, those standards shifted. This same kind of shift needs to happen in the cybersecurity realm. 

Fred Gordy, National Practice Lead at Michael Baker International, addressed a crucial gap, noting, “We have, as humans a ‘it’s not going to happen to me’ mindset that’s pervasive.” Real world cyber incidents do happen; they are featured nearly every day in news articles all over the world. No one is 100% safe. Gordy drew attention to the importance of systems commissioning, training, and tangible steps for improvement. 

Reubin shared that he has been working with a high-profile architect seeking to implement comprehensive OT (Operational Technology) cyber foundations across the multi-billion-dollar landscape of her company. This is just one example of significant entities beginning to recognize and address these cybersecurity gaps, leveraging frameworks like BCS (Building Cybersecurity). 

Goldstein highlighted the importance of continuous monitoring, emphasizing automation. “If assets are left alone, unmonitored, that’s when things start to happen,” he warned. The idea is to stay proactive, deploying automated systems to anticipate and mitigate threats before they escalate. 

The conversation wrapped up with an acknowledgment of the need for a paradigm shift towards mandatory cyber safety practices. As Niemeyer aptly put it, “We just have to start shifting towards what has to be a mandatory application for any type of modern building operation.” By refining approaches and fostering a culture of safety, the industry can better protect against evolving threats.