[Skip to content]

FM World logo
Text Size: A A A
16 January 2019
View the latest issue of FM
Sign up to Facilitate Daily >
FM World daily e-newsletter logo




05 April 2018 Herpreet Kaur Grewal


The UK faces catastrophe if it does not step up cybersecurity measures, an expert told delegates at the BIFM London conference in March.

Mike Gillespie, a consultant at information security and physical security group Advent IM, told attendees that cybersecurity was vital because of the increasing “interconnectedness of the world”. A single device can have access to CCTV and building systems, and “as soon as they are connected to the internet they are a target”. 

He said “this was not a security problem but a business problem” and it affects all departments. 

FMs are still unaware how much at risk organisations are, added Gillespie. “Many systems such as air conditioning, heating and ventilation have been offline, on their own network, but over years, partly because of functional reasons – such as being able to access these systems remotely – these systems have become joined up and online. 

“Too many facilities managers are thinking of systems such as CCTV as offline, but they are not. FMs are managing huge swathes of technology that are under risk of attack. They are managing systems thinking they are safe, but they are inherently unsafe.” 

He said FMs need to become “better engaged with those who understand cybersecurity in their own organisations and other organisations” and “they need to look at good-quality education about cybersecurity for themselves and others and have a systems security check” as a matter of course.

“The threat is holistic so we have to have holistic solutions.”  

He advised FMs to first look at “what they are managing that is connected to the internet, engage with physical and cybersecurity specialists to really understand the vulnerability of equipment and communicate that vulnerability to the board [of an organisation]”.

Dave Cooke, chair of BIFM’s risk and business continuity management SIG, said: “Once the domain of the IT Team, cybersecurity is now firmly the responsibility of everybody in the enterprise as people are one of the key vulnerabilities.  

 “FM professionals have a particular responsibility in this area as more of their systems run on the business network. This will grow dramatically with the roll-out of IoT’. 

“FMs must be more aware of cybersecurity good practice and draw on the wealth of guidance available from the National Cyber Security Centre (part of GCHQ). Our SIG will also be providing some accessible guides later this year.”

Tom DeSot, executive vice-president of Digital Defense, Inc. says FMs are now dealing with IP-based systems on a daily basis that “must be included in the cybersecurity practices of any company”. 

“Most camera systems have moved to IP-based platforms rather than coax [cable],” says DeSot, “and as a result have made it easier for attackers not only to intercept traffic between the cameras and the DVR, but also opened up attacks on the DVR itself where video can be erased or otherwise altered.

“When an InfoSec risk assessment is completed, it is imperative that the FM be involved so that these issues can be discussed and mitigation plans put in place to ensure that the new IP-based systems are properly protected.”