June 2022 www.creinsightjournal.com
PROP TECH & CYBERSECURITY GUIDE
NAVIGATING THE DIGITAL FUTURE OF CRE
Integrated Security is Better Security Prosegur’s unique blend of people, processes and technology enables different parts of your security program to stay connected and synchronized while giving you better transparency and control. Talk to us today, and let’s make your security better together.
www.prosegur.us
LETTER FROM THE EDITOR The business of commercial real estate management and operations is constantly evolving, and it feels like those changes are occurring more frequently and rapidly than ever before. As the industry adapts, it is more important than ever to stay briefed on not only the latest challenges to your business, but also the latest tools and technology that help commercial real estate owners, asset manager, property managers and building operations professionals do their jobs better. This Proptech and Cybersecurity Guide from CRE Insight Journal curates a special collection of articles, videos, webinars, and other resources that equip industry professionals with the knowledge and resources needed to effectively lead their organizations and properties into the future. Gabriel Eckert, FASAE, CAE, is editorin-chief of the Commercial Real Estate Insight Journal. He also serves as the CEO of the Building Owners and Managers Association of Georgia and BOMA Georgia Foundation. He is a Certified Association Executive; Fellow of the American Society of Association Executives; and has been named by the Atlanta Business Chronicle as one of the Top 100 Who’s Who in Commercial Real Estate, a list of “leaders, deal makers, and legends who are changing Atlanta.”
As we move into this future, the increased challenge posed to our building systems and tech infrastructure by nefarious actors and cyber criminals is on the rise. As we transition more of our systems and network into the digital space and Internet of Things (IoT), it becomes incumbent upon owners, managers and building operators to increase their competency in cybersecurity. Aiding in that endeavor is our feature on The First Cybersecurity Standard for Commercial Real Estate Building Control Systems. In this article from SmartBuilding industry expert Fred Gordy, he outlines the development of the first Cybersecurity Standard Framework scheduled for adoption in 2022. The threats posed to building systems are real. That reality is underscored by articles in this issue, like Breaking Down Building System Threats and Cybersecurity for CRE. I encourage you to read this article to gain an understanding of this multi-faceted threat and share this content with your teams and organization to help align all your staff on the importance of cybersecurity best practices. Threats are frequently introduced in the most innocuous ways. Helping your team and customers recognize and prevent the harm caused by these threats can help fortify your digital infrastructure. After building a solid foundation on cybersecurity and best practices, management and operations teams can begin looking to the many benefits that
emerging property technology (prop tech) promises to bring to the commercial real estate industry. Sticking with the topic of security, in this issue’s article on Effectively Leveraging Security and Technology to Create Efficiency and Find More Effective Solutions, security expert and thought leader Joseph Murphy reviews many of the latest technology solutions that are enhancing security operations and properties across the globe. Owners and managers may begin to consider how supplementing and replacing elements of their property operations with these solutions can assist their business in dealing with the challenges posed by talent shortages, training, and older building security operations models. We view the CRE world differently now. Nowhere is that more apparent than the promises offered by the ongoing advances in virtual reality. In Virtual Reality: Reshaping the Office and Building Operations, author Brian Bollinger with Sustainable Investment Group (SIG) reviews the exciting developments in this space and inspires property management professionals to further consider how VR is going to overhaul many of the current processes practiced in the industry. With so many developments in Prop Tech and cybersecurity, we can only begin to address this topic in this guide. However, by sharing this guide with your team members, owners, and customers, you will spark conversation in exploring what steps your businesses and properties can take to embrace the future of the industry. You are also encouraged to seek additional resources available at www.CREInsightJournal.com, a few of which have been highlighted in the feature found at the conclusion of this guide. Whether it is cybersecurity, prop tech or other CRE Industry issues, I encourage you to keep CRE Insight Journal as one of your resources.Sign up for our eNewsletter and become a CRE Insight 365 member to enjoy exclusive content that is only available to members. And, as always, Stay Insightful!
Prop Tech & Cybersecurity Guide | June 2022 3
CONTENTS Prop Tech and Cybersecurity Guide
Prop Tech and Cybersecurity Guide is published for:
05 THE FIRST CYBERSECURITY STANDARD FOR COMMERCIAL REAL ESTATE BUILDING CONTROL SYSTEMS
By: Fred Gordy
10
EFFECTIVELY LEVERAGING SECURITY AND TECHNOLOGY
By: Joseph Murphy
12 VIRTUAL REALITY: RESHAPING THE OFFICE AND BUILDING OPERATIONS
BY: Brian Bollinger
14 SECURING TODAY’S BUILDINGS WITH AI-POWERED VIDEO
CRE Insight Journal 5901 Peachtree Dunwoody Rd, NE Suite C-300 Atlanta, GA 30328 (404) 475-9980 www.creinsightjournal.com The Wyman Company Advertising Representatives: Chris Chiccarello chrisc@thewymancompany.com Justin Olson jolson@thewymancompany.com Holly Patterson hpatterson@thewymancompany.com Katie White kwhite@thewymancompany.com Editor-in-Chief: Gabriel Eckert, CAE, FASAE geckert@bomageorgia.org Executive Editor: Jacob Wilder, CAE jwilder@bomageorgia.org Managing Editor: Owen Kavanagh okavanagh@bomageorgia.org
ANALYTICS
BY: Dan Yetso
16 BREAKING DOWN BUILDING SYSTEM THREATS AND
CYBERSECURITY FOR CRE By: Fred Gordy
20 EMERGING TECHNOLOGY TO LEVERAGE THE GIG ECONOMY BY: Mike Popadak
22 PROP TECH & CYBERSECURITY RESOURCES FROM CRE
INSIGHT JOURNAL
© CRE Insight Journal 2022
Prop Tech & Cybersecurity Guide | June 2022 4
CYBERSECURITY
THE FIRST CYBERSECURITY STANDARD FOR COMMERCIAL REAL ESTATE BUILDING CONTROL SYSTEMS BY: FRED GORDY Building control systems (i.e., operational technology or OT) have cybersecurity requirements that cannot be met using the standards available for IT. These IT standards were designed to protect data and data systems. The National Institute of Standards & Technology (NIST) is a preeminent standard for companies developing IT policies and processes. However, even NIST acknowledged the importance of identifying risk in OT devices. Its 2019 publication states that OT/IoT devices identify three high-level considerations that may affect the management of cybersecurity and privacy risks for IoT devices as compared to conventional IT devices: 1. Many IoT devices interact with the physical world in ways conventional IT devices usually do not. 2. Many IoT devices cannot be accessed, managed, or monitored in the same ways conventional IT devices can. 3. The availability, efficiency, and effectiveness of cybersecurity and privacy capabilities are often different for IoT devices than conventional IT devices.
Another noted authority, Gartner, also acknowledged that cybersecurity strategies for OT/IoT require tools, methodologies, and guidelines that are not available in the IT realm. The net-net is that building control systems need different standards to address their unique vulnerabilities and risks. As a result, the non-profit organization Building Cyber Security (BCS) has created the first comprehensive set of building control system standards. Prop Tech & Cybersecurity Guide | June 2022 5
WHAT IS BCS? BCS is a private sector non-profit organization of asset stakeholders, technology companies, industry associations, and insurers developing and administering a proactive & holistic framework/certification process with market-based options to improve the cyber-physical security and safety of property and citizens in an increasingly connected world. BCS focused on promoting the adoption of technology, processes, and training to reduce cyber risk.
The Framework Team BCS formed a working group of experts from the standards community, IT practitioners, and practitioners in the building control space. These individuals represented organizations such as NIST, the International Society of Automation (ISA), the National Electrical Manufacturers Association (NEMA), Center for Internet Security (CIS), and the National Security Agency
(NSA). As the building control system industry representative, I was fortunate enough to join this group, affectionately known as the “Breakfast Club,” since our meetings were at 7 AM sharp. We began meeting in August of 2021 to determine the standards and their framework.
Choosing the Foundation The Breakfast Club’s goal was to review all the existing IT standards that might apply to OT and then narrow down from there. After careful consideration, we chose two existing standards to develop the BCS framework: 1. The International Electrotechnical Commission (ISA/IEC) 62443 standard 2. CIS Critical Security Controls Implementation Groups (IG) 1, 2, & 3
FRAMEWORK STANDARD #1: ISA/IEC 62443 ISA/IEC 62443 is an internationally recognized standard developed for the industrial process sector’s ever-expanding range of domains and industries, such as power and energy supply, distribution, and transport. This standard’s similarity to the systems and devices in building control systems was naturally more conducive to constructing the BCS standards. ISA/IEC 62443 has four categories: 1. General: Covers topics that are common to the entire standard 2. Policies and Procedures: Focuses on methods and processes associated with IACS/BCS security 3. System: Requirements at the system level 4. Component: Detailed requirement for IACS/BCS devices
The Breakfast Club worked with one of the ISA/IEC 62443’s authors to determine the controls that best fit the building control system. The main goal was to determine requirements for building owners/mangers, service providers, and manufacturers. In our industry, this area was the most lacking in terms of standards. From the graphic below, you can see the four specific standards that we chose for the framework and how it impacts the roles and responsibilities of each group. Prop Tech & Cybersecurity Guide | June 2022 6
The Breakfast Club also defined Building Functional Areas and added these to the standard for consistent naming and identification. Lack of clarity in naming conventions is a problem across the industry.
FUNCTIONAL AREA
NAMING CONVENTION
A/V and Digital Signage
• Room Management
Voice Communication Systems
• Standard • Emergency
Utility Systems
• Gas • Water, Boilers, Filtration • Electric (Including Backup Generators, UPS, Solar, Wind)
IT Systems
• • • • •
Data Storage Financial Owner Network Property Management Tenant Network
HVAC Systems
• • • • • •
Ventilation Chillers Air Handling Purification Air Quality Health
Fire systems
• Fire Detection Systems (alarms) • Fire Protection Systems (sprinklers)
People Transport Systems
• Elevators • Escalators • Moving Walkways
Physical Access Systems
• Physical Security Control • Video Surveillance • People Count
Lighting Systems
• Standard Lighting and Shades • Emergency Lighting
Prop Tech & Cybersecurity Guide | June 2022 7
The next task was to define system security requirements. ISA/IEC 62443 uses Security Zones to determine how systems should be grouped. Security Zones are defined as a set of assets with common security requirements. It is crucial to set up Security Zones to separate systems to minimize overall risk and create containment areas if malware/threats have compromised a system.
The image on the left shows what a typical system Security Zone should look like. It contains a front-end server with the application installed, an embedded device (e.g., supervisory or field controller, and a network device that connects them. The Zone Access Point can be direct physical access only or a remote connection using a firewall. These are defined in the Accessibility Types shown below.
Once a system is in a Security Zone, each is defined as either performing an Essential Function or not. Essential Functions are required to maintain health, safety, environment, and availability of the equipment under control. However, security measures must not adversely affect Essential Functions of a high availability BACS unless supported by a risk assessment.
Typical Essential Functions could be, but aren’t limited to: • Protection (safety) • Control • View/manipulation of the equipment under control • Physical security
After identifying Security Zones, the systems must be set up to be securely accessed, monitored, and all the assets managed. ISA/IEC 62443 has created a methodology that enables building control systems to comply. This methodology is known as Zones and Conduits. The concept of Zones and Conduits was introduced by the ISA99 committee of the ISA/IEC 62443 series of standards and adopted by BCS to segment and isolate the various sub-systems in a control system. A Conduit consists of the grouping of cyber assets dedicated exclusively to communications, and which share the same cybersecurity requirements. A Zone is defined as a grouping of logical or physical assets that share common security requirements based on factors such as criticality and consequence. Equipment in a zone has a security level capability. If that capability level is not equal to or higher than the required level, extra security measures must be taken, such as implementing additional technology or policies. The graphic below shows building systems for HVAC and lighting. Prop Tech & Cybersecurity Guide | June 2022 8
FRAMEWORK STANDARD #2: CIS CRITICAL SECURITY CONTROLS IG 1, 2, & 3 ISA 62443 covered most cybersecurity needs of building control systems, but some components are strictly IT. CIS IGs were included to ensure a full cybersecurity standard. These IGs are based on NIST but have been simplified and categorized to make implementation more digestible for the building controls community. CIS calls the controls inside the Implementation Groups (IGs) Cyber Defense Safeguards. They are broken up into “crawl, walk, run” phases to allow faster adoption and roadmap to maturity. The image on the right shows the IG levels. IG1 is considered the “crawl” phase. The number of controls necessary to satisfy this requirement is the lowest of the three. IG2 is regarded as the “walk” phase and requires more controls to be met than IG1. IG3 is the “run” phase, which requires that all controls are met. The second graphic below shows the areas of controls and the number of controls for each phase that must be met. For example, the first image shows Control 01 is Inventory and Control of Enterprise Assets. There are a total of five Safeguards associated with this control. The colored tags indicate the IG and the number of controls required to meet the IG.
requires that two of the five controls must be met requires that four of the five controls must be met requires that all five controls must be met
WHAT’S NEXT? The framework is complete and currently undergoing a review by leaders from manufacturers, insurance, building owners, vendors, and other standards organizations (e.g., NIST). The framework is expected to be released by the third quarter of this year. This means that a building can be assessed and certified, making its building systems safer. This could also impact cyber insurance rates by reducing premiums. If you would like to learn more, please feel free to contact me (fred.gordy@intelligentbuildings.com) or visit buildingcybersecurity.org.
About the Author Fred Gordy Fred Gordy is a SmartBuilding industry expert and thought leader with 20 years of experience in secure control system development and implementation for Fortune 500 companies throughout the US and abroad. He is one of the first in the SmartBuilding industry to address the inherent risk that control system technology poses.
Prop Tech & Cybersecurity Guide | June 2022 9
SECURITY
EFFECTIVELY LEVERAGING SECURITY AND TECHNOLOGY BY: JOSEPH MURPHY
Another request to increase building costs for a labor-based service provider? What is this, the third, or fourth, in under two years’ time? How can I possibly support this and maintain my property’s budget? In past years, a request for a 3 percent rate increase was fairly common, some properties simply planned on it in their budgets each year. In more challenging years, maybe the property was asked to approve a 5 percent increase in order to keep pace with market norms and to ensure their security service provider had the financial resources needed to attract, and retain, the most appropriate talent for the property. But the pandemic changed all that, dramatically. Labor resources dwindled due to market and governmental influences, and the pressure on hourly labor, basic supply and demand economics, drove wages up – way up! Over the past two years, security officer wages in Georgia have increased by 15 to 20 percent, or more. By comparison, according to the Bureau of Labor Statistics, BLS, the Consumer Price Index increased by an average of just 4.65 percent during the past two years. But that is deceptive as the average CPI increase for 2020 was just 0.6 percent, while the average CPI increase since July 2021 has been 10.3 percent (bls.gov). So, how is a Commercial Real Estate asset supposed to respond to this? How can operating budgets continue to increase while occupancy dwindles or remains uncertain? That is not a sustainable equation. The solution is to revisit how your property is using security officer services and the technology you have in place today. Just because you have always operated with a
certain level of on-site security staff does not necessarily mean that is what your property needs today. Your occupancy has perhaps changed, how the asset is being used has perhaps changed, the risks your security program needs to address have perhaps evolved as well. Time for a Security Program Check-Up.
Program Check-Up A Security Program Check-Up should include a fact-based review of incidents and risks experienced by the asset for the past three to five years. A careful evaluation of existing security technology, access control systems, CCTV systems, building and parking facility usage and actual tenant needs, and expectations, should be undertaken. A review of mandated lease provisions stipulating security levels should be completed and fully understood. Can you do more with less and still achieve the Enterprise Security Risk Management (ESRM) objectives for your property, or for your portfolio of properties? According to some, we are in the “Fourth Industrial Revolution”; where ‘data is oil’ and the connectivity created by the Internet of Things (IoT) is leading to rapid enhancements in security technology, analytics and AI. Just over a decade ago, building security staff were using VHS tape cassettes in building video recording systems, today, a property manager can view all the cameras on their property from their smartphone at home or Prop Tech & Cybersecurity Guide | June 2022
10
while on vacation. It’s time to see what technology can bring to the property to better manage expenses and improve the overall security posture of the property, and the effectiveness of the assigned security staff. Leveraging new and emerging technologies to reduce the reliance on security staffing simply makes sense, financial sense and operational sense. If the current building access control and CCTV system is ten years old, or more, its time for a full-scale review. It may be possible to achieve more coverage, more efficiency and better security with an upgrade. Yes, getting capital dollars to achieve an upgrade may not be in the budget but a holistic review might result in other savings in maintenance costs or security staffing levels to make an upgrade more practical. In some cases, companies providing the security technology can create a “budget neutral” scenario over a three to five-year period for the property. For real estate companies with a portfolio of properties, the ESRM objectives should be evaluated in light of each building need, and the needs of the portfolio. Combining the Security Operation Centers (SOC), or Control Rooms, for multiple properties into one location can often result in an immediate ROI of hundreds of thousands of dollars. For single assets, outsourcing those Control Room functions to a Remote Monitoring company might reduce your costs by 50percent or more. Reducing your security staffing levels from two officers on nights or weekends to a single officer supported by a Remote Monitoring Agent might be possible. A Remote Agent can conduct video patrols of the property, use advanced analytics for enhanced detection of suspicious activity and can dispatch on site or nearby patrolling officers to investigate when appropriate.
A Program Check-Up should include consideration of some or all of these security technology upgrades: • More Effective Camera Systems • Utilizing Remote Agents to support the Security Program • Deploying Camera Analytics to allow security to focus on actionable events • Updating Access Control to Elevators • Using Facial Recognition or biometrics in higher security environments • Using License Plate Readers (LPRs) to identify when nonregistered vehicles enter the garage • Deploying the use of Segways as a “force multiplier” so one officer can cover the area of two • Remotely monitoring, and controlling, access to an entrance that was previously staffed • Using a “Video Concierge” to “staff” a lobby on overnight or weekend schedules • Protecting multiple smaller assets with a driving patrol supported by remote monitoring Using appropriate building systems technology to better secure access to areas above the ground floor is another way to potentially reduce security labor expenses. Do you have destination elevators now? Card readers controlling access to the elevator or floors above ground level? If so, is the security officer who has historically been nearby to control access still necessary on all schedules? Can they be “replaced” by a Video Concierge? A video monitor that activates when someone approaches and presents a live Agent to interact with and assist the individual approaching a checkpoint or lobby desk? Maybe on the overnight or weekend schedules?
Think Outside the Box At an average wage of $15.00, for every officer you replace with technology there is an immediate ROI of approximately $45,000.00. In larger programs, restructuring your coverage to reduce by three or four officers can free up hundreds of thousands of dollars, more than enough to upgrade wages or upgrade building technology systems. And those are savings that continue well beyond the initial ROI period which adds real value back to the asset. It’s time to rethink how we leverage security and technology to support our properties, and the personnel that serve them. Many long-term security programs have existed in their current form without being challenged or revisited for decades. Installing more effective camera systems, combining video surveillance/control room operations, right sizing coverage levels to meet the new property needs in a post-pandemic environment, using current technology to augment or replace the services of on-site security staff, outsourcing low demand schedules to a remote agent, using a combination of remote monitoring and patrol services; all of these are possibilities to better manage operating expenses. Engage your security supplier and challenge them to “think outside the box” or hire a qualified risk assessment professional who can complete this program review for you.
About the Author Joseph Murphy Joseph Murphy is a well known security leader with nearly 40 years of industry experience. Formerly certified as a Crisis Prevention Instructor, Mr. Murphy is a frequent speaker on issues related to workplace violence prevention. Currently he serves as the Senior Vice President of Commercial Sales for Prosegur Security.
Prop Tech & Cybersecurity Guide | June 2022
11
TECHNOLOGY, VIRTUAL REALITY
VIRTUAL REALITY:
RESHAPING THE OFFICE AND BUILDING OPERATIONS BY: BRIAN BOLLINGER Every morning I have the privilege of waking up and working out at some of the most exotic destinations on the planet: Crater Lake, Machu Picchu, remote beaches in New Zealand. My world-class coaches keep me on form with my boxing, pushing my heartrate into the 170s, as I slip, weave and land jabs, hooks and uppercuts to the tunes of Dizzie Gillespie, Steppenwolf and bands I’d never heard of until that morning. My jet-setting ways are only possible because I work out six days a week in Supernatural VR, a fitness program that rose to prominence during the COVID-19 pandemic, before being acquired by Meta and its virtual reality company Oculus. During the workday, while I do sometimes jump in my car and drive to one of our company co-offices around Atlanta, or travel to client sites, just as easily I can message one of my coworkers in Kansas City or Austin to see if they’d like to hit nine holes of golf while we talk through a project we’ve been working on together. Thanks to the PGA’s collaboration with TopGolf and developer Golf Scope Inc., we can step onto the tee box of famous courses like Wolf Creek and Valhalla in our wireless VR headsets using the Golf+ app, collaborating through something more rewarding than yet another Zoom call: bragging rights across the water hazard. It may be virtual reality, but it’s real life in today’s world. The COVID-19 pandemic witnessed the explosion of virtual reality, beyond specialty business and gaming niches, much like it saw the meteoric rise of Zoom, and other forms of telepresence, to the forefront of everyday life. According to the highest volume maker of VR headsets, Oculus, 2021 alone saw their number of users explode by some 7 million, rising another 90 percent above the already dramatic growth of 2020s pandemic lockdowns. Like Zoom, it would seem, VR is here to stay, shaping the ways we live and play, and increasingly, the ways we work. Of course, the commercial and residential real estate industries are no strangers to this technology: many consumers are already growing to expect the freedom to ‘tour’ in 3D or VR an apartment or office suite they want to rent from across the country or just across town. This reality has been driven by the democratization of “photogrammetry” scans made possible by companies like Matterport.
But an array of companies were already using VR to enhance workplace training before the pandemic, including giants like Walmart and UPS and even the NYPD, familiarizing employees with basic protocols and emergency scenarios. Brock McKeel, Walmart’s senior director of digital operations told CNBC back in 2019 “Life happens in 360, not 2D…. We test our associates on the content they see. Those associates who [used] VR as part of their training scored higher than those who didn’t.” Today, companies like 3M, Serious Labs and Aetos Imaging are releasing training experiences from fall protection and harness inspection to heavy equipment operations and even building equipment maintenance training, all in realistic virtual environments. In Aetos’ case, the virtual environments are literal, high-definition digital twins of their clients’ own buildings. “We believe that making it possible for companies to have their best people managing their facilities requires remote access to a version of their actual space, not just a generic model,” says Aetos President, Connor Offutt. When I interviewed him (on a golf course in VR) he elaborated that “we need to start looking at the communication barriers in the AEC space, and how we can adopt digital twin technology into the way we collaborate on projects.” Offutt describes a future in commercial real estate where institutional knowledge stays with a building, such as equipment training by the chief engineer embedded right into the digital twin, or even enabling ‘telecommuting’ by a director of Facilities who might have otherwise opted to retire, allowing them to meet in VR from wherever they live to ‘walk’ all their properties and resolve or discuss issues with staff in real time. Virtual office space startup Teamflow’s CEO Florent Crivello told the Wall Street Journal in February that VR isn’t just allowing companies to reach for their best talent, wherever they may be, but that sharing that insight becomes quicker than ever: “The biggest difference when it comes to training is that the feedback loops will be 10 times shorter.”
Prop Tech & Cybersecurity Guide | June 2022
12
To say that built environment and CRE professionals have much to gain from existing VR technologies doesn’t require a great deal of imagination. Many of the applications are already here: the ability to show tenants more easily what their space can look like after a build-out, differentiating with tenant amenities like VR fitness or meditation spaces unique to a tenant’s ideal, even opportunities for due diligence at facility disposition reaching a broader pool of buyers. Take that last example: imagine how many more buyers, ones who might be on the fence about getting on a plane for a deeper look, would be happy for their best engineer to walk your facility’s equipment room from her own living room across the continent and minutes later be able to take her dog for a muchneeded walk? In the war for talent, VR increasingly bills itself as a rising strategic advantage, and that claim appears to stand on firmer ground every year. Charlie Cichetti, CEO of Sustainable Investment Group, a green building consulting and engineering firm, sees a future where the “metaverse” we all have heard so much about gets its real value from durable assets relevant to the CRE industry.
“When I’m doing a commissioning walkthrough, I want to hand my client more than just a PDF report no one will ever read,” Cichetti said. He wants to hand them a digital twin that lets their team see, not just where something needs to be fixed today, but where the management team of the next owners can look for opportunities or issues five years down the road. He concludes, “that digital twin becomes a real asset, one that is appreciating in value along with the physical building; a digital asset yes, but it’s no less real.” He just might be right. I hope it’s true that virtual reality will change my work life for the better, even incrementally; but if I’m being honest with myself, that Eagle I just sunk on the 4th would never happen at Wolf Creek in real reality. Of course, that’s also because my spouse would never greenlight the $240 green fee and a ticket to Vegas, just so I could talk about proposal writing with my coworkers. But hey, if I could make that real, I think I would.
About the Author Brian Bollinger Brian Bollinger is the Head of Communications at Green Building Holdings, a family of companies that help designers, builders and operators of commercial buildings realize just how healthy and green their spaces can be. He’s a member of the Georgia chapter of BOMA and the Association of Energy Engineers; but he loves to spend his spare time researching new ways to make better possible throughout the built-environment and on the planet we all share.
DOWNLOAD THE 2021 ENERGY STAR CONTENT GUIDE FROM CRE INSIGHT JOURNAL Since its inception, ENERGY STAR® has helped American businesses and families save 5 trillion kilowatt-hours of electricity and avoid more than $450 Billion in energy costs. This important program was the centerpiece of CRE Insight Journal’s 2021 ENERGY STAR® Month educational campaign. This content guide showcases the articles and videos released throughout the month of October 2021. From ENERGY STAR® benchmarking testimonials to the many ways you can save, this guide is a gateway to the information and expertise needed to help you build value and enhance your buildings. Download the content guide by clicking here: Content Guide
Prop Tech & Cybersecurity Guide | June 2022
13
TECHNOLOGY, SECURITY
SECURING TODAY’S BUILDINGS WITH AI-POWERED VIDEO ANALYTICS BY: DAN YETSO
I
n the commercial real estate industry, property managers have a host of individuals that depend on them for the overall safety and security of the entire campus. From unwanted access, to tailgating, to incident response, the list of responsibilities is a long one in the hopes of creating a safe work environment, attracting quality patrons and building the corporate image. And the impact of a security incident can be wide-ranging. In a 2016 National Safety Council study, 39% of employee respondents felt that management does the minimum required by law to keep them safe at work — and you can only imagine how that number has grown since then. As a building owner, how can you best increase your team’s situational awareness levels, streamline your incident response efforts and create the safest environment possible?
New Technologies at the Forefront of Safety and Security In the hopes of fortifying their security infrastructure, organizations have deployed a host of solutions at this challenge, including gates and security guards, access controls and a network of video feeds across the campus — all in the hopes of creating a higher level of awareness and the ability to spot, assess and (if necessary) intervene on issues before they become incidents. For many, the ability to deploy a relatively low-cost camera network has been a key aspect of their security infrastructure. Cameras can be placed at strategic locations such as entryways, gates and other security facilities, allowing the security team to have additional “eyes” on key access points that might present a potential security risk.
system can produce hundreds — if not thousands — of hours of footage every single week. And the burden of manually reviewing all of that video footage often falls directly on the security team, which takes hours and hours of time and also keeps them away from their daily duties. As a result, an already-busy security team is taken out of the field, clicking their mouse through a deluge of video clips in an attempt to spot a perpetrator, with a very small chance of being able to identify the individual much less trace their path across campus to create a holistic view of the incident.
Streamline Your Security Infrastructure with AI-powered Video Analytics The term “artificial intelligence” has been a common refrain over the past decade. But rest assured: it is here and its impact on physical security will be dynamic. By utilizing a robust deeplearning algorithm that allows for the quick detection and classification of people, vehicles and objects, AI-powered video analytics can automate and massively simplify the process by which your team processes, reacts to and investigates video feeds. Utilizing deep learning-powered video analytics, an AI-powered video analytics solution can help humans make sense of overwhelming amounts of data and how people and objects are interacting within the real world. A smart video analytics platform is able to recognize faces, bodies, vehicles, bicycles, motorcycles, bags, long guns and even a fallen person.
But a solid approach to video monitoring is not without its challenges. An average corporate campus video surveillance Prop Tech & Cybersecurity Guide | June 2022
14
A few other areas in which an AI-powered video analytics solution can help your building needs: • Assisting - A smart system should be able to offload a bevy of manual effort, sorting through hours of video and providing key information with which a human being can then create insights.
•
•
Augmenting - An AI-powered system should also be able to suggest modifications to existing patterns based on the insights it gains throughout the day, week and month. For example, wouldn’t it be great if your security infrastructure could automatically reach out to the cleaning crew to let them know that they have yet to meet their required number of cleaning operations? Autonomy - The smartest systems will integrate with other aspects of your building management and security process to actually take the required action. What if a low guard-staff alert could trigger an automated drone sweep of your buildings, sending back video surveillance of the entire campus?
Emerging Technology Bringing a Wealth of Use Cases to Life As this technology becomes more and more prevalent, the list of use cases becomes equally as robust: • Reduced time to detect - AI-powered video analytics can act as a guard that watches your cameras 24/7 to ensure you can detect critical incidents and prevent them from escalating. • Smart intrusion detection - Help users address issues of unauthorized access by allowing them to search for and set alarms on a growing list of descriptive attributes within specific camera zones of interest. • Watchlist incorporation - Search for the presence of known individuals (that disgruntled ex-employee, for example) that are present on campus and quickly alert the security team to their location. • Re-ID - The ability to quickly re-identify a particular individual off of a live video feed or pre-loaded Person of Interest (POI) list, creating a user journey of that individual across your entire campus. • Vehicle search and alerting - Quickly find vehicles of interest and match individuals to that vehicle. • Person down - Keep an eye out for fallen individuals, quickly react to their needs and spot troublesome areas across your campus. For the typical property manager, these use cases can quickly lead to real bottom-line impacts. Say, for example, you are currently paying to have a local snow-blowing company clear the parking lot every Monday, Wednesday and Friday during snow season. Because this work needs to be completed by 7 a.m., the snow removal team does their work in the pre-dawn hours, well prior to the arrival of anyone who manages the building. But wouldn’t it be nice to get alerted to the fact that the snow removal company only showed up twice a week over the past month of heavy snow?
That insight can be pulled directly from an AI-powered video analytics solution, providing your building management team with a detailed, time-based recap of activities that could lead to a renegotiation with the vendor, a refund or a competitive bid.
The Future of AI-powered Video Analytics As this technology is only now starting to show its value to the physical security industry, the upside potential for its use is ever-expanding. In the near future, your AI-powered video analytics platform should be able to support the following: • Multi-modal inputs - Incorporate video from any source; live or recorded, fixed or mobile (such as drones or body cameras) and tie that video to badge readers and other inputs across your security infrastructure to increase situational awareness. • Customizable - With an approach that allows the system to “learn” new object types over time, a smart system will continue to adapt and grow to new environments, situations and types of objects. • Open - Systems will only be valuable if they take a modern API-based approach so they can be tied into other aspects of your infrastructure, such as badge readers, building management systems, additional sensors and more. For property managers in commercial real estate, the impact and value of AI-powered video analytics is clear. With a host of key applications and use cases, the ability to streamline your physical security efforts can save valuable time and money and directly impact your bottom line. More importantly, a more robust, smarter security infrastructure can result in better situational awareness, smarter resource staffing and improved response times — creating an environment that is safer, more productive and attractive to existing and potential patrons.
About the Author Dan Yetso is the Sr. Director, Corporate & Customer Marketing at Vintra, Inc., a Silicon Valley provider of AIpowered video analytics solutions that transform any realworld video into actionable, tailored and trusted intelligence. Prior to Vintra, Dan spent over five years at Google in a variety of innovation efforts and has enjoyed leading goto-market efforts for a wide variety of global brands, from startups to mid-sized companies to global billion-dollar leaders.
Prop Tech & Cybersecurity Guide | June 2022
15
CYBERSECURITY, TECHNOLOGY
BREAKING DOWN BUILDING SYSTEM THREATS AND CYBERSECURITY FOR CRE BY: FRED GORDY Building cybersecurity has become a “real thing”. That is good but this too introduces issues. In this article, I will give real-world examples of four incidents that my company has experienced. Two scenarios presented as attacks. Two occurred with with good intentions, but a lack of understanding. These stories are based on actual events with modifications to mask the identity of those affected.
Printer Empties a Building Event Type: Hack Site assessments are a part of our day-to-day routine. This customer had contracted us to assess a sample set of buildings to get an assessment of where they stood. The first site we visited was one of their flagship locations with a couple of highvalue target tenants. The systems to be evaluated were typical systems such as the HVAC, lighting, access control, elevator, etc. During the initial walkthrough, our assessor asked to see the parking system but was informed that it was not connected to any building networks and, therefore, would not be included in the assessment. The assessor asked if there were any policies that they, the building owner, required of the parking vendor. The company rep said no other than the usual. The assessor said, “Who’s name is on the building?” Nothing else was said. A few weeks later, the assessor returned to this site. Between the first visit and this visit, an event had happened related to the parking vendor. The parking system had a network, and someone had added a wireless access point that was open to the web and had default credentials. Someone from the outside had gotten to the network printer and printed, “There is a bomb in the building.” As a result, the building had to be evacuated and called emergency services to locate the bomb. No bomb was found; however, 30 floors of tenants- including two high-value tenants- lost productivity for over 24 hours, in addition to the reputation damage done, the person or persons responsible were never identified.
92 Days to Recover Event Type: Hack A day before this event, a building engineer checked his personal email on the application server. He received an email that appeared to be from a fellow engineer. The building engineer that checked his email thought it was unusual that the employee had sent an email to him to his personal email, but the email had a link to a site that appeared to be something that might have come from this employee. The link did not take the engineer anywhere. It just appeared that the other employee had not copied the link correctly. The building engineer talked to the person that sent it later in the day and told them the link he sent didn’t work, for which the person let him know they had not sent him anything. Additionally, he advised that if he had sent it, the email would have gone to his work email because he didn’t know his personal email. None of these inconsistencies caused the engineer to notify anyone about what happened. They did, however, back up the application server to an external hard drive just in case. The day ended without incident. About mid-morning the following day,, another engineer needed to make setpoint adjustments because tenants on the 10th floor complained that their area was too cold. The engineer went to the application server to make the adjustments and noticed that a window was opened he had never seen. There was a message that said: “Your Important files are encrypted. Many of your documents, photos, videos, databases, and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files but do not waste your time. Nobody can recover your files without our decryption service.” There were also instructions on how to recover and how to pay for the recovery. There was also a countdown timer letting them know that all their files would be lost. The engineer that clicked the link the day before was also in the room at the time and let the other engineer know that he had made a backup the day before and that they should call the vendor and have them reinstall the operating system and the application. The vendor was able to reinstall the operating system and installed the application and the files necessary to get the application up and running. This took a couple of days. Prop Tech & Cybersecurity Guide | June 2022
16
Not too long after the system was back up and running, there were some anomalies that occurred with some of the equipment in the central plant. The variable frequency drives (VFDs) seemed to be sometimes running slightly faster and sometimes slightly slower; however, this settled out and did not occur for the rest of the day. Several days later, staff arrived and went about their typical day. The first indication of a problem was the engineer noticed that the central plant controllers were offline. They also noticed no alarms were showing for the central plant which there should have been at least the alarms associated with the offline state of the controllers. Investigation of the plant found the chillers were off. Further investigation found that several of the VFDs were inoperable. The staff attempted to restart the main chiller manually but were not successful. They next tried to restart the other chiller manually and were unsuccessful. They began investigating mechanically the cause, at which time they found extensive damage to the pumps due to what they believed was cavitation.
Here is what is believed to have occurred. •
The vendor found that a remote access trojan (RAT) was also in the payload of the ransomware.
•
Once the RAT was embedded and the hacker or hackers planted the ransomware, there was most likely a beacon that notified the hackers that the RAT was installed.
•
When the system was reloaded, the beacon notified the hackers that it was active again, and they realized they would not get paid, so they decided to damage parts of the system.
•
They remotely accessed the system and played with the VFDs to see what they could do but waited until they felt no one was watching the system and entered it sometime after 7 p.m.
•
They disabled the alarms.
•
They attacked the VFDs, which most likely caused cavitation, and destroyed the pumps.
•
They also disabled the central plant controllers.
At this point, the association between the ransomware attack was not even considered. It was determined that several of the pumps were going to need to be replaced, and each of the chillers required a full inspection to find out if there was any damage to them. The controls vendor was also contacted to investigate the system to check the application out and get the controllers back online and determine why alarms did not go out. The staff determined that several of the pumps and VFDs needed to be replaced.. They found that the VFDs appeared to have been run beyond their critical speed. The vendor happened to be listening and informed the engineers that the only way this could occur is if someone disabled the safety feature that would prevent it. This changed the thought process from possible equipment failure -not likely due to the number of devices affected and the extent- to the system’s possible hack. The direction of the investigation took the focus that this was probably what happened, but how? The first thought was that another unrelated hack had happened, but this seemed unlikely because lighting doesn’t strike twice in the same spot, right? The vendor went through the backup made the day before the attack and found that infection occurred that day of the backup, and it most likely came from the email that the engineer clicked when he checked his email on the application server.
The Results The damage to the system included: •
Roughly half the VFDs needed to be replaced.
•
The chillers had to be dismantled to inspect for damage.
•
Several pumps had to be replaced due to the damage from cavitation.
•
The central plant controllers had to be replaced because the hacker rendered them unrecoverable.
•
A new PC for the application was purchased to ensure no residual infection was present.
•
Because the backup was corrupted and the only backup was a year old, the application host programming had to be partially redone.
•
The entire process to fully recover took 92 days and thousands of manhours.
•
During that time, space cooling and heating units had to be rented to maintain tenant comfort.
Now, most of what is stated here are strictly speculation because there was no forensic data. Because the system had been reloaded and no logs were retained, who and when they accessed the system and what was done is still unanswered to this date.
Prop Tech & Cybersecurity Guide | June 2022
17
Connectivity Lost to Over 100 Buildings Event Type: No Policy/Lack of IT Understanding A company embarked on a nationwide initiative to aggressively improve the cybersecurity of all its facilities. Information Technology (IT) began the process and spent two years and several million dollars trying to understand how systems were set up; what systems were and were not connected if there were any policies and procedures in place; who was responsible for what; how to manage systems; and inventory all the devices in all the facilities. IT learned the basics of managing users but not the full extent or implications of doing such. In general, the organization did not have internal resources with a broad understanding of the various systems and what it took to manage them. However, in one region, there was an employee that was the go-to guy. This individual was responsible for the most significant number of sites. He had been instrumental in creating a regional system that centralized command and control of over 200 sites. This employee was given free reign to implement and change as he saw fit to create a unified and standardized system across all the sites within his realm of responsibility. His work appeared to be a model that all other regions could follow. However, due to the trust and control he was given, the organization did not exercise oversite of this individual. The work this individual did was not documented, nor were the details of how the systems were configured. This individual had to be let go. IT was notified, as is policy, to remove the employee from all system access. As mentioned earlier, IT had learned the basics of account management of control system devices. Still, IT had not learned or understood the implications of removing users without understanding the roles and underlying functions of what the user account influenced. IT began removing his user profile from the controllers and the application server. Unbeknownst to anyone, his user was also the user that created the machine-to-machine connection between the controllers and the application server for command and control. Before anyone was aware, over 100 sites lost communication to the central application server.Because no one knew this employee’s password and for very valid legal reasons, the employee could not be contacted. Simply putting another user in place of him would not fix the issue. What was required was to work with the manufacturer of the controller to recover communication between the application server and the hundreds of controllers affected. There were hundreds because for every site, there could be anywhere from one to 20 controllers at each location. This meant there were easily over 500 controllers that needed to be “touched.” The manufacturer was able to re-establish communication to all the controllers after 6,000 man-hours of work. This did not
include the hours of work required by facility staff to manually control the 100-plus site until centralized control was restored. This number has yet to be determined but could easily be in the thousands of hours.
Over 6,000 Devices Knocked Offline Event Type: Policy Enforced/Lack of IT Understanding A large commercial real estate building of over 100 floors was built with all the latest SmartBuilding technology and cybersecurity for IT and Operational Technology (OT) was built into the foundation of all these systems. To further ensure that cybersecurity specifications were met, they hired Intelligent Buildings to cyber commission the over 10,000 devices in the facility. The systems had been fully commissioned and were effectively turned over to the owner. The HVAC vendor was making final adjustments to the system and noticed that they could not connect to a device they had been working on just before lunch. They began checking other devices and found that none of the devices they checked were responding. The technician went and directly connected to a device nearby, and it was unresponsive. The tech power cycled the device and was able to connect to it directly. The tech then tried connecting to the same device over the network and was able to connect. However, none of the rest of the devices throughout the building were responsive. This represented over 100 devices. This did not include the field devices. In the meantime, the vendor responsible for the power monitoring noticed that the devices monitoring the racks were unresponsive. The number of devices totaled over 2,000. The vendor technician had to climb a ladder to investigate. The tech power cycled the device, but in this case, they had to connect via a serial cable to confirm that the device came back online and ensure those configuration parameters that the vendor set was still in the device. At this point, other vendors (lighting, elevator, etc.) noticed they had unresponsive devices as well. The vendor began reaching out to the general contractor and project management to inform them the systems were now not ready for occupation. The discussion started as to what was to be done. Delay occupying the building was on the table but not really an option legally. Each of the vendors had been working independently and was not aware there was an issue across other systems. So now the question was, what happened? Vendors started contacting IT to see if they could identify a cause, if there were one, from an IT perspective. IT did not see anything that they knew that could have caused. Light bulb moment… Prop Tech & Cybersecurity Guide | June 2022
18
The cyber commissioning company (CCC) was contacted to determine what might have happened. CCC found out about the vulnerability scan. They asked IT about the scans that were used. The type that was used is a known device killer. It effectively acts as a DoS attack on the devices. The devices cannot handle the interrogation this type of scan performs. The vendors had to go to each device and manually reboot their devices one at a time. The vendor of the data center rack power monitoring devices had to climb a ladder over 2,000 times because each device had to be manually rebooted and connected. This vendor made the statement, “If this happens again, we’ll give you a ladder, laptop, and serial cable, and you can do it yourself.” It is believed that the cost of this one scan cost in the high six figures.
Conclusion Building systems face risks from not only cyber-attacks but also from lack of understanding. Attacks are something that most are aware can happen, but lack of understanding most organizations have not taken in to consideration. In most cases and with good intentions IT applies their tools and practices into play without consideration of the potential impact to the control system. NIST (National Institute of Standards and Technology) in 2019 release IR8228 that made three statements that explains what to consider and the differences between IT and OT systems.
•
Many OT devices interact with the physical world in ways conventional IT devices usually do not.
•
Many OT devices cannot be accessed, managed, or monitored in the same ways conventional IT devices can.
•
The availability, efficiency, and effectiveness of cybersecurity and privacy capabilities are often different for OT devices than conventional IT devices.
IT does not understand that something as simple as patching an operating system of the application server could totally lock out the users from the systems at the very least. Or worse could require months of rework and replacement of devices in the field. Or in the cause of the thousands of devices knocked offline in the last story a single vulnerability scan cost this organization around $1.25 million to fully recover. IT can be a great ally in the fight against cyber-attacks on OT systems but they must be educated about how their policies, practices, and tools can impact building control systems.
About the Author Fred Gordy Fred Gordy is a SmartBuilding industry expert and thought leader with 20 years of experience in secure control system development and implementation for Fortune 500 companies throughout the US and abroad. He is one of the first in the SmartBuilding industry to address the inherent risk that control system technology poses.
October 18, 2022 1:00 PM - 2:00 PM Webinar Cybersecurity is extremely important in today’s interconnected world. The increase in “Smart” Building design has greatly intensified the cybersecurity threat at commercial real estate properties. From the locks on doors to the lights overhead, cyber criminals can target numerous parts of a building. Building Cyber Security (BCS) has developed a framework for CRE professionals to utilize at their properties. BCS is a non-profit organization leading the charge in cyber physical standards development, education, certifications, and more. Join experts from the BCS team as they discuss the framework and give an inside look at their certifications. Learn more and register today!
Prop Tech & Cybersecurity Guide | June 2022
19
TECHNOLOGY
EMERGING TECHNOLOGY TO LEVERAGE THE GIG ECONOMY BY: MIKE POPADAK Speed is an expectation in virtually every area of life. For commercial real estate management, instant visual verification of properties can increase productivity and help those who service or manage buildings to implement proactive plans. But retrieving this information can be challenging, especially when managing or servicing multi-sites across the country. Enter the gig economy. In the gig economy, employers contract freelancers to complete temporary jobs as opposed to utilizing internal resources or hiring full-time employees. According to Statista.com, more than one-third of U.S. workers participate in this labor market. It is no surprise that IT, retail, health care, and media industries heavily rely on gig workers. But what you may not know is that gig workers have a growing presence in the facility and property management industry. In fact, it is among the top eight industries poised for disruption by on-demand workers according to WorkMarket, Inc.
How Commercial Real Estate Professionals are Working the Gig Economy: Those who work in property management are used to adapting to change. But using technology that provides quicker and more efficient way to gather insights, makes it that much easier to adapt. The gig economy is a game changer for commercial real estate professionals, especially in the areas of talent and speed. So how does it work? Similar to how companies like Uber or DoorDash operate, but instead of giving a ride or delivering food, crowdsourcing technology is used to connect companies with professional talent and trade workers looking for shortterm positions or local consumers searching for on-demand
assignments within the commercial building management industry.
Talent Even before the spike of remote work, industry professionals have often felt the burden of being spread thin on available resources in the field as well as the expense it takes to send teams where they are needed. To be effective, commercial real estate professionals need multiple productive teams who are readily available at a moment’s notice. Hiring gig talent helps fill the gap. And not only do gig workers provide help when it is needed, but they also come with fresh perspective. Oftentimes, a different outlook can help business owners and property managers become more adept at delivering advice, insights, and new services to improve customer experience and the bottom line. Corporate also wins by saving on employment-related expenses such as payroll tax, health insurance premiums, and other overhead expenses.
Leveraging Gig Talent If you are like most business owners or property managers, you are familiar with hiring extra workers to meet intermittent high demand in areas such as cleaning or security. Gig workers are no different; only now—with dedicated freelancing platforms, it has become easier to procure highly specialized talent. Sites such as upwork.com and freelancer.com can source virtual assistants to manage tenant relations or field emergency calls, perform data entry, or accounting tasks; temporary labor to augment the team; or project managers to coordinate jobs and help free up your frontline internal resources. There is no doubt a wide range of gig talent is available to improve day-to-day operations. But the gig economy can also help facility managers increase response time and make data-driven decisions.
Speed As a commercial real estate professional, you hear it often: “I need it now.” Prop Tech & Cybersecurity Guide | June 2022
20
Leveraging the gig economy to satisfy speed requirements puts control back in your hands to create real-time impact. Augmented reality (AR) is an emerging technology that is gaining momentum in the facility management space. Imagine a facility has experienced some sort of control failure on a piece of equipment. A master technician located halfway across the country can slip on AR glasses to inspect the system and troubleshoot the problem without ever having to step foot on site. Sounds too good to be true, but it is possible with the right setup.
Risk Mitigation – Request photos of areas that have resulted in liabilities for speedy resolution and future prevention. Rollouts – Monitor milestones with photos and video of a variety of trades. Prioritization – Rank repairs based on location and severity of defect with photos that identify time and location.
Budgeting – Make well-informed decisions based on what is
observed.
Leveraging Gig Efficiency The gig economy makes it faster and more affordable than ever to monitor quality control, risk mitigation, contract compliance, service verification, and more from anywhere in the world. Regardless of if a building owner, manager, or service provider needs eyes on one site or an entire portfolio of more than 10,000 sites, the gig economy makes it possible to see virtually every property within minutes of the request, regardless how remote.
Ultimately, gigs are not just for ridesharing or e-commerce delivery, there is a growing need and demand for the gig economy in the world of property management. And just as your job requires flexibility, so does the mindset of the industry when it comes to outsourcing for talent and speed requirements. The workers and the technology are there. Now it’s up to you. The right people in the right places, along with speedy resolutions, is the key to satisfying tenants and customers as well as adding value to the overall facility and brand experience.
Here are a few ways the commercial real-estate industry can leverage visual verification technology and the gig economy to improve efficiencies.
Track progress – Monitor project or vendor progress of any service on one or multiple sites.
Monthly audits – Request survey data to proactively address repair and maintenance issues. Proof-of-presence – Request photos to satisfy proof-ofpresence requirements and verify workmanship.
About the Author Mike Popadak is the active CEO and CoFounder of iVueit, an innovative platform connecting the Facility Management professionals to an On-Demand workforce of mobile app users dedicated to site audits and data collection nationwide. Mike has nearly 20 years experience in interior brand execution and exterior property maintenance and has managed client relationships with national retailers across the country.
ExaMPLES OF THE GIG ECONOMY AT WORK
Fiver is a service that allows users to find freelancers to complete a variety of work. From video animation to creating chat bot for your website, Fiver connects freelancers with business that need their services. Fiver includes offerings for services that could help a property professional with their web presence, their organizations’s digital marketing or even proofreading.
TaskRabbit is for those needing a small job done quickly. Similar to Uber, users request help through TaskRabbit and those available and qualified can pick up the job. This could rnage from putting together office furniture to mounting a TV in the conference room. This service can be a great tool to use for odd jobs especially if a vendor is unavailable.
Upwork is a place for users to find freelancers and independant professionals to complete different jobs for their organization. Their pool of qualified freelancers can complete a variety of tasks such as building a landing page or designing an email template for your company. When users post a job, they recieve qualified proposals and can select the right person for the job. Prop Tech & Cybersecurity Guide | June 2022
21
RESOURCES
PROP TECH & CYBERSECURITY RESOURCES FROM CRE INSIGHT JOURNAL CRE Insight Journal is a collection of real estate industry insight recorded in articles, webinars, publications, and short, information-packed videos for on-the-go real estate professionals. When it comes to property tech and cybersecurity, real estate professionals can equip themselves with an expanding catalogue of resources on these topics and much more. Whether you want to learn more about the blockchain’s impact on the CRE industry, the latest in LED lighting, mitigate remote cybersecurity attacks or access full-length webinars on the new cybersecurity framework for commercial real estate, the resources at CRE Insight Journal have you covered. Access this free resource at www.creinsightjournal.com. Become a subscriber by signing up for the weekly newsletter or take the next step and become a CRE Insight 365 member. When you become a member, you will enjoy access to exclusive webinars, videos and articles that serves the needs of owners, asset managers, property managers and operations and maintenance professionals. Preview this great content by clicking on some of the featured selections below.
BREAKING DOWN BLOCKCHAIN Blockchain is a technology that is widely seen as a way to protect organizations from hacks and security breaches. It provides a permanent, tamper proof and verifiable record of transactions between trading partners. When used with strong encryption, it will significantly increase data security. Although most people associate Blockchain with cryptocurrencies, this technology has far broader applicability to many industries.
CYBERSECURITY AND YOU: FRAMEWORKS FOR CRE WEBINAR Building automation and Internet of Things (IoT) devices have greatly increased the efficiency of commercial buildings. These devices interact with the physical world in ways conventional IT devices do not, and they cannot be monitored or accessed in the same ways as conventional IT devices. The non-profit organization Building Cyber Security (BCS) […] Become a member to read more
L-PRIZE CONCEPT PHASE CONCLUDES
WHAT TO KNOW ABOUT RANSOMWARE
The first stage of the United States Department of Energy’s Lighting Prize (or L-Prize) competition concluded on Feb. 3, 2022. Four groups were awarded $20,000 each for their Solid-State Lighting (SSL) design concepts and the prototype phase will begin soon. With the first L-prize stage complete, the commercial real estate industry has moved one step closer to the next generation of LED lighting.
Ransomware is more than the occasional email, it can be a serious threat to building security and sensitive information for an organization. In this video, Fred Gordy, the director of cybersecurity with Intelligent Buildings, talks through the key points to know about ransomware and where a system may be vulnerable.
USING TECHNOLOGY TO ENHANCE TENANT CARE
FIVE BEST CYBERSECURITY PRACTICES FOR PROPERTIES AND COMPANIES
In this video, Community Engagement Manager Tashe Woods with Cousins Properties shares how her company implemented their mobile app, Cousins Go, to better communicate and serve customers at their property. From development to implementation and adaptation, Tashe shares how her company successfully launched this app that has shifted the way her company communicates and serves their customers.
Blockchain is a technology that is widely seen as a way to protect organizations from hacks and security breaches. It provides a permanent, tamper proof and verifiable record of transactions between trading partners. When used with strong encryption, it will significantly increase data security. Although most people associate Blockchain with cryptocurrencies, this technology has far broader applicability to many industries.
Prop Tech & Cybersecurity Guide | June 2022
22
