Seyfarth has released the results of its fourth annual Real Estate Market Sentiment Survey, which polled commercial real estate executives around the country from all sectors. Of interest to our readers, this year’s survey revealed that 69% of respondents are concerned about a cyberattack hitting their business in 2019, a significant increase compared to last year (46%).

View the full survey results

Cybersecurity isn’t just for technology companies anymore. More and more, we are seeing other critical infrastructure participants becoming targets of cybersecurity attacks. Transportation, construction, and other real property-heavy industries are starting to catch the eye of sophisticated hacking teams – both criminal as well as nation-state sponsored groups.

There are two different threat models in the real estate market: the builder and the manager.

Construction

Many commercial construction projects are supported by a public-private blend of resources. What most don’t know is that the inclusion of public resources (either via contracts, grants, or other sources of government dollars) will likely trigger an obligation (either directly or via contract) for cybersecurity. This will be for both the general contractor and their subcontractors (and other vendors like architects). For example, the Federal Transit Administration has specified that the Federal Information Security (Management) Modernization Act (“FISMA”) will apply to third party contracts in its Circular 4220.1F. A number of other executive agencies have also imposed FISMA on both contractors and subcontractors via administrative fiat. This is likely because FISMA applies directly to the agency, and FISMA has “flow down” obligations to contractors as part of its requirements.

Remember, in every Ocean’s 11 movie, Danny Ocean’s team has to get a good set of blueprints before they can break into the building and pull of the heist.

Management

More and more, we are seeing “smart” buildings. “Going green is becoming a gold standard in the construction industry. Now that we are seeing more smart buildings in commercial construction, builders, building owners, workers and insurers are dealing with new technologies and risks.” With the proliferation of “green” or “smart” buildings, the risks inherent in the “internet of things” has now come to real estate. The smarter the building, the more opportunities it has to be hacked—just like a computer. While smart buildings are generally a good thing, the attendant cybersecurity risks with IoT and smart buildings means that building management now has to be aware of virtual risks to the safety and security of the building. Remote compromise of locks, hacked key-card pads, compromised HVAC and elevator systems – these are just some of the ways that a building’s management may have to confront the kinds of cyberattacks that the technology companies have been facing down for years.

Needless to say, cybersecurity competence is beginning to be as important for builders and managers of real estate as land use restrictions and building codes. It is no wonder that cybersecurity is becoming more “front of mind” for those in the real estate industry.

Print:
EmailTweetLikeLinkedIn
Photo of John Tomaszewski John Tomaszewski

John Tomaszewski specializes in emerging technology and its application to business. His primary focus has been developing trust models to enable new and disruptive technologies and businesses to thrive. In the “Information Age”, management needs to have good advice and counsel on how…

John Tomaszewski specializes in emerging technology and its application to business. His primary focus has been developing trust models to enable new and disruptive technologies and businesses to thrive. In the “Information Age”, management needs to have good advice and counsel on how to protect the capital asset which heretofore has been left to the IT specialists – its data.

John’s expertise in the understanding of a company’s data protection and management needs provide a specialized point of view which allows for holistic solutions. A good answer should always solve at least three problems.

John has been a co-author of several information security and privacy publications, including the PKI Assessment Guidelines and Privacy, Security and Information Management: An Overview; as well as publishing scholarly works of his own on the topic. He has also provided input to the drafting of various security and privacy laws around the world; including the APEC Cross-Border Privacy Rules system. He is a frequent speaker globally on the topics of cloud computing, Self Regulatory Organizations (“SROs”), cross-border privacy schemes, and secure e-commerce.