Real Estate Cyber Consortium (RECC): Creating a Path to Cyber Harmony – Challenging CRE’s Supply Chain
The origins of Real Estate Cyber Consortium (RECC) date back to June 23rd, 2016 when a very informal, very private meeting of concerned leaders met at Realcomm 2016 in San Jose. The conversation coalesced a sense of urgency of the rising cyber threats to commercial real estate. The term Operational Technology (OT) was just being introduced as part of the vernacular.
In early 2017, the RECC was formally established at a meeting in Chicago as an industry group to elevate security industry standards, influence the supply chain and share best practices. The Cyber Forum at Realcomm has become the group’s platform for continually advancing the conversation and shared cyber journey that we are all on. In early 2022, RECC was officially incorporated as a not-for-profit industry organization and continues to be a leading force in driving cyber security standards for the built environment.
RECC represents over 45 leading organizations that are responsible for over 12.5 billion square feet of commercial and industrial property management operations worldwide and generate annual revenues of over $280 Billion. Participants range from CIOs, CTOs, CISOs to cyber ‘OT’ leads. To attract an even more diverse group of ‘OT’ stakeholders to the conversation and further drive change, we modified our membership levels in 2023.
Our Leadership Board meets virtually monthly where thought leaders and guest speakers share insight on best practices, distrust trends, policies, and procedures across commercial real estate owners, operators, and solution providers. These calls also feature presentations from industry leaders on topics relevant to threats, products and solutions that help our members protect and manage their built environments. Some of the hot topics swirling around our membership are network monitoring tools, risk frameworks, incident response plans, integrating cyber into new construction and cyber commissioning to name a few.
Our members gather for an in-person meeting over two days every spring. In March, the meeting in Austin, Texas was filled with content from our members and other industry leaders all relating to the various cyber challenges that commercial real estate (CRE) owners face on a daily basis. One of the hot topics for both days was the effect that OT has had on how CRE owners approach managing and securing their built environments. After listening to the challenges that CRE owners face with OT deployments and the potential vulnerabilities that they present, the first thing that came to my mind was that we as an industry need Cyber Harmony. The playbook for IT cybersecurity has been established and is still evolving. I believe that we are still in the discovery phase with developing the playbook for CRE OT.
So, what is Cyber Harmony? I would define Cyber Harmony as being a well-orchestrated collaboration between the multiple project stakeholders within the CRE IT and OT industries. This collaboration would result in the development of best practices, owner project requirements (OPR), specifications and commissioning processes that are adopted by organizations in the OT space such as ASHRAE, the Construction Specification Institute (CSI), Building Commissioning Association (BCA), AABC Commissioning Group (ACG). These best practices, specifications and procedures should then be implemented by the systems integrators who are responsible for OT deployments in the CRE built environment.
Understanding what needs to be done for our industry to achieve cyber harmony is not an easy task and will require thought leaders from multiple disciplines within our industry to come together and strategically attack this issue together. To put this into perspective, we need CRE owners, AE firms, General Contractors, Construction Managers, Mechanical Contractors, OT Manufacturers, Electrical Contractors, System Integrators and Commissioning Agents all to first understand the importance of cyber awareness and to also understand their roles and responsibilities in ensuring that the process of implementing the OPR into the construction process. The entire effort must start with the primary project stakeholder, which is the CRE owner. CRE owners must bridge the gap between their facilities and their IT departments. One of the results of bridging that gap should be the implementation of an internal OT Team that’s capable of coordinating with their facilities department and developing a set of owner's project requirements (OPR) that lay out the roles and responsibilities of the systems integrators as it relates to cyber and deploying OT. The internal OT Team should be comprised of both technical and business individuals who are capable of tracking and enforcing the OPR from implementation into the construction documents all the way through the commissioning process.
Although we are in the early stages of developing our CRE OT playbook, major steps are being taken on the technology side. ASHRAE has taken a step in developing a more cyber secure protocol with BACnet Secure Connect and solution providers are creating network monitoring tools specifically for the BMS and OT environment. These innovations are being adopted abet a slow rate. The RECC is in the process of creating the road map for others in the industry to follow and is calling out to other industry leaders and organizations to join us in creating Cyber Harmony.
Why re-invent the wheel? The RECC provides the industry forum for collaboration on cyber security in the built environment. To increase the impact of our collective voice on the supply chain and join others on the cyber journey, become a member today!
This Week’s Sponsor
Embracing open software/hardware platforms, Lynxspring develops, manufactures, and distributes edge-to-enterprise solutions creating smarter, sustainable buildings, better energy management systems, equipment control and specialty machine-to-machine and IoT applications. Lynxspring technologies simplify connectivity, integration, interoperability, data access and normalization and analytics from the edge to the enterprise. The company’s solutions are commercially deployed in millions of square feet in the United States and internationally. www.lynxspring.com
Read Next
Making Visitor Management a Welcome Experience If you’re in CRE, you already know the challenges of managing and tracking visitor access at your properties.
Shadow IT: The Hidden Threat to Real Estate Companies In today's rapidly evolving technological landscape, the emergence of Shadow IT poses significant challenges for organizations, particularly in the commercial real estate sector.
How Bridge Investment Group Cut Manual Data Entry and Improved Onsite Productivity In CRE, efficiency isn't just a goal; it's a necessity for survival. Leveraging technology as a means to cutting through operational drag and optimizing employee productivity has become a competitive imperative for success.
Updated Enterprise Architecture Overview for Corporate Real Estate and Facilities: Are We Still Treading Water or Making Progress? Realcomm has released an updated version of its Corporate Real Estate and Facilities Information Management Systems Enterprise Architecture Overview infographic.