Today we are joined by Stacey Shepard, President of Shepard Global Strategies, Lucian Niemeyer, CEO of Building Cybersecurity, and Rob Murchison Co-founder of Intelligent Buildings, LLC. Together they discuss the strategic partnership between IFMA and Building Cyber Security (BSC) as well as enhancing the facility management awareness of the opportunities and challenges associated with connected technologies, and developing FM training for cyber risk mitigation.
Today we are joined by Stacey Shepard, President of Shepard Global Strategies, Lucian Niemeyer, CEO of Building Cybersecurity, and Rob Murchison Co-founder of Intelligent Buildings, LLC. Together they discuss the strategic partnership between IFMA and Building Cyber Security (BSC) as well as enhancing the facility management awareness of the opportunities and challenges associated with connected technologies, and looks to develop FM training for cyber risk mitigation.
Topics Covered:
Resources Mentioned:
Lucian Niemeyer: [00:00:00] How can we protect humans, protect their safety and their property from a bad actor? I think that question resonated with IFMA leadership. The partnership we have right now with them is not just scaring people about the threat, not necessarily discouraging them from using technology. We need technology.
We need technology for sustainability, better building operations, reduced costs. We want more technology in our homes and our cars, but we also need to understand that it has to be protected. And it's not just a technology needs to be protected. But the interface between the technology and the human beings.
Host: Welcome to Connected FM, a podcast connecting you to the latest insights, tools, and resources to help you succeed in facility management. This podcast is brought to you by IFMA. The leading professional association for facility managers. If you are ready to grow your network and advance in your career, go to IFMA.
org to get started. Today, we're joined by Stacey [00:01:00] Shepard, president of Shepard Global Strategies, Lucian Niemeyer, CEO of Building Cybersecurity and Rob Mutcherson, co founder of Intelligent Buildings LLC. Together they discuss their strategic partnership with IFMA, the importance of closing the gap between IT and facility management, industry standards.
Cybersecurity risks and the goal of providing training and assessments. Now, let's get into it.
IFMA's new Connected FM blog brings you FM insights, opinions, and best practices all in one place. This year's posts include technology implementation, Emerging topics, retaining talent, culture development, digital transformation, and more. Visit blog. ifma. org to start connecting.
Stacey Shepard: Hello, this is Stacey Shepard. I'm president of Shepard Global Strategies and also an advisor to the Board of Building Cybersecurity. [00:02:00] We're thrilled to be able to celebrate about one month into a strategic partnership with IFMA and to be able to talk about this partnership on this podcast. So I'm going to start with Lucian Niemeyer, CEO for Building Cybersecurity.
If you can introduce yourself and, and tell us a little bit about what is, about Building Cybersecurity and what's your vision for this new collaboration?
Lucian Niemeyer: Yeah, absolutely. I'm thrilled. First of all, to be here at, uh, World Workplace here in September. It's an amazing event, bringing folks from all over the world.
And really it's an opportunity for us to showcase the partnership between IFMA and the nonprofit Building Cybersecurity. To allow the facility managers around the world to have better resources and training for how do you address the cyber threats, both not just in the information systems that we use day to day, but also in the building technologies.
Our buildings around the world are getting smarter. They're getting more sophisticated and the facility [00:03:00] managers should be aware of the risk posed. By a, a cyber attack to the technologies in the building that ultimately can be as destructive or more destructive than an IT attack. So we're thrilled that IFMA offered the partnership an opportunity for us to really engage with facility managers around the world on how do you protect those systems.
Stacey Shepard: And before we move on from that, tell us a little bit about your background and why you actually are so passionate.
Lucian Niemeyer: Oh gosh, so yes, so my background's in national security, but for about three and a half years I ran the largest real estate portfolio in the world for the Department of Defense. And got challenged by the secretary of defense to take a look at everything that's connected in our society and everything that's on the internet and where it posed potentially a risk and, and to come up with programs to mitigate that risk.
So the work that we did in department of defense, and we worked pretty hard on this from the course of three and a half years has translated into the establishment of this nonprofit. To really face society, not necessarily federal government, face society. What [00:04:00] can we do to design, integrate, operate protections and controls in the built environment, particularly in the world for facilities managers and the building systems in the, in the real estate that we're operating.
Stacey Shepard: So thinking about those systems and protections. So Rob, I'm going to let you introduce yourself, but you run a company called Intelligent Buildings and you started that in 2004. So talk a little bit about the company and what did you see coming in prop tech industry?
Rob Murchison: Well, thank you for having me here, Stacey. It's exciting to see how much technology has made its way into the built environment in the last 20 years. I would say that what we saw coming was a world that needed better data on how the built environment was operating. And initially that was, you know, to go save energy, enhance an experience. Where that is today, we've gone from a world of optionality, like [00:05:00] maybe I'm going to use data to run a building to a world now of, I have to have data if I'm going to decarbonize a building.
And what we've, what we learned is in order to do that, a building has to be connected and protected. And if you just connect the building without a plan, you could, you're likely faced with a situation where you're introducing more risk into the environment than the benefit that you're actually generating.
Stacey Shepard: So Lucian, Rob mentioned being protected and I know you've dedicated your life to the protection of buildings. So talk about kind of, what's that future look like? And the near term and where you see that vision.
Lucian Niemeyer: Yeah. So I think for those of you listening in and one, one resource that you have to check out is the IFMA website and the research recently done by Jeffrey Saunders and team to raise this issue of public safety in buildings.
When we look at traditionally cyber attack, yes, we want [00:06:00] to protect data. We want to protect software. But in this case, when you're looking at an attack, the operational technologies is what Jeffrey's research team really dove into. It's the technologies that are in a building that if they are compromised can truly hurt somebody.
Can cause property damage, can cause casualty. And we're talking the fire control systems. We're talking the HVAC systems. So really what I'm looking at is how can we protect. Public safety, not just in buildings, but in cars. I mean, right now we have over 2000 microchips in a typical car. We have smart systems in our homes.
These are potentially vulnerable. How can we protect humans, protect their safety and their property from a bad actor? So that's the question we ask ourselves in our nonprofit. I think that question resonated with IFMA leadership. And therefore they were looking for solutions. And that's why the partnership we have right now with them is not just scaring people about the threat, not necessarily discouraging them from using technology.
We need technology. We [00:07:00] need technology for everything that Rob mentioned, sustainability, better building operations, reduced costs. We want more technology in our homes and our cars, but we also need to understand that it has to be protected. And it's not just the technology needs to be protected, but the interface between the technology and the human beings.
Stacey, you and I, in 10 years, are going to be living with a world of robots. We have to design those robots. We have to design the systems around us in a way that we understand that they cannot be in any way compromised and, and create any kind of a, a threat for us. So that's really what I'm talking about with protection.
How can we protect and safeguard, um, the occupants in a building? Or your clients, if you're a facility management company, how do you protect those entities from a potential bad action that, that could cause a problem?
Rob Murchison: Stacey, if I could jump in, what, one of the reasons we got so excited with Lucian's vision. Around protecting that until BCS came along, there really wasn't a [00:08:00] framework for the built environment, right? There was no way if I'm a facility manager and I see that I need to address this, like, what do I do? And now we have with the partnership with IFMA. We have a, we have the, the ability to do that.
Lucian Niemeyer: And that's what we felt we needed to do in the industry. There's a lot of vendors out there and a lot of facility management companies use third party vendors, you know, to help out as a consultant on cybersecurity. But there's no industry standard. There's nothing that says, you know, okay, here's the things you should be doing.
You could still hire a consultant. You can still hire your vendors to do what, what they propose, or do you want an industry standard that says, Hey, this is what a group of experts have come up with national security background on what you should be looking at doing, that the types of protections and mitigations should put in place across not just your buildings itself, but how they're designed and how they're commissioned, ultimately how they're operated and how they're maintained.
So we cover the whole life cycle from beginning, [00:09:00] very beginning design, all the way through the end of a life of a building, how do you ultimately maintain that series of protections? And really Rob, our partnership, we've built a framework. You're going to offer the facility management community a way to protect those systems through a managed service for the life cycle of the project.
We really believe collectively we can offer facility managers and CIOs. Remember there's a huge disconnect between the IT community, your CIO and your facility manager. We can close that gap by offering to that CEO. Here's where industry is saying we need to be. And more importantly, as you know, Rob. We are also working with some of the leading insurers in the world to offer that incentive.
The most important thing we need to do is if we're going to spend money on cybersecurity, we need to ensure that there's a payback. And for building owners and operators, they pay insurance, they pay cyber insurance, they pay property casualty insurance. What can we do by suggesting that investments and risk mitigations can't be [00:10:00] compensated or rewarded by favorable rates when it comes to insurance in the future?
Stacey Shepard: So you talk about protections. You know, we've talked to several people at the conference that feel that they are protected because their CIO is looking at the technology and the software. You've talked often about creating that connective tissue between the IT and the OT, the operational technology, and that is a challenge of awareness.
And so together, partnered with IFMA, I know that you're just about to launch a very exciting new training effort. Maybe can you talk a little bit about that and then Rob, why don't you weigh in about the need with re skilling and up skilling our workforce. So Lucian, first to you.
Lucian Niemeyer: Yeah. So first of all, we have used the framework we developed, but it took us about 15 months to develop in a series of buildings.
For which the building owner felt that they were the, one of the most progressive and proactive, uh, owners as far as protecting their systems. And we uncovered a lot to the point [00:11:00] where they're still recovering from our assessment. So I, I think for the facility managers that are listening in, hearing from their IT department, well, we got this covered.
We have these protections. I would challenge them a little bit on whether they know of every piece of the, every device and piece of technology that's on that network, are they tracking it? I want to make sure we're clear on the definition. Operational technology are the devices and systems that run a building or can be your, your, your audio visual equipment.
It could be in a hospital, your imaging equipment, your operating equipment. So we look at a full range of operational technologies, not just your HVAC, your lighting, your fire controls, your elevators. But we look at other equipment that you rely on for building operations or revenue generation. That's a big key here.
Technology is driving additional revenue. How do you protect those revenue streams? So really looking forward to it. We do need to see as more technology gets incorporated in, you have to stay on top of that with a performance indicators that will [00:12:00] mitigate that risk along the way. And a part of that is the training too.
We are very excited, uh, to partner with IFMA. On offering a, just a basic course on the basics of cyber safety and cybersecurity. And I want to emphasize cyber safety, which is important for us. We're talking about technologies that can hurt somebody or cause property damage. So we are offering, and we, and it's available now, it does a preliminary course, we are working with IFMA to set up and establish a more in depth course.
And so through the association, you can get credits, professional credits for having a more in depth understanding of cybersecurity. And we do believe this is core to a workforce development that will be cyber savvy and ultimately, uh, practice cyber safe techniques and practices.
Rob Murchison: And to just build on that. Let's face it, there's going to be more technology in buildings five years from now than there is now, for a variety of reasons we talked about, whether it be decarbonization or energy reduction, and the reality [00:13:00] is that the most important role in accomplishing that is the facility manager, and the facility manager, this technology that's coming at them, the Needs to be, they need to be educated in a way, but they also don't need to be afraid of it back to your safety point, Lucian.
And so what we believe and in partnership with BCS is that if we can raise the awareness of the facility manager around the risk and the safety that, that, that could be accomplished, they can have a much more, let's say harmonious relationship with our IT department. And they can row in the same direction.
And if you're rowing in the same direction, get rid of some of that friction, we can accomplish some of the bigger goals that are needed when we talk about the built environment.
Stacey Shepard: So, looking ahead, we just have a few more minutes together. What are you looking for in this relationship with IFMA? We're talking about training, we're talking about education and awareness, we're talking about expertise.
I think [00:14:00] you also, if you go to buildingcybersecurity. org offer 16 steps. Which are great, it's a free questionnaire that you can bring back to your teams and your staff to be looking and validating your efforts and initiatives and to perhaps find some areas of potential vulnerability. Maybe you want to hit on that and would love to have you kind of wrap this up.
Lucian Niemeyer: Yeah, so I do believe the training is important and the awareness. But bottom line is you want to put tools in place, you want to actually mitigate risk. You want to protect your buildings. You want to protect them on behalf of your clients. You want to make sure as a facility manager, you're not creating more risk.
So training is good, but really what we would like to see within our organization is facility managers around the world, actually taking a look at getting in a building assessment. What can we do bringing a team in of objective experts that understand the industry? What can we do to actually look at a building and, and offer and mitigate, truly mitigate risk?[00:15:00]
It's one thing to keep talking about, to keep admiring the problem. It's nothing to want to put efforts in or money resource in to mitigate risk. So our ultimate goal with IFBA is to raise awareness, offer training, but also offer an assessment tool and certification tool, Rob will talk about in a minute.
The assessments provided by building cybersecurity, where do you have vulnerability gaps, how do you close them and how do you maintain that closure? So you're, so you are truly mitigating risks over time. And that's really the partnership with Rob. I know you're really interested in the certification.
Rob Murchison: Yeah. So like we talked about beginning as a company called Intelligent Buildings, we believe that technology can have a big impact on the built environment if addressed properly, but we have to be connected and protected. The opportunity is to be connected and protected without a huge lift, right? We have to get that protection in place.
There are things that you could do over time to become better, but you got to start somewhere. So the partnership between Intelligent [00:16:00] Buildings and BCS is the ability to quickly put in a managed service that addresses the protection piece out of the gate in 24 hours. And now what you do, that opens up the opportunity to do a lot of other things within your built environment in a harmonious relationship.
Lucian Niemeyer: Give them an idea of the cost for, to be able to get those protections in place.
Rob Murchison: So, a building, you can start as low as 600 a month. Right. It's, we're not talking, it was zero capital cost.
Lucian Niemeyer: Yep, yep. So that's really, you know, what we see is that, you know, it's not a matter of if you're ever going to have a cyber attack, it's a matter of when it's just a growing profession.
So what can you do now to start reducing that risk? It's kind of like when you buy a computer at home, you can install aftermarket software to reduce your risk. It's not a guarantee. But there's a good chance that you're going to be blocked or you're going to be prevented from having 95 percent of the malware that's out there and bad viruses infect your system.
Same what we're doing. We, we won't guarantee that you'll never have a problem. We'll just [00:17:00] significantly reduce the, the attack factors and the risk by the combination of the framework we provide and what companies like Intelligibility can do to execute on behalf of facility managers.
Rob Murchison: And I would also point out for the facility managers that are listening to this. Many of you, most of you are faced with a world where you're getting more square footage and not more staff. And by connecting and protecting the building, we now have the ability to use data to drive automation, to use the appropriate amount of staff, where it's adding more and more folks when you don't have the budgets.
Lucian Niemeyer: So look, I mean, you know, right now we're in the, we're in the end of 2023, commercial real estate's a little bit of a free fall, vacancy rates are 20, 30, 40%. There's a lot of building owners and operators and facility managers are looking for ways to get folks back in the buildings. For me, technology is the key.
You can only get so much done sitting in your, at your home computer. You're going to see a lot of progressive facility owners, real estate owners, investing in advanced technologies in order [00:18:00] to offer, you know, generative AI, machine learning, and speeds of data that you can never get anywhere at home. In order to get folks back into the office, holographic teleconferencing, advanced audio visual, incredible community collaboratives technologies.
These are all part of the PropTech future. How do you protect those? You're going to want those for vendor generation. You're going to want those for enhanced user experience. How do you protect them? That is the bottom line.
Rob Murchison: And I was also going to add to this is for any type of facility. This is just not office.
This is life sciences. This is retail. This is higher education. It's independent of the type of asset that we're talking about. And it's any technology in any built environment.
Lucian Niemeyer: So in conclusion, for those of you who are listening in and you want to know more, the IFMA website has a link to cybersecurity.
I would start there. There's some great research and there's also some great tools as training. If there are folks out there would like to get a hold of building cybersecurity and intelligent buildings. Our website is [00:19:00] www building cybersecurity.org. That's a good way. If you would like to go direct to us to figure out how you can use our framework and then Rob to get ahold of you at, get ahold of us.
Rob Murchison: We're just at Intelligent Buildings. That's buildings within s.com. And you can go on our website and learn more about our Advantage services.
Lucian Niemeyer: Yep. So, Stacey, appreciate the opportunity.
Stacey Shepard: Well, thanks for taking the time to come in. I think this has been a great and informative discussion. The fact that BCS and IFMA have had this strategic partnership only for a little over a month And we're looking forward for great things to come.
Lucian Niemeyer: All right. Appreciate it. Thank you.
Host: Thank you so much for listening. I hope you really enjoyed this episode. And as always, please don't forget to rate, review and subscribe to the podcast for more incredible content.