12/15
  • Pages
  • Editions

FMs Must Prepare to Respond to Cyber Incidents

❝

In preparing for battle, I have always found that plans are useless, but planning is indispensable.

– attributed to Dwight D. Eisenhower

❞

“In preparing for battle, I have always found that plans are useless, but planning is indispensable.”

– attributed to Dwight D. Eisenhower

Planning

The question is not if, but when your FM operation or building will be hacked. It is essential that you:

  • Plan for significant cyber incidents with your vendors and IT and OT teams before they happen;
  • Develop a contingency plan (a set of actions and procedures to follow in case of an emergency);
  • Develop a quick reaction checklist to assess the threat of a cyber attack on a building’s management systems to the safe occupancy of the facility;
  • Develop a contact list of key stakeholders, including law enforcement, in case of an attack;
  • Use this contingency plan during and after a cyber incident.

Planning for significant cyber incidents (breakdown or attack) is important because cyber incidents are becoming more frequent, disruptive and costly. Cyber incidents can affect multiple critical functions simultaneously and cause cascading effects across an organization, value network, sectors and regions, starting with an immediate threat to building occupant safety.

Cyber incidents can create a complex and uncertain situation requiring a rapid and coordinated response from FM, IT teams, vendors and various stakeholders, such as government agencies and civil society organizations. The cumulative effects of cyber incidents can have long-term consequences for your company’s security, resilience and recovery.

FMs can develop a contingency plan for a significant cyber incident using the following six steps:

1

Define the scope and objectives of the contingency plan.

2

Identify the stakeholders needed to develop and, when necessary, implement the plan.

3

Conduct a risk assessment to identify the potential cyber threats, vulnerabilities, impacts and mitigation strategies.

4

Develop courses of action to describe what steps will be taken by whom, when, where, how and why in response to different scenarios of cyber incidents.

5

Validate and refine these courses of action through testing and exercising to ensure their feasibility, effectiveness and compatibility with other plans.

6

Document and disseminate the plan to ensure its accessibility, awareness and readiness among the stakeholders.

While developing your contingency plan, you must consider how you will deploy it before, during and after an incident. The contingency plan should include the following:

  • How to activate the plan and establish roles and responsibilities for incident response;
  • How to coordinate and communicate with internal and external stakeholders during incident response;
  • How to monitor and assess the situation and adjust the course of actions as needed during incident response;
  • How to evaluate and improve the plan based on lessons learned during incident response.