How closely do your facilities and security departments work with IT?
All three have historically operated in their own worlds, but the rise of connected buildings and smart technologies has made it critical for these departments to work together for the good of their organizations. FM, IT and security leaders who don’t—or won’t—reach out and work together with other teams are putting their organizations at risk.
Start by understanding where the silos come from—and then break them down to deliver better results together.
Why Are These Departments Historically Siloed?
FM has always worked in the physical space, while IT has historically had domain over technology and virtual environments, explained Laurie Gilmer, immediate past chair of IFMA’s Global Board and president/COO of Facility Engineering Associates, PC. When these two departments did interact, it might be because IT needed a server room to be cooler, for example.
Then, as integrated workplace management systems (IWMS) and computerized maintenance management systems (CMMS) began to grow in popularity and complexity, the two fields began to merge in ways they never had before.
“You saw those more centralized management systems for facility managers, and they needed to sit somewhere and be on perhaps a central server,” Gilmer explained. “Some IT managers understood what the capabilities are and would work with FM. Others would treat it as ‘That’s not really my territory. I don’t want that stuff on our servers. We’ll put it on a special computer for you.’”
Security followed a similar path, evolving from a more physical solution into a more IT-centric solution over time, said John Joyce, director of sales, enterprise markets, for Genetec, a unified physical security provider. “More and more devices are on local area networks or wide area networks, and it’s been a natural progression for physical security and IT to come together, work together and solve problems together,” he explained.
It’s tempting to think about IT as living in a digital universe that doesn’t affect the physical world where FM and security operate. However, nothing could be further from the truth. Bad actors can infiltrate your building through any connected equipment and wreak havoc on your organization. Gilmer described a recent example from a security conference where a facilities person clicked on a photo that appeared to be from a colleague and inadvertently launched a massive attack. The perpetrator began burning out the VFDs on the motors in the central plant to extract a ransom.
“A central plant’s job is to keep things cool or warm. Whether it’s boilers, chillers or condensers, water needs to be flowing for the building to do what it needs to do,” Gilmer said. “If you lose chilled water, you lose cooling not just for your thermal comfort systems, but also some of your critical systems, like your IT infrastructure. Most facilities have redundancy in pumps, but what they don’t expect is for all the pumps to go out at once. You essentially start losing the building.”
Examples like these are alarm bells underscoring the importance of cyber security and a good partnership between FM, IT and security. FMs don’t have to be experts in these areas, but they do need to work together to anticipate risks and mitigate potential disasters. Finding a mutual understanding is a good place to start.
How to Break Down the Walls
FM, IT and security are all different, but they have one common mission: keeping their organization up and running. Each of the three are essential players in accomplishing this mission. That’s why it’s so important for them to work together. Here’s how you can start building a unified strategy.
1. Learn what the other departments do. This is not always easy because these departments famously have a lot on their plate but try to “understand what the other side cares about and what its job is and make that connection,” urged Gilmer.
2. Spend time with other departments. If you’re in the facilities department, go meet the IT and security people and see what their day looks like. What do they care about? What do they need? “When you spend time with someone, you can really begin managing the relationship and understanding one another better,” Gilmer said.
3. Attend conferences. There are great cyber security conferences out there that could be instructive for facilities personnel. FM conferences like IFMA World Workplace can be useful for IT and security. The goal is to broaden your perspective in ways that will help you work smarter.
4. Partner for a threat analysis. Once you’ve started building or improving relationships, start taking concrete steps to harden your facility. Think about potential cyber threats. How likely are they? How could a bad actor gain access to your facility and what damage might they be able to do? Bring IT, security and FM together for tabletop exercises and use those as the basis to shore up your plans.
5. Look at replacement strategies for devices and systems. Some devices will represent a higher cyber security risk than others. “Strategies that promote modernization are going to be critically important,” Joyce said. “Where we’ve moved away from these individual systems, we’ve got more unification and integration in place in facilities. That’s helping that conversation along because we’re no longer dealing with multiple types of systems. … It’s a multifaceted effort based on the way the technology has evolved.”
6. Keep communicating. Your job isn’t done after you update your cyber security plans and have one tabletop exercise. Keeping your facility running in top shape requires you to maintain these relationships day in and day out.
“If you have one weak link in the chain, you are susceptible,” Joyce said. “Communication between these groups, understanding what the other one does and how they maintain their equipment and devices, and an overreaching comprehensive strategy are critically important.”
Added Gilmer, “Never stop learning. Never stop reaching out. Work to understand those things that are pretty soon going to be knocking at your doorstep if they aren’t already.”