Seyfarth has released the results of its fourth annual Real Estate Market Sentiment Survey, which polled commercial real estate executives around the country from all sectors. Of interest to our readers, this year's survey revealed that 69% of respondents are concerned about a cyberattack hitting their business in 2019, a significant increase compared to last year (46%).
Cybersecurity isn't just for technology companies anymore. More and more, we are seeing other critical infrastructure participants becoming targets of cybersecurity attacks. Transportation, construction, and other real property-heavy industries are starting to catch the eye of sophisticated hacking teams – both criminal as well as nation-state sponsored groups.
There are two different threat models in the real estate market: the builder and the manager.
Many commercial construction projects are supported by a public-private blend of resources. What most don't know is that the inclusion of public resources (either via contracts, grants, or other sources of government dollars) will likely trigger an obligation (either directly or via contract) for cybersecurity. This will be for both the general contractor and their subcontractors (and other vendors like architects). For example, the Federal Transit Administration has specified that the Federal Information Security (Management) Modernization Act ("FISMA") will apply to third party contracts in its Circular 4220.1F. A number of other executive agencies have also imposed FISMA on both contractors and subcontractors via administrative fiat. This is likely because FISMA applies directly to the agency, and FISMA has "flow down" obligations to contractors as part of its requirements.
Remember, in every Ocean's 11 movie, Danny Ocean's team has to get a good set of blueprints before they can break into the building and pull of the heist.
More and more, we are seeing "smart" buildings. "Going green is becoming a gold standard in the construction industry. Now that we are seeing more smart buildings in commercial construction, builders, building owners, workers and insurers are dealing with new technologies and risks." With the proliferation of "green" or "smart" buildings, the risks inherent in the "internet of things" has now come to real estate. The smarter the building, the more opportunities it has to be hacked—just like a computer. While smart buildings are generally a good thing, the attendant cybersecurity risks with IoT and smart buildings means that building management now has to be aware of virtual risks to the safety and security of the building. Remote compromise of locks, hacked key-card pads, compromised HVAC and elevator systems – these are just some of the ways that a building's management may have to confront the kinds of cyberattacks that the technology companies have been facing down for years.
Needless to say, cybersecurity competence is beginning to be as important for builders and managers of real estate as land use restrictions and building codes. It is no wonder that cybersecurity is becoming more "front of mind" for those in the real estate industry.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.