Caroline – What was the tipping point that lifted cybersecurity awareness out of the shadows and made it a mainstream concern?<\/h2>\n\n\n\n
<\/p>\n\n\n\n
Denis – It wasn\u2019t one single event that turned the tide on this topic, but rather several key factors that brought the topic of cybersecurity into the spotlight. Over the last years, there\u2019s no denying the steep increase of cyber-attacks in various markets worldwide, the relentless small-scale phishing scams in our personal lives and the large-scale ransomware threats in our professional lives. The desire and need for a solution that provides a secure collaboration, where data could be handled, stored, or even manipulated in a safe environment, has never been greater.<\/p>\n\n\n\n
The ratification of the NIS2 Directive<\/a> in November 2022 \u2013 something France pushed hard for to address growing concerns over the evolution of cyber threats \u2013 has also proved to be a catalyst in this process, with a planned implementation for 2024 across the European Union.<\/p>\n\n\n\n Collectively, this represents the \u2018tipping point\u2019 where member states and the organisations within them began to see both the moral obligation (accountability) to address these concerns and the legal obligation to prepare and apply the appropriate security measures throughout the supply chain.<\/p>\n\n\n\n Everyone is a potential target. It concerns us all.<\/p>\n\n\n\n Denis – Indeed, it really does concern every kind of device or piece of connected hardware within a building that generates or processes digital assets. It covers everything relating to an information system, ranging from buildings and production lines to stationary and mobile devices.<\/p>\n\n\n\n The building itself and its infrastructure already offer a serious security perimeter \u2013 from CCTV systems to IoT (Internet of Things) devices connected to the network, there are so many different points across the network that process or store sensitive data.<\/p>\n\n\n\n For me, there are three key levels of information:<\/p>\n\n\n\n <\/p>\n\n\n\n All three levels of information here must communicate with one another so organisations can gain a realistic insight on the real-world global stakes facing the cybersecurity community. If this type of communication and transparency isn\u2019t forthcoming, then the threat of cyber-attacks will only grow.<\/p>\n\n\n\n This is why we must all consider a building\u2019s digital permeability. If we do not, we open ourselves up to attack.<\/p>\n\n\n\n Denis – Beyond the NIS2 regulation, there is a plethora of precautions and proactive actions you can take to address these issues from both a digital perspective and a physical one.<\/p>\n\n\n\n Whether you\u2019re looking at this from a virtual or physical perspective, there are some key recommendations you should always consider:<\/p>\n\n\n\n <\/p>\n\n\n\n For example, on a dedicated project, we found a BIM (Building Information Modelling) convention that contained a directory of sensitive stakeholder information including:<\/p>\n\n\n\n <\/p>\n\n\n\n All this information was and remains highly attractive to hackers. This binding document could be the perfect treasure trove of information as it already details who works on which project when and where. This is the type of information you do not want to fall into the hands of hackers. Limited protection might lead to maximum exposure with extreme reputational, financial, and judicial repercussions.<\/p>\n\n\n\n Even from a physical perspective, we can take the same example. For instance, we might decide to print the above BIM convention then take a copy with us to an in-person meeting to share it with project stakeholders. However, if I forget to take it with me or let it linger somewhere on the table, then there\u2019s a huge physical data breach. It may have been left behind by accident, but you can no longer afford to take that risk.<\/p>\n\n\n\n Sometimes you see people typing away on the train without shielding the contents of their laptop screen. They might be working on their grocery list, or on their defence in a high-end lawsuit. Just imagine you maliciously take pictures of the latter and sell this valuable information to the other lawyer. You\u2019ve lost an entire case because of your own carelessness.<\/p>\n\n\n\n That\u2019s what I meant earlier with everyone being a target. Data is the new currency, and information can secure hard cash. The hacking equipment is getting smarter and cheaper by the day. And so is the business approach of some hackers, I have even seen cases where they offer a gold\/premium\/freemium business model \u2013 where you are taxed on response time.<\/p>\n\n\n\n We must be always aware and accountable.<\/p>\n\n\n\n Denis – NIS2 is a much broader directive than its predecessor, extending its legislation to a larger number of companies (such as SMES with 250 employees and sales starting at 10 million euros) and there are now steeper penalties for non-compliance (including fines of up to 10 million euros or the equivalent of 2% of its turnover).<\/p>\n\n\n\n There are 23 business sectors now affected, covering both essential and other important businesses. Behind them, the supply chain itself is likely to host subcontractors with their own responsibilities (such as in France, where changes to military programming law in 2024 will have a considerable ripple effect).<\/p>\n\n\n\n IT managers are going to have to re-evaluate how they process, store, and manage sensitive data both physically and digitally and how these policies are developed and followed. There are still plenty of grey areas not covered by this new directive, so there is plenty of work still to be done.<\/p>\n\n\n\n Denis – Yes, but indirectly. We need to make as many people as possible aware of the challenges of cybersecurity. Not only the terms of the NIS2 regulation.<\/p>\n\n\n\n If we build an intelligent building, information will circulate so we need to set up automated tools to help with navigation and IoT connectivity, but if cybersecurity isn\u2019t a core consideration for the network, these devices could present a devastating means of access for hackers to exploit.<\/p>\n\n\n\n In 2022, the Smart Building Alliance in France published a white paper<\/a> that discussed cyber risk at the building level and the challenge NIS2 presents for companies when it comes to making their smart buildings fully compliant.<\/p>\n\n\n\n Cybersecurity is a lot like an onion \u2013 the harsher the winter, the more layers are required! The same concept applies to cybersecurity. The more layers of protection we apply to a building or a server room, the more resilient it is to attacks.<\/p>\n\n\n\n Specialised glass solutions are just one of the ways we can proactively protect our businesses (and our homes) against hackers.<\/p>\n\n\n\n We should look at the process as a series of levels of responsibility, accountability, and proactive action regarding cybersecurity in a smart building:<\/p>\n\n\n\n Denis – It\u2019s up to all of us to play our part in cybersecurity. We need to involve everyone, not just IT, but all stakeholders from every department. It\u2019s a team effort and it requires everyone to commit the process and share their insights. It is a long-term investment, supported by the NIS2 regulation.<\/p>\n\n\n\n A great piece of advice is to ask questions surrounding the lifecycle of any data in your organisation. What information is being processed? Which platforms are being used? Which countries is that data being accessed in? What risks of data leakage are there?<\/p>\n\n\n\n We have an interesting case in France where a region is launching a vast energy renovation program for the secondary schools. There is no data available on the schools, so all this information needs to be collated and gathered. Not a problem with the high-performance tools in the market. Not a problem to collate this vast wealth of school information in a digital model. We issued an invitation to tender to which private companies and surveyors are responding. The thing is, we\u2019re not only looking at their offer and pricing, we are also investigating how and where they are using and disseminating this information. We don\u2019t want to risk malicious minds using these plans to meticulously plan a school attack.<\/p>\n\n\n\n On that note, the risks of physical attacks are just as real as digital ones. It could be as simple as stealing or tapping into a simple piece of equipment left unattended. One moment of carelessness is all it takes.<\/p>\n\n\n\n Ultimately, the most important thing is to question the criticality of the data being processed, beyond tacit and unchecked trust.<\/p>\n\n\n\n Knowing is caring, caring is securing. Know how to always be secure.<\/p>\n\n\n\n Denis \u2013 I try to keep my eyes, ears, and mind open at all times, but I have these sites bookmarked:<\/p>\n\n\n\n https:\/\/www.welcometothejungle.com\/fr\/companies\/anssi<\/a><\/p>\n\n\n\n https:\/\/secnumacademie.gouv.fr\/<\/a><\/p>\n\n\n\n https:\/\/www.youtube.com\/c\/CyberVox\/videos<\/a><\/p>\n\n\n\n https:\/\/www.holiseum.com\/cybervox-by-holiseum<\/a><\/p>\n\n\n\nCaroline – Does protecting digital assets include also protecting everything which generates data, such as the devices and the buildings they are located in?<\/h2>\n\n\n\n
\n
![\"Ajouter](\"https:\/\/wavebyagc.com\/wp-content\/uploads\/2023\/09\/Ajouter-un-sous-titre-2-1024x577.png\")
Caroline – What would be your top recommendations on how organisations can increase their cybersecurity protection?<\/h2>\n\n\n\n
\n
\n
Caroline – What about NIS2?<\/h2>\n\n\n\n
Caroline – Can smart buildings meet the challenges of NIS2?<\/h2>\n\n\n\n
Caroline – How can glass impact the protection effort against cyber-attacks?<\/h2>\n\n\n\n
Denis – There are many ways glass as a material can be used to protect smart buildings from external cyberattacks. A good example is La Poste in France, which developed a data backup storage unit for SMEs that utilised a glass wall for adding an additional layer of protection against electromagnetic waves.<\/p>\n\n\n\nCaroline – How can we best support our customers with this global cybersecurity issue?<\/h2>\n\n\n\n
Denis – There are three core tenets you need to take into consideration:<\/p>\n\n\n\n\n
\n
Caroline – What advice would you give in terms of cybersecurity for non-experts and experts, especially in regard to the NIS2 regulation?<\/h2>\n\n\n\n
Caroline \u2013 Where do you find your inspiration? Which sites, books, or podcasts would you recommend?<\/h2>\n\n\n\n
![\"Picture](\"https:\/\/wavebyagc.com\/wp-content\/uploads\/2023\/09\/Picture_DenisBoudy_50_1615982571123.jpg\")
<\/p>\n\n\n\n