Is Your Facility Vulnerable to a Cyberattack?

By Elias Zeilah

As technology and connectivity continue to grow and integrate into our daily lives, cyber security threats also increase. While most people are aware of the risk to their sensitive personal information, the general public is just now being made aware of attacks on institutions, including infrastructure and facilities. In March 2018, the U.S. intelligence community issued a security memo detailing a series of Russian cyberattacks targeting energy management control systems (EMCS) at U.S. and European nuclear power facilities. These attacks staged malware, conducted phishing, and gained remote access into energy sector networks and small commercial facilities’ networks. This news should give pause to owners and facility managers of other public and commercial buildings, which could be at risk in the future.

A report published in Harvard’s Journal of Strategic Threat Intelligence suggests that most hospitals, for example, do not have a comprehensive understanding of their information technology (IT) infrastructure. This gap in knowledge allows for vulnerabilities to develop as upgrades and updates get delayed, devices become misconfigured, and unused legacy systems remain connected. Furthermore, cyberattacks are becoming more sophisticated, making them harder to detect and mitigate.

A breach of a facility’s building automation system (BAS) or energy control management system (ECMS) can be catastrophic. If an attacker were to successfully breach the system, they could go as far as rendering all mission critical equipment (e.g., power systems, surgery med gas, backup generators, etc.) inoperable for an undetermined length of time. In order to prevent these breaches, it is important to understand the way in which a facility may be vulnerable.

Why are Facilities Vulnerable to Cyberattack?

There are a variety of cyber intrusion points at a facility, the most concerning of which is the BAS, which provides automatic centralized control of a building’s heating, ventilation and air conditioning, lighting and other systems. Similar to the energy management systems targeted by the Russians, BASs have become more intelligent and more connected in recent years. A wide array of networked components are required to effectively manage a facility’s various sub-systems. As the BAS infrastructure becomes more complex, the attack vector and cyber vulnerability associated with that system increases.

Though the majority of cyber threats are related to systems connected to the internet, vulnerabilities also exist on local systems, with no connectivity outside the perimeter of the facility, as demonstrated by the Stuxnet worm. BASs are especially vulnerable as they are a form of supervisory control and data acquisition (SCADA) system and are typically not designed with security as a primary requirement.

While guidance like Unified Facilities Criteria (UFC) 4-010-06 describes the requirements for addressing cyber security of facility-related control systems, this is only applicable when a building is being originally constructed or undergoing renovations. There is nothing that requires ongoing survey of these systems over time. Since BASs are often required to run 24/7 without downtime, they may not receive the appropriate updates needed to address the ever-growing list of security vulnerabilities.

How to Gauge Your Building’s Vulnerability

As cyberattacks increase and evolve, the need for the technologies and security methodologies to prevent them also grows. Because BASs can vary greatly from facility to facility, they need to be examined and addressed individually. Relying on the facility’s IT security alone is not sufficient, as the requirements and slew of devices and protocols present in BAS networks differ from that of IT security implementations. Conducting a comprehensive cyber security risk assessment is a critical first step in gauging your building’s risk factors. In a paper published by the U.S. Department of Energy, it is suggested that an effective cyber security risk assessment can identify “threats and vulnerabilities, impacts that threats may have on the organization, and the likelihood of adverse events occurring.” Only then can informed decisions be made on the security posture of the facility control system.

An experienced facility life cycle solutions provider like NIKA can help facility owners take the first step toward facility “cyber health” by identifying key personnel for the effort, defining objectives and priorities, and giving you a better understanding the status of any at-risk inventory.

For more information on innovative technologies designed to better manage your facility portfolio, contact the NIKA Enterprise Technologies group.


NIKA Takes Top Honors in Architectural Design Competition

Architects from Rockville, MD Design Firm Win First Prize in the Sydney Affordable Housing Challenge

Rockville, MD, March 19, 2018/ —  NIKA, a global provider of facility life cycle solutions, was named the winner in the Sydney Affordable Housing Challenge, an international architectural design competition sponsored by Bee Breeders. Competitors were challenged to design a pilot-phase concept for affordable housing within Sydney, Australia, which could be easily rolled out to increase capacity of housing stock, and was minimal in its use of land and materials.

Architects Tae Jung, Pauline Sipin, Hazel Ventura, and Diana Lopez from the NIKA Creative Lab delivered an innovative design solution that not only addressed the need for affordable housing in Sydney, but also offered an beautiful space that would blend seamlessly with the aesthetic of the city. Said team leader Tae Jung, “Our entry, titled ‘Bridging Affordable Housing,’ uses a modular design approach that is both flexible and scaleable, promoting inclusivity and sustainability in its concept. We wanted to create a unique plan that would allow young professionals to continue to live, work, and play in a city that has become increasingly unaffordable for most. ”

According to the jury, NIKA’s winning entry succeeded in “…offering Sydney both a new housing network and a network of green spaces. ‘Bridging Affordable Housing’ is comprised of a simple module: a structural bridge pier with decking that contains prefabricated housing units topped by a green roof. The proposal recalls the re-purposed railways that have become NYC’s successful Highline or Paris’ Coulée verte’. One can imagine this new elevated linear housing/park snaking through Sydney organically, growing from multiple locations and eventually merging like connective tissue within the city.”

The work is a product of the new NIKA Creative Lab, which is NIKA’s dedicated research and design program formed to promote the firm’s innovative and imaginative approach to solving complex architectural challenges. NIKA’s architects and engineers work to develop a strong understanding of the needs of our evolving society, and design creative architectural solutions that enhance the world in which we live. Different from the conventional A+E work studio, the NIKA Creative Lab is a rich testing ground for out-of-the-box ideas, fresh perspectives, and unique approaches that will serve as a springboard into the future.

Kabir Chaudhary, NIKA’s President & CEO, commented: “We are all incredibly proud of the creative and innovative work being done by our team. Winning the Sydney Affordable Housing Challenge is just the first step in showing the world what we can do to marry form and function in an artful way.”


About NIKA

NIKA is revolutionizing how businesses and governments design, build and manage real property. By combining architecture, engineering, enterprise technology, and facilities operations management services all under one roof, we are able to provide unparalleled value to our clients. With two decades of experience serving organizations across the world, NIKA provides exceptional client service that is designed to enhance operational excellence and readiness while meeting mission objectives.

For more information about NIKA, please visit