web stats

ProFM: What is an FM’s role in cybersecurity?

Maureen Roskoski, ProFM, SFP, CFM, LEED AP O&M, ISO 22301 Lead Auditor.

In recent years, cybersecurity has emerged as one of the most pressing knowledge gaps for facility professionals to learn. Between shifting workplace and technology needs and increasing innovation changing how we approach security, it’s more important than ever for FMs to have the knowledge and skills to effectively manage the cybersecurity needs related to building systems, control systems, security systems and other technology in the FM realm.

The term “cybersecurity” often lumps together traditional information technology (IT) needs with more facility-focused operational technology (OT) needs, according to Maureen Roskoski, ProFM, SFP, CFM, LEED AP O&M, ISO 22301 Lead Auditor. Roskoski is a contractor working with the General Services Administration in support of the Federal Buildings Personnel Training Act.  IT departments and facilities management departments don’t always agree and in fact, often have competing priorities.  

IT professionals tend to prioritize privacy and confidentiality when creating secure systems. On the other hand, OT efforts, which are most often where FMs will focus, emphasize access and availability through building automation systems, security systems, CMMS, and more. And Roskoski shared that it’s imperative that OT needs are not overlooked when determining your organizations’ overall risks and cybersecurity processes. 

“FMs don’t need to be IT professionals, but we need to at least have that basic understanding and awareness so we’re not putting our company or organization in jeopardy,” Roskoski said. “And we need to be able to recognize threats as they come in, as well as recognize supply chain and contracting issues that occur to protect our organizations.”

So how can FMs find out what they don’t know about cybersecurity?

Identifying Cybersecurity Knowledge Gaps with FBPTA

FMs aren’t alone in recognizing the need for more cybersecurity awareness and training. The federal government, through the Federal Buildings Personnel Training Act (FBPTA), is working to identify what knowledge, skills and abilities are needed for FMs to tackle cybersecurity duties competently and confidently. The FBPTA competency model is comprised of more than 200 overall competencies that cover what facility managers, energy managers, and building operators should know. Roskoski stresses the intention of the FBPTA is not for one person to have all 200+ competencies, but instead that each of the competencies are covered by the organization as a whole. 

In 2018, it was recognized that the FBPTA competency model was lacking the knowledge of cybersecurity related to facility management and OT systems.  Overall, this was a knowledge gap identified by the federal government.  Adding cybersecurity competencies to the FBPTA competency model was an in-depth process that included federal and private stakeholders. This effort led to the creation of 19 new FBPTA competencies that are all cybersecurity-specific and outline the knowledge, skills and abilities FMs need to succeed at cybersecurity tasks.

“There is a direct emphasis here in the federal workforce in thinking through cybersecurity,” Roskoski added. “And now, FBPTA contains competencies that cover a broad spectrum of cybersecurity, including the facilities and operational technology side.”

Finding Cybersecurity Training to Fill FM Needs

Cybersecurity concerns and effects will continue to impact the facility management industry into the future and being able to manage these cybersecurity risks is critical for FMs. The ProFM Credential Program was the first training program to officially align with FBPTA’s new cybersecurity competencies, according to Roskoski. 

ProFM is one of the only FBPTA-aligned programs to offer a facility-focused look at cybersecurity. The program’s risk management module dives into the knowledge FMs will need to identify and tackle their organization’s cyber risks. The program was designed with FBPTA as a key input and is one of the most closely aligned training programs available for FMs, with more than 150 competencies included.

Learn more about how ProFM can help you fill your knowledge and skill gaps by visiting profmi.org