The buildings that house America’s economy and a large segment of its population – places where we work, live, eat, play, stay and shop – are all considered commercial facilities.
Terrorism continues to pose a clear and present danger to our nation, to the American economy and to the commercial facilities sector. Since the terrorist attacks of Sept. 11, risk mitigation, building security and emergency response planning have figured prominently in the prudent management of commercial and multifamily real estate properties. After all, facilities such as hotels, shopping malls and office buildings provide a setting where large numbers of people congregate, they provide space for America’s economy to operate, and they represent assets worth billions of dollars, owned by investors large and small.
The Real Estate Information Sharing and Analysis Center (RE-ISAC) — www.reisac.org — is a public-private partnership between the U.S. commercial facilities sector and federal homeland security officials organized by The Real Estate Roundtable in February 2003. The RE-ISAC proactively manages risk and strengthens the security and resilience of the U.S. commercial facilities/real estate critical infrastructure.
The RE-ISAC is the designated conduit of terrorism, cyber and natural hazard warning and response information between the government and the commercial facilities sector, which has a dominant influence on the nation’s economy.
Strengthening the security and resilience of the commercial facilities sector remains a top RE-ISAC priority, and is an important aspect of managing any facility where people live, work, shop, and play.
The Department of Homeland Security (DHS) defines the commercial facilities sector as “a diverse range of sites that draw large crowds of people for shopping, business, entertainment, or lodging. Facilities within the sector operate on the principle of open public access, meaning that the general public can move freely without the deterrent of highly visible security barriers. The majority of these facilities are privately owned and operated, with minimal interaction with the federal government and other regulatory entities.”
“It is the policy of the United States to strengthen the security and resilience of its critical infrastructure against both physical and cyber threats. The Federal Government shall work with critical infrastructure owners and operators and (State, Local, Tribal and Territorial) entities to take proactive steps to manage risk and strengthen the security and resilience of the Nation’s critical infrastructure, considering all hazards that could have a debilitating impact on national security, economic stability, public health and safety, or any combination thereof.” – Presidential Policy Directive 21, “Critical Infrastructure Security and Resilience” (Feb. 12, 2013)
The framework for public-private response via Information Sharing and Analysis Centers (ISACs)[1] was established in 1998 by Presidential Decision Directive 63, Protecting America’s Critical Infrastructure, creating a series of ISACs. Each critical infrastructure sector was tasked with establishing an ISAC to serve as the mechanism for gathering, analyzing, appropriately sanitizing and disseminating private sector information to both industry and federal government officials.
The RE-ISAC operates in full compliance with Presidential Policy Directive 21, “Critical Infrastructure Security and Resilience” (Feb. 12, 2013), which mandates that the public and private sectors share information about physical and cybersecurity threats and vulnerabilities to help protect U.S. critical infrastructure. The RE-ISAC includes the entire commercial facilities sector critical infrastructure (CI) component of the U.S. economy.
In response to these ongoing threats, the RE-ISAC has brought together industry organizations to work together with federal, state and local law enforcement and intelligence agencies to prevent, detect and respond to terrorist threats and malicious incidents.
These risk mitigation endeavors tie into a broader risk management strategy to help the commercial facility sector more effectively address these perils. With the nation’s Terrorism Risk Insurance Program set to sunset at the end of 2020, the industry is beginning to lay the foundation for its reauthorization. There is no homeland security without economic security, and the Terrorism Risk Insurance Program has helped protect the American economy since its enactment in 2002 at virtually no cost to the taxpayer.
In the years since 9/11, the array of threats facing our nation and the commercial facilities sector have not diminished. Instead they continue to expand and evolve. Many of the catastrophic physical incidents that have impacted the sector, our nation and the American psyche have brought new challenges to our lives, our economy and our way of life. Boston, Chattanooga, San Bernardino, Orlando, Charlottesville, New York, Las Vegas, and Pittsburgh are all reminders that we must be ever-vigilant.
But the threats aren’t limited to man-made violent attacks. Each day, we contend with challenges from a changing climate in the form of severe hurricanes and storms, other natural perils such as earthquakes, and health threats.
Yet, the ever-shifting presence of cyber threats is a growing threat to our sector as facilities of all types rapidly increase their networked presence. Through enhanced building automations, security systems, industrial controls, smart devices, phishing scams and various other endpoints in the connected world, the RE-ISAC is proactively engaged in addressing cyber threats. As we look at recent incidents – from blended threats like Triton/Trisis malware[2] or complex threats where physical and cyber incidents[3] have supported one another – we get a sense for some of the ways that these threats can pose catastrophic challenges across the sector.
The RE-ISAC works closely with our federal partners, to include the FBI and DHS’ National Cybersecurity and Communications Integration Center (NCCIC), to coordinate cybersecurity analysis and collaborative activities. Through these relationships and its information-sharing network, the RE-ISAC engages in operational efforts to coordinate activities supporting the detection, prevention, and mitigation of a full range of physical, data, and cyber threats to the nation’s critical infrastructure.
As those varied challenges threaten the commercial facilities sector, the RE-ISAC will continue to support the critical infrastructure protection mission of the sector by providing information and analysis on a full range of potential cyber and physical threats, aiding our members in developing risk management and mitigation strategies. Such a strategy is critical to effectively responding to potential incidents affecting their assets and the people in them and to be able to restore normal operations as soon as possible following disruptions. The RE-ISAC works closely with members and across the critical infrastructure and public-private communities. As a member of the National Council of ISACs, RE-ISAC personnel have helped to coordinate preparedness activities by enhancing cross-sector coordination, communications and collaboration among ISACs, government partners and private sector colleagues. By supporting mutual threat awareness and analysis via daily information exchanges, the RE-ISAC has helped improve the collective security and preparedness of our nation’s critical infrastructure.
In short, the RE-ISAC continues to serve every day to enhance the security and resilience of the commercial facilities sector, and our critical infrastructure and neighborhood security partners, to help support our collective homeland security. As the president stated in this year’s Presidential Proclamation on Critical Infrastructure Security and Resilience Month: “The world today relies on critical infrastructure… that is increasingly complex, interconnected, and interdependent. During Critical Infrastructure Security and Resilience Month, we emphasize the vital role of strong national infrastructure in the national and economic security of our Nation. By mitigating risks to our critical infrastructure, we can keep America safe, healthy, and prosperous.”
As we recognize National Critical Infrastructure Security and Resilience Month, the RE-ISAC thanks the women and men throughout the commercial facilities sector who work tirelessly each day – at their facilities, with their partners, and with the RE-ISAC – to help foster a safe and secure environment so all of us can continue to enjoy our local communities, America’s beautiful cities and all the many places we live, shop, work and play – secured by the professionals of the commercial facilities sector.
To learn more about participating in the RE-ISAC, please go to www.reisac.com.
Andy Jabbour leads Gate 15, which provides analytical and preparedness support to the RE-ISAC.
The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email [email protected]. Our editorial guidelines can be found here.
[1] PDD-63 would later be updated by Homeland Security Presidential Directive 7, “Critical Infrastructure Identification, Prioritization, and Protection”, signed 17 December 2003, and Presidential Policy Directive 21, “Critical Infrastructure Security and Resilience,” dated 12 February 2013.
[2] A computer virus engineered to sabotage industrial control systems [ICS].
[3] Such as demonstrated in a story coming from Germany, where physical protests were held as a cyberattack – in that case a DDoS – was also conducted.
