Cybersecurity and its impact on your commercial real estate portfolio

DEFINING CYBERSECURITYTHE IMPACT ON YOUR COMMERCIAL

REAL ESTATE PORTFOLIO

DEFINING CYBERSECURITYThe global cybersecurity market is currently worth more than $107 billion in 2015 and is expected to surpass $170 billion by 2020—an annual growth rate of almost 10%. As the largest practice group of its kind in the country, JLL’s Government Investor Services team closely tracks issues, like cybersecurity, that impact federally-leased real estate. With more than $32 billion spent in the past decade and trillions more planned for the decade to come, we anticipate that cybersecurity will renew federal leasing velocity in ways not seen since the stimulus package of 2009.

JLL’S INTRODUCTION TO CYBERSECURITY FOR GOVERNMENT REAL ESTATE INVESTORS WILL COVER:

WHAT CYBERSECURITY IS INFRASTRUCTURE CONSIDERATIONS

SPECIFIC INDUSTRY THREATS GLOSSARY OF KEY TERMS

THE IMPACT ON YOUR COMMERCIALREAL ESTATE PORTFOLIO

DEFINING CYBERSECURITY


The federal real estate market has experienced a significant decrease in demand in the first half of this decade. Executive Mandates requiring reduction in space consumption; Congressional consensus regarding per person space utilization compression; increase in teleworking among federal employees, all have coalesced into an unprecedented flat demand horizon. With all of the focus on austerity and reduction in federal space consumption, however, there is an area of growth emerging with not only regional, but national impact; not only public economic impact, but impact on the macro economy/private sector. Cybersecurity, cyberwarfare and the ripple effects of cyber focused growth spending will be felt all over the Washington region. This report explores and explains CyberSecurity as a policy movement and the potential impact its implementation could have on the commercial real estate market.


The effects of the Initiatives, Acts and Orders outlined above have already had an impact on the DC Metro Commercial RE market: Not only do they create growth potential within individual agencies across the country as civilian agencies seek to operationalize the mandate/order to improve critical infrastructure internally but these policies also establish the foundation of the Civilian Cyber Campus

Lastly, the Workforce Recruitment and Retention Act of 2014 stands to be a transformational piece of legislation for the Washington regional economy. Similar to the migration of talent into the region during the Stimulus Boom of 2008 through 2010, if the Government prioritizes attracting top tech

DEFINING CYBERSECURITYtalent through offering compensation packages comparable to the private sector, every sector of the DC metro economy could be affected–from multi-family housing to retail to, most notably, commercial office.

DEFINING CYBERSECURITYA GLOSSARY


This glossary is a collection of commonly used cyber related terms. It is meant as a primer for understanding basic industry terminology. For the purposes of this list, terms have been divided into either Offensive or Defensive connotations—although many of the terms apply to both.

A GLOSSARY: OFFENSIVE CYBERSECURITY

A GLOSSARY: OFFENSIVE CYBERSECURITYOFFENSIVE CYBER

ATTACK (CYBERATTACK) – An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. There are 5 main attack types:1. PHISHING – An attack designed to

deceive individuals into providing sensitive information.

2. SPOOFING – Faking the sending address of a transmission to gain unauthorized entry into a secure system.

3. DENIAL OF SERVICE – An attack that prevents or impairs the authorized use of resources or services.

4. TROJAN HORSE – A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms.

5. MALWARE – Software that compromises the operation of a system by performing an unauthorized function or process.

BOT – A computer connected to the Internet that has been compromised with malicious intent to perform activities under remote control.


BOTNET – A collection of computers compromised by malicious code and controlled across a network.CYBERTHREAT – The possibility of a malicious attempt to damage or disrupt a computer network or system.DATA BREACH – The unauthorized movement or disclosure of sensitive information to a party that is not authorized to have or see the information.DATA MINING – The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.

HACKER – An unauthorized user who attempts to or gains access to an information system. KEYLOGGER – Software or hardware that tracks keystrokes, usually secretly, designed to be monitored by an alternate user.SPAM – The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.SPYWARE – Software that is secretly installed into an information system without the knowledge of the system user or owner.


THEFT – The primary goal of hackers, cyber related theft typically is either:1. IDENTITY THEFT

2. INTELLECTUAL PROPERTY THEFT(i.e. patents, trademarks, trade secrets and copyrights)

VIRUS – A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.

ZERO-DAY ATTACKS – An attack that exploits a previously unknown vulnerability in a computer application or operating system, one that developers have not had time to address and patch.

A GLOSSARY: OFFENSIVE CYBERSECURITYDEFENSIVE CYBER

ANTISPYWARE SOFTWARE – A program that specializes in detecting and blocking or removing forms of spyware.CLOUD COMPUTING – An on-demand network of “shared pool” computing resources. COMPUTER NETWORK DEFENSE – The actions taken to defend against unauthorized activity within computer networks.CRITICAL INFRASTRUCTURE – The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.

CYBERSECURITY – Protecting computers, mobile devices, tablets, networks, programs and data from unauthorized access or manipulation.CYBERSPACE – The interdependent network of information technology infrastructures. Cyberspace includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers.DARK FIBER NETWORK – A privately operated network of optical fiber cabling that is used for secure and direct communication and data exchange between facilities

A GLOSSARY: OFFENSIVE CYBERSECURITYDEFENSIVE CYBER

DIGITAL FORENSICS – Gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.FIREWALL – A capability to limit network traffic between information systems.NETWORK RESILIENCE – The ability of a network to: 1. Provide continuous operation.2. Recover effectively if failure does occur.3. Scale to meet rapid or unpredictable

demands.

REDUNDANCY – Additional systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system.SCIF – Sensitive Compartmented Information Facility - an enclosed area within a building that is used to process classified information

DEFINING CYBERSECURITYTHE INFRASTRUCTURE LANDSCAPE


THE INFRASTRUCTURE LANDSCAPEWith cybersecurity growing as a major concern for both the government and the private sector, the Federal Government is at the forefront of coordinating a national response. Investors and owners of federally-leased assets need to understand the basic framework of the federal cybersecurity plan to know what implications the Government’s strategy may have on federally-occupied buildings. As various federal agencies are given new responsibilities and mandates, expansion and growth opportunities arise. Alternately, agencies not favored with cybersecurity-linked funding may continue to experience right-sizing and reduction.

For the private sector, understanding your tenants’ cyber-related role will give you a competitive edge in the market as their space needs over the coming decades can be affected by what kind of attack they are guarding against. Each major industry will care about different types of cyber threats and the various agencies are involved in protecting them.

THE INFRASTRUCTURE LANDSCAPE

FARMS/FOODPROCESSING PLANTS

CABLE FIBER DELIVERY SERVICES(E.G TRUCKS)

GOVERNMENTFACILITIES

HOSPITALS

RAILROADS, HIGHWAYS,PIPELINES, PORTS

DAMS, RESERVOIRS,TREATMENT PLANTS

NUCLEARPOWER PLANTS

CORPORATIONG/INSTITUTIONS

POWERPLANTS

PHYSICAL INFRASTRUCTURE


CYBER INFRASTRUCTURE

INFORMATIONTECHNOLOGY

CONTROLSYSTEMS

HARDWARESOFTWARE

INTERNET


FOOD &AGRICULTURE

DAMS ENERGY

CRITICAL INFRASTRUCTURE

BANKING &FINANCE

CHEMICAL COMMERCIALFACILITIES

COMMUNICTATIONS

CRITITCALMANUFACTURING

DEFENSEINDUSTRIAL BASE

EMERGENCYSERVICES


GOVERNMENTFACILITIES

HELTHCARE &PUBLIC HEALTH

CRITICAL INFRASTRUCTURE

NATIONAL MONUMENTS& ICONS

INFORMATIONTECHNOLOGY

NUCLEAR REACTORS,MATERIALS & WASTE

POSTAL& SHIPPING

TRANSPORTATION WATER

DEFINING CYBERSECURITYCYBERSECURITY THREATS

BY INDUSTRY


CYBERSECURITY THREATS BY INDUSTRYWith cybersecurity growing as a major concern for both the government and the private sector, the Federal Government is at the forefront of coordinating a national response. Investors and owners of federally-leased assets need to understand the basic framework of the federal cybersecurity plan to know what implications the Government’s strategy may have on federally-occupied buildings. As various federal agencies are given new responsibilities and mandates, expansion and growth opportunities arise. Alternately, agencies not favored with cybersecurity-linked funding may continue to experience right-sizing and reduction.

For the private sector, understanding your tenants’ cyber-related role will give you a competitive edge in the market as their space needs over the coming decades can be affected by what kind of attack they are guarding against. Each major industry will care about different types of cyber threats and the various agencies are involved in protecting them.

CYBERSECURITY THREATS BY INDUSTRY

BANKSDenial-of-service, fraud, botnets and web authentication attacks

US Secret Service (USSS)

Department of Treasury

Office of the Comptrollerof the Currency (OCC)

Securities and Exchange Commission (SEC)

Consumer Financial Protection Bureau (CFPB)


CREDIT CARD PROCESSORSDenial-of-service, fraud, botnets and web authentication attacks

Internal Revenue Service (IRS)

Consumer Product Safety Commission (CSPC)


Federal Bureau of Investigation (FBI)



DEFENSE/INDUSTRIAL SECTORZero-day hacks, remote access and phishing

Department of Defense (DoD)

National Protection and Programs Directorate (NPPD)


HOSPITALITYPoint-of-sale compromise (credit cards), open Wifi and admin accounts



HOSPITALITYPhishing, zero-day attacks and data breach

Federal Communications Commission (FCC

Federal TradeCommission (FTC)


RETAILOpen Wifi, point-of-sale compromise and data breach



Consumer Products Safety Commission (CPSC)


SMALL & MEDIUM BUSINESSESCredit cards, phishing, point-of-sale compromise, etc


Small Business Administration (SBA)



WEBSITEMalicious code injection and exclusion from core security

National Programs and Protectorate Directorate (NPPD)

Department of Homeland Security (DHS)

Federal Communications Commission (FCC)

FOR MORE CYBERSECURITY RESOURCES FOR GOVERNMENT REAL ESTATE INVESTORS, VISIT

JLL.COM/CYBERSECURITY

http://www.jll.com/cybersecurity

Date post:	30-Jul-2015
Category:	Business
Upload:	jll
View:	412 times
Download:	1 times