Real Estate Coalition Raises Concerns Over Cyber Reporting Requirements

A coalition of national real estate associations submitted comments to the Cybersecurity and Infrastructure Security Agency (CISA) expressing concerns over a new proposed rule: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements. As currently drafted, the rule imposes overly burdensome requirements and requires companies to assume unnecessary but significant legal and cybersecurity risks. (Letter)

Cyber Incident Reporting Rule

  • Under the current proposal, companies would be required to report significant cyber incidents to the Department of Homeland Security or CISA within 72 hours as well as any ransomware payments within 24 hours.
  • Given the ever-expanding cyber-threat landscape, the rental housing and real estate industry has prioritized defense against vulnerabilities.
  • The industry has undertaken efforts to mitigate cybersecurity risks, implement policies to prevent and mitigate such risks and encourage investments in bolstering cyber defenses to protect data.

  • The letter noted, “We support a unified but flexible regulatory framework for data security and incident notification, and believe it is important to have a balanced approach to providing consumers with meaningful information about material cybersecurity risks and incidents, while also not imposing overly burdensome regulations on the real estate/rental housing industry or unintentionally exposing our members to substantially greater cybersecurity risks.”

Industry Concerns and Recommendations

  • Overly burdensome requirements: CISA should revise the definition of “covered cyber incident” to a higher threshold for reporting to prevent unnecessary administrative load.
  • Disproportionate compliance costs: the estimated compliance cost of over $1.4 billion is seen as disproportionate to the benefits. These funds could be better spent on actual cybersecurity measures rather than on reporting.
  • Reporting deadlines are unclear and increase the risk of attack: the proposed rule’s 72-hour reporting requirement and 24-hour ransom payment reporting deadline could hinder effective incident response and increase vulnerability to additional attacks.
  • The proposed rule adds another reporting requirement to an already cluttered landscape. CISA should harmonize its reporting requirements to reduce compliance burdens.

The Real Estate Roundtable’s Homeland Security Task Force and RE-ISAC will continue to be resources and assist CISA in the development of clear, effective, and secure cyber incident reporting rules.

Treasury Issues Alert on Potential Russian Attempts to Evade Sanctions Through U.S. CRE Investments

The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warned financial institutions this week about how Russian elites and their proxies may attempt to evade sanctions by exploiting vulnerabilities in the U.S. commercial real estate market. (FinCEN Alert | Bloomberg and Wall Street Journal, Jan. 25) 

Russian Exploitation 

  • Treasury has imposed wide-ranging sanctions on certain Russian elites, their proxies, and others who have provided support for Russia’s brutal war against Ukraine. (Treasury’s Sanctions List Updates)
     
  • FinCEN Acting Director Himamauli Das said, “Today we are identifying red flags and typologies in commercial real estate transactions that financial institutions can use to remain vigilant in monitoring, detecting, and reporting suspicious activity that may be indicative of sanctions evasion by sanctioned Russia elites, oligarchs and their proxies.” (Treasury news release, Jan. 25)
     
  • FinCEN’s 11-page alert warns that sanctioned Russian elites and their proxies may pose as CRE investors seeking to evade sanctions by using shell companies, trusts, and pooled investment vehicles, including offshore funds, in order to avoid customer due diligence obligations and beneficial ownership protocols established by financial institutions.
  • The alert also reminds financial institutions involved in loan syndication—including banks, life insurers, and other types of companies regulated by the Bank Secrecy Act—that Section 314(b) of the USA PATRIOT Act provides a safe harbor that offers protections from liability for financial institutions who share information with one another on suspected money laundering or terrorist activities.
     
  • Questions or comments regarding the alert should be sent to the FinCEN Regulatory Support Section at frc@fincen.gov

The Treasury Department issued a final rule last Sept. that will require millions of companies to report information about their “beneficial owners”—persons who own at least 25% of a company or exert significant authority over it—to FinCEN. (Roundtable Weekly, Sept. 30, 2022 | Final Treasury Rule | Fact Sheet | Wall Street Journal and Bloomberg Law, Sept. 29) 

#  #  # 

Federal Officials, Roundtable Focus on Potential Election-Related Threats

CISA Presentation to HSTF Oct 2022 start

This week, U.S. security officials released information on their efforts to secure the nation’s election infrastructure and protect American voters from intimidation, discrimination or threats of violence related to the Nov. 8 midterm elections. The potential for political violence, cyberattacks and mitigation strategies were also among the topics of discussion during yesterday’s Real Estate Roundtable Homeland Security Task Force (HSTF) virtual meeting. (Presentation to HSTF | Justice Department bulletin and Politico, Oct. 24)

Election Security

CISA Presentation Slide to HSTF Oct 2022

  • As election sites and offices are hardening formerly soft targets, hiring security guards, and installing bulletproof and bomb-resistant glass, the HSTF meeting featured a discussion with Mohamed Telab—Deputy Regional Director (DRD) for the Cybersecurity and Infrastructure Security Agency’s (CISA) Region II—on federal resources available for securing elections. (Axios, Oct. 9 and CISA website)
  • Earlier this month, CISA Director Jen Easterly said, “At this time, we are not aware of any specific or credible threats to compromise or disrupt election infrastructure” although the current threat environment is “more complex than it has ever been.” (Politico, Oct. 24 and Reuters, Oct. 17)
  • The FBI previously issued a public service announcement on Oct. 12 warning about election crimes and the Department of Homeland Security announced in June that “calls for violence by domestic violent extremists” against election workers, candidates and democratic institutions will likely rise closer to the midterms. (CNBC, Oct. 27)

Local Tactics

Mail Ballot Drop Box

  • Domestic disinformation campaigns and homegrown threats to poll workers are emerging as the more significant concerns ahead of midterm elections than foreign interference. Extremists are reportedly focusing their efforts locally, monitoring neighborhood ballot boxes and signing up as poll workers. (Axios, Oct. 26)

The Roundtable’s HSTF and the Real Estate Information Sharing and Analysis Center (RE-ISAC) work closely with federal officials on potential cyber and physical threats to CRE. Roundtable members interested in participating in the HSTF or RE-ISAC can contact Roundtable Senior Vice President Chip Rodgers or call 202-639-8400.

#  #  # 

National Counterterrorism Center Offers Private Sector a Preview of New Platform to Protect Against Threats

ActKnowledge logo

The National Counterterrorism Center (NCTC) on Sept 28 will preview its new aCTknowledge platform, designed to deliver timely situational awareness notifications covering terrorist events that may impact local communities.

How to Participate

  • CRE participants can join the preview here:
  • Wednesday, September 28 from 1:00–2:00 pm (ET)
  • Zoom link
    • Meeting ID: 833 6363 8044 
    • Passcode: 591990
  • The aCTknowledge platform will provide significant tactics, techniques, and procedures to support homeland security, law enforcement, and community first responder efforts aimed at protecting against terrorist threats. Additionally, NCTC’s aCTknowledge will offer reference guides to aid in rapid response and deployment, helping with private sector efforts. (See fact sheet about the new platform)

Roundtable Efforts

REISAC logo

  • The Roundtable—through our Homeland Security Task Force (HSTF) and partnership with the Real Estate Information Sharing and Analysis Center (RE-ISAC)—remains focused on increased cross-agency information sharing and cooperation with key law enforcement and intelligence agencies that benefit the industry.
  • The RE-ISAC sends a daily report to members to share actionable information on a variety of potential cyber and physical threats. Additionally, The Roundtable’s HSTF works closely with federal, state, and local law enforcement, intelligence agency partners, and the RE-ISAC on risk mitigation measures that CRE businesses may consider to help protect critical infrastructure.

See The Roundtable’s 2022 Annual Report’s Homeland Security section.

#  #  # 

DHS Warns of Increased Extremist Threats Through November Midterm Elections

DHS Bulletin June 7, 2022

The Department of Homeland Security (DHS) issued a National Terrorism Advisory System Bulletin this week, warning of a “heightened threat environment” affecting targets that encompass U.S. critical infrastructure, public gatherings, faith-based institutions, schools, racial, ethnic, and religious minorities, government facilities and personnel, the media, and perceived ideological opponents. (DHS Bulletin, June 7) 

CRE & Security Threats 

Cathy Lanier

Gun Violence

CEOs for Gun Safety

  • Three real estate CEOs who have served on The Roundtable’s Board of Directors joined 225 other national business leaders in a joint letter to the Senate yesterday, urging “bold urgent action” to address gun violence. (CBS News, June 10)
  • Roundtable members Owen Thomas (CEO & Director, Boston Properties/BXP), Scott Rechler, (Chairman and CEO, RXR) and William Rudin (Co-Chairman & CEO, Rudin Management Company) are signatories on the joint letter.
  • The letter states, “Taken together, the gun violence epidemic represents a public health crisis that continues to devastate communities—especially Black and Brown communities—and harm our national economy.” (CNBC, June 10) 

  • Roundtable President and CEO Jeffrey DeBoer issued a May 27 statement on gun violence in America, calling on Democrats and Republicans “… to pass common sense legislation to remove weapons of war from America’s cities and communities.” 

The Roundtable’s 2022 Roundtable Policy Agenda states, “As a critical part of the nation’s infrastructure, real estate continues to face an array of threats from natural catastrophes, international and domestic terrorism, criminal activity, cyber-attacks, and border security. To address such threats, The Roundtable continues to help build a more secure and resilient industry against both physical and cyber threats.” 

#  #  # 

Roundtable Convenes Town Hall on Ukraine With Alexander Vindman; Biden Administration Warns About Russian Cyberattacks

Lieutenant Colonel (Ret.) Alexander Vindman, Senior Advisor of VetVoice Foundation, today discussed the conflict in Ukraine during a Real Estate Roundtable virtual town hall. In recent years, Vindman served on the White House’s National Security Council as the Director for Eastern Europe, the Caucasus, and Russia. (Watch video discussion)

Focus on Ukraine

  • Vindman and Roundtable President and CEO Jeffrey DeBoer addressed Ukraine in the context of Democracy vs. Authoritarianism, the spillover effects of the war, and the need for a future international reconstruction effort.
  • “It’s a geopolitical earthquake that has unfolded over the past year, culminating in a war between the largest country in the world and the largest country in Europe,” Vindman stated.
  • In addition to the devastating human and physical destruction, the war’s spillover effects include interruptions to the supply of crucial commodities such as neon and titanium, and food supplies for the Middle East and Africa.
  • “The longer this war continues, the greater the chance of spillover,” Vindman said, citing the Russian attack on a Ukrainian nuclear power plant, and the potential use of cyberwarfare and chemical weapons.
  • He added the war’s eventual outcome will be a significant setback to Authoritarianism – and that the West should keep a door open for a reconciliation with Russia after Putin is gone.
  • Vindman and DeBoer also discussed the need for an enormous reconstruction effort, which Vindman said could amount to $100 billion international fund that could take the form of a public-private partnership. (Watch video discussion)
  • Roundtable members can support Ukraine against the Russian invasion via the VetVoice Foundation.

U.S. Support

Zelensky before U.S. Congress
  • Since the invasion of Ukraine began, over 450 U.S. companies have announced their withdrawal from Russia, shutting down 25% of Russia’s gross domestic product (GDP), according to Professor Jeffrey Sonnenfeld at the Yale Chief Executive Leadership Institute. Sonnenfeld’s research team maintains a list of companies that have either withdrawn from Russia completely, suspended or scaled back operations, or delayed investments. (Fortune, March 16)
  • Many American Hotel & Lodging Association members, including Hilton and Marriott International, recently announced donations for humanitarian aid; the closure of their corporate offices in Moscow; and a suspension all future hotel development and investment in Russia. (TravelPulse, March 21 and Roundtable Weekly, March 18) 

White House CyberSecurity Warning 

WhiteHouse cyber warning
  • President Joe Biden alerted U.S. business leaders on March 21 that “based on evolving intelligence, Russia may be planning a cyberattack against us.” Biden added, “[I]t’s a patriotic obligation for you to invest as much as you can in making sure … you have built up your technological capacity to deal … with cyberattacks.” (Remarks by President Biden | White House Statement | Fact Sheet: Act Now to Protect Against Potential Cyberattacks, March 21)
  • The growing concern about a possible Russian cyberattack response over U.S. sanctions also led White House Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger, above, to clarify that although “there is no certainty” of an attack, Biden’s warning was intended to focus attention on “critical infrastructure.” (White House Press Briefing video | BGov and Axios, March 21)

The Real Estate Roundtable’s Homeland Security Task Force and the Real Estate Information Sharing and Analysis Center (RE-ISAC) continue to work with its members, key law enforcement and intelligence agencies to help manage and mitigate cyber and physical threats to the commercial facilities sector. (Information on joining the RE-ISAC and Roundtable Weekly, March 4) 

#  #   #

Real Estate Preparedness Exercise on January 20 to Address Adverse Weather and Hostile Events

The Real Estate Roundtable’s Homeland Security Task Force and the Real Estate Information Sharing and Analysis Center (RE-ISAC) invite member organizations to participate in a Virtual Preparedness Exercise on January 20.

  • One exercise will address winter weather preparedness to examine critical dependencies related to water, power and communications/IT. Another exercise will focus on hostile events in local areas that do not directly target a member’s facility.  One recent example of such an event involved an armed suspect incident in Boston that shut down activity in a four-block radius during a seven-hour standoff.
  • Government officials and other industry ISACs will also participate in the Jan. 20 event, scheduled for 2:00-3:30 pm ET.  Please RSVP no later than January 18 to Liz Hoopes and indicate if you prefer to participate in a weather preparedness or hostile events group.
  • Additionally, HSTF has recently worked with government officials to produce a one-page reference on “flash mob” retail theft to assist businesses in recognizing potential preparatory actions for future criminal activity.

For more information, please contact Roundtable Senior Vice President Chip Rodgers.

#  #  # 

Real Estate Preparedness Exercise on Adverse Weather and Hostile Events Scheduled for Jan. 20, 2022

REISAC logo x475

The Real Estate Roundtable’s Homeland Security Task Force and the Real Estate Information Sharing and Analysis Center (RE-ISAC) invite member organizations to participate in a Virtual Preparedness Exercise on Jan. 20, 2022.

  • One exercise will address winter weather preparedness to examine critical dependencies related to water, power and communications/IT. Another exercise will focus on hostile events in local areas that do not directly target a member’s facility.  One recent example of such an event involved an armed suspect incident in Boston that shut down activity in a four-block radius during a seven-hour standoff.
  • Government officials and other industry ISACs will also participate in the Jan. 20 event, scheduled for 2:00-3:30 pm ET.  Please RSVP no later than January 14 to Liz Hoopes and indicate if you prefer to participate in a weather preparedness or hostile events group.
  • Additionally, HSTF has recently worked with government officials to produce a one-page reference on “flash mob” retail theft to assist businesses in recognizing potential preparatory actions for future criminal activity.

For more information, please contact Roundtable Senior Vice President Chip Rodgers.

#  #  # 

The Roundtable Commemorates 20th Anniversary of 9-11 and TRIA’s Positive Impact

9-11Tribute NYC skyline

The Real Estate Roundtable this week commemorated the 20th anniversary of the 9-11 attacks by recognizing the enduring, positive impact of the Terrorism Risk Insurance Act (TRIA) and holding a joint meeting of the organization’s Homeland Security Task Force (HSTF) and Risk Management Working Group (RMWG). 

Reflection and Action 

  • Roundtable President and CEO Jeffrey DeBoer stated, “The nation and the industry reflects during this solemn anniversary week on the profound human losses, and lessons learned, from the tragic events of September 11, 2001.”
  • DeBoer added, “We also recognize the enduring, positive impact of the Terrorism Risk Insurance Act (TRIA) to help protect the economy in the event of future attacks. The Roundtable remains proud of its efforts in the wake of 9-11 and secure TRIA renewals that extend the program until the end of 2027.  Our nation remains vigilant against terrorism threats as our industry remains steadfast in working with government agencies to combat physical and cyber-terrorist attacks.” 

9-11 Legacy: TRIA 

CIAT logo

  • A Sept. 7 article in Commercial Observer reported how The Real Estate Roundtable organized a coalition of business insurance policyholders – the Coalition to Insure Against Terrorism – to win passage of TRIA.  The article states, “TRIA has provided the commercial real estate industry with a crucial backstop against losses suffered from external threats in the nearly two decades since its enactment.”

  • The article quotes Roundtable Board Member Anthony Malkin, (chairman, president and CEO, Empire State Realty Trust) on the far-reaching, positive impact of TRIA on CRE, colleges, sports stadiums and hospitals.
  • Roundtable Senior Vice President Chip Rodgers is also quoted about TRIA’s vital importance for commercial real estate, since lenders require ‘all risk’ insurance coverage — including terrorism coverage — to cover the risk of loss to the collateral. (Commercial Observer, Sept 7) 

Ongoing Industry Efforts 

REISAC logo x475

  • The Roundtable’s HSTF and the Real Estate Information Sharing Analysis Center (RE-ISAC) were launched soon after 9-11 to coordinate CRE’s response to potential future attacks and share threat information.
  • The HSTF and RMWG virtual joint meeting this week featured a discussion with Peter Bergen, whose extensive background as an expert on terrorism includes years as a journalist, documentary producer, vice president for global studies & fellows at New America, and CNN national security analyst. He is currently co-director at the Center on the Future of War at Arizona State University. Mr. Bergen discussed the current threat picture facing the United States, including the ramifications of the Taliban’s return to power in Afghanistan.
  • Roundtable participants were also joined by Shane Lamond (Lieutenant, D.C. Metropolitan Police Department) who led a discussion on civil unrest threats, the proliferation of ransomware attacks and various COVID-related challenges of re-entering buildings. 

The Roundtable is also working with the Business Continuity Coalition to develop an insurance program that protects jobs by ensuring business continuity from future economic losses from pandemics and other health emergencies that necessitate widespread government mandated closures of the economy. (Roundtable Weekly, July 23) 

#  #  # 

Potential Election-Related Civil Unrest Monitored and Shared by Real Estate Information Sharing and Analysis Center (RE-ISAC)

REISAC logo x475

The escalating threat of civil unrest related to the election – looting, homegrown violent extremists and organized attacks on properties – continues to be addressed by law enforcement and the commercial real estate industry.  Through the Real Estate Information Sharing and Analysis Center (RE-ISAC), The Real Estate Roundtable works with government officials and private sector partners to detect, protect and respond to a multiplicity of such key threats.

  • The RE-ISAC serves as the primary conduit of terrorism, cyber and natural hazard warning and response information between the government and the commercial facilities sector.
  • Through its information-sharing network, the RE-ISAC engages in operational efforts to coordinate activities supporting the detection, prevention, and mitigation of a full range of physical, data, and cyber threats to the nation’s critical infrastructure.
  • The RE-ISAC is now maintaining a central section online of election-related threats and updates, both physical and cyber, called U.S. & Election 2020. While not a direct threat to the Commercial Facilities Sector, cyberattacks, misinformation, physical threats and intimidation, as well as the complexities of an election during the pandemic are concerns that must be monitored and shared with CRE stakeholders.

Reference:

  • To subscribe to the RE-ISAC Daily Report and alerts, industry participants should contact RE-ISAC Executive Director Chip Rodgers.

The Roundtable’s Homeland Security Task Force

FBI Headquarters building in Washington, DC

  • Additionally, The Roundtable’s Homeland Security Task Force (HSTF) held a remote meeting on Oct. 21 that included presentations on election-related security issues with Michael Burgwald, Assistant Section Chief, Domestic Terrorism Operations Section, Counterterrorism Division, Federal Bureau of Investigation and Branden Fuller, Unit Chief, Strategic Engagement Unit, Counterterrorism Division, Federal Bureau of Investigation.   
  • HSTF is co-chaired by Charlie McGonigal, Brookfield’s Senior Vice President, Global Security & Life Safety, U.S. Office Division, and Dan Kennedy, Unibail-Rodamco-Westfield (URW) Senior Vice President, US Security Operations.
  • McGonigal said, “Our well-established industry relationship with federal, state and local law enforcement partners and homeland security officials facilitates a robust information-sharing exchange that benefits both the commercial facilities sector and government officials. We rely on timely updates from them and they look to us for insight on threats to commercial real estate.”
  • Kennedy added, “Last week’s remote meeting of our Homeland Security Task Force had a high participation rate from Roundtable members across the country eager for the view of security officials on potential security threats surrounding the elections. To raise awareness of how these kind of tensions, or other threats, could manifest in actions affecting CRE requires these ongoing briefings and useful meetings.”
  • The HSTF will hold another WebEx meeting on Friday, November 6, 2020 at 11:30 AM ET. The focus of the meeting will be to discuss any post-election unrest and discuss strategies used to address those situations.  For more information, please contact Roundtable Senior Vice President Chip Rodgers.

A summary of election-related security threats will also be one topic of discussion on January 27, 2021 during HSTF’s meeting that will be held in conjunction with The Roundtable’s all-member State of The Industry Meeting.

#  #  #