Cyber and Physical Threats

Summary

The rising incidence of violent crime, organized retail crime, civil unrest, cyber-attacks, artificial intelligence (AI), and the renewed threat of terrorism have prompted increased vigilance, information sharing, and legislative efforts to improve our nation’s resilience. The proliferation of these threats has raised concerns in the commercial facilities sector about how to protect commercial properties and the people who occupy them from such threats.

In addition to the challenges posed by these threats, the Russian invasion of Ukraine, conflict in the Middle East, and rising tensions in Asia have raised security concerns about the increased incidence of cyber-attacks from the Russian Federation, the People’s Republic of China (PRC), Iran, North Korea, and other state actors.

The real estate industry, in partnership with policymakers and law enforcement officials, must remain vigilant to potential threats to our critical infrastructure from cyber or physical threats.

Key Takeaways

Recent high-profile hacking attacks have brought to the fore the necessity of fortifying the nation’s IT infrastructure against cyber-attacks. Additionally, there are growing concerns about AI having the potential to create new risks. Key concerns include the risk of cyberattacks exploiting AI vulnerabilities, leading to unauthorized access to facilities or sensitive data.

RER continues to promote security measures against both physical and cyber threats by facilitating increased information sharing and cooperation among its membership with key law enforcement and intelligence agencies, including as part of RER’s Homeland Security Task Force and Real Estate Information Sharing and Analysis Center (RE-ISAC).

Policymakers should avoid imposing duplicative and inconsistent regulations that create additional challenges for those tasked with defending the nation’s critical infrastructure, including the commercial facilities (CF) sector, and undermine cyber preparedness.

See the full fact sheet.

Position

Strengthen Preparedness and Info Sharing: Policymakers and law enforcement agencies must advance efforts to counter potential physical and cyber threats, especially to critical infrastructure. The real estate industry remains an important partner in these efforts.

  • As a critical part of the nation’s infrastructure, real estate continues to assess and strengthen its cyber and physical defenses to protect our industry from an array of threats.
  • In addition to civil unrest, organized retail crime, and violent attacks on properties across the U.S., real estate continues to face a variety of cyber and physical threats, such as:
    • Disruptive and destructive cyber operations against strategic targets, including an increased interest in control systems and operational technology;
    • Cyber-enabled espionage and intellectual property theft;
    • Improvised explosive devices (IEDs);
    • Attacks against U.S. citizens and interests abroad and similar attacks in the homeland;
    • Tenant fraud;
    • Pandemic risk; and
    • Unmanned aircraft system (UAS) attacks against hardened and soft targets.
  • Through a Cybersecurity Information Sharing and Collaboration Agreement with DHS’s CISA, the RE-ISAC engages in operational efforts to better coordinate activities supporting the detection, prevention, and mitigation of cybersecurity, communications reliability, and related data threats to critical infrastructure.
  • RER remains focused on measures that businesses can take—such as creating resilient infrastructure that is resistant to physical damage and cyber breaches—to better prepare for potential threats.
Background

National Cybersecurity Strategy

  • First released in early 2023, the U.S. National Cybersecurity Strategy was designed to “secure the full benefits of a safe and secure digital ecosystem for all Americans” and bolster collaboration between the public and private sectors to ensure a secure cyber ecosystem, according to a White House statement.
  • In May 2024, the U.S. government announced that several aspects of the U.S. National Cybersecurity Strategy were advanced or had gone into force. This includes progress on scores of objectives including developing cybersecurity scenario exercises to help critical infrastructure owners prepare for attacks from nation states and malicious cyber actors and proposing changes to the way the government maintains security.
  • The strategy also aims to ensure that the U.S. stays at the forefront of developing cybersecurity standards and establishes a State Department Bureau of Cyberspace and Digital Policy to build international partnerships to counter malicious cyber actors.
  • The Office of the National Cyber Director (ONCD) issued a report that discusses its efforts to develop “a comprehensive policy framework for regulatory harmonization” that aims to “strengthen” cybersecurity resilience across critical infrastructure sectors, “simplify” the work of sector-specific regulators while taking advantage of their unique expertise, and “substantially reduce the administrative burden and cost on regulated entities.” Comments indicate frustration with a disjointed regulatory environment that increased compliance costs without a commensurate enhancement in cybersecurity.
  • The ONCD plans to use the report to inform its pilot effort to develop a reciprocity framework for a designated critical infrastructure sector. A companion blog post from the head of ONCD describes the pilot as seeking to “design a cybersecurity regulatory approach from the ground up.” The blog calls on Congress for help to bring relevant agencies together “to develop a cross-sector framework for harmonization and reciprocity for baseline cybersecurity requirements.”
Resources
ALL RESOURCES
NEXT
LAST
Fact Sheet: Cyber and Physical Threats to U.S. Real Estate
June 3, 2025
RER Policy Priorities
Homeland Security – Spring 2025 Policy Priorities
April 8, 2025
Roundtable Weekly
Real Estate Coalition Raises Concerns Over Cyber Reporting Requirements
July 12, 2024
Policy Comment Letter
Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements - Comment Letter
July 3, 2024
RER Policy Priorities
Homeland Security - June 2024 Policy Priorities
June 14, 2024
RER Policy Priorities
Fall 2023 Executive Summary
October 13, 2023
Roundtable Weekly
SEC Issues Final Cybersecurity Disclosure Rules for Public Companies
August 5, 2023
Roundtable Weekly
Senate Bill Introduced to Require Federal Guidance on Cybersecurity Insurance
February 25, 2023
Roundtable Weekly
Fed Reports U.S. Financial Stability Risks Include Inflation, Asset Valuation Pressures, and Cyber Attacks
November 12, 2022
Roundtable Weekly
Treasury and CISA Seek Comments on Potential National Cyber Insurance Program
October 7, 2022
Roundtable Weekly
GAO Recommends Government Assessment of Federal Backstop for Catastrophic Cyberattacks
June 24, 2022
Roundtable Weekly
Roundtable and Nareit Raise Concerns to SEC About Proposed Cybersecurity Rules; SEC Climate Proposal Stokes GOP Criticism
May 13, 2022
Policy Comment Letter
Roundtable and Nareit Comment on SEC's Proposed Rules on Cybersecurity
May 9, 2022
Roundtable Weekly
SEC Proposes 4-day Cybersecurity Reporting Requirements for Public Companies; Roundtable’s HSTF Plans Security Threat Briefings
March 19, 2022
Policy Comment Letter
Coalition Cyber Incident Reporting Comment Letter
October 4, 2021
MORE ISSUES
MORE ISSUES
NEXT
LAST
Cyber and Physical Threats
RER's Homeland Security Task Force (HSTF)
Real Estate Information Sharing and Analysis Center (RE-ISAC)
Homeland Security
Cyber and Physical Threats

Summary

The rising incidence of violent crime, organized retail crime, civil unrest, cyber-attacks, artificial intelligence (AI), and the renewed threat of terrorism have prompted increased vigilance, information sharing, and legislative efforts to improve our nation’s resilience. The proliferation of these threats has raised concerns in the commercial facilities sector about how to protect commercial properties and the people who occupy them from such threats.

In addition to the challenges posed by these threats, the Russian invasion of Ukraine, conflict in the Middle East, and rising tensions in Asia have raised security concerns about the increased incidence of cyber-attacks from the Russian Federation, the People’s Republic of China (PRC), Iran, North Korea, and other state actors.

The real estate industry, in partnership with policymakers and law enforcement officials, must remain vigilant to potential threats to our critical infrastructure from cyber or physical threats.

Key Takeaways

Recent high-profile hacking attacks have brought to the fore the necessity of fortifying the nation’s IT infrastructure against cyber-attacks. Additionally, there are growing concerns about AI having the potential to create new risks. Key concerns include the risk of cyberattacks exploiting AI vulnerabilities, leading to unauthorized access to facilities or sensitive data.

RER continues to promote security measures against both physical and cyber threats by facilitating increased information sharing and cooperation among its membership with key law enforcement and intelligence agencies, including as part of RER’s Homeland Security Task Force and Real Estate Information Sharing and Analysis Center (RE-ISAC).

Policymakers should avoid imposing duplicative and inconsistent regulations that create additional challenges for those tasked with defending the nation’s critical infrastructure, including the commercial facilities (CF) sector, and undermine cyber preparedness.

See the full fact sheet.

READ MORE
Homeland Security
RER's Homeland Security Task Force (HSTF)

The Real Estate Roundtable's Homeland Security Task Force (HSTF) is focused on enhancing the commercial facilities sector's ability to meet its current and future security-related challenges by analyzing threats, sharing information, and fostering resilience through a broad threat matrix of physical and cyber risks.

READ MORE
Homeland Security
Real Estate Information Sharing and Analysis Center (RE-ISAC)

The Real Estate Information Sharing and Analysis Center (RE-ISAC) is a public-private partnership between the U.S. commercial facilities sector and federal homeland security officials. It is the primary conduit of terrorism, cyber, and natural hazard warning and response information between the government and the commercial facilities sector. 

Through this network, the RE-ISAC engages in operational efforts to coordinate activities supporting the detection, prevention, and mitigation of a full range of physical, data, and cyber threats to the nation’s critical infrastructure.

READ MORE