Building operations may not appear to be affected by geopolitical struggles in other countries. But that assumption is risky.
“I don’t think we need to view geopolitical events, such as what’s happening in Iran, as distant issues,” says John Orloff, global service line leader of security risk consulting at Jensen Hughes. “They can present operational risks and have local impacts.”
With 44 years in the field, including 21 years with the U.S. Secret Service, Orloff has seen how global instability translates into real-world consequences at the local level. Whether the issue is supply chain disruption, cyber vulnerabilities or physical threats, the effects of conflict rarely stay confined to one region.
As Orloff explains, disruptions do not need to occur locally to create problems locally. A conflict overseas can interrupt a single supplier, and that disruption can cascade through manufacturing, distribution and operations across the United States. Facility managers may not see the origin of the problem, but they will feel its effects.
“The spillover risk is tangible. It can disrupt physical facilities, and impact financial and business operations,” he says.
When organizations examine their security posture, they often assume the biggest risks are tied to technology. In reality, many vulnerabilities are far more basic—and human.
Orloff points first to everyday behavior. Holding a door open for someone, allowing a person to bypass badging protocols or trusting a familiar face can create security issues that no amount of technology can compensate for.
“We are a friendly society,” he says. “You hold the door open for someone, and suddenly you’ve allowed tailgating.”
Vulnerabilities also extend into the physical environment. Aging cameras, blind spots in surveillance coverage and unsecured entry points are common, particularly in facilities that have layered new technologies onto outdated infrastructure.
But the most significant risks today sit at the intersection of physical and digital systems. As buildings become smarter, they become more complex. Systems that were never designed to be connected are now integrated, often without proper security controls.
“This creates opening for cyber-physical threats such as unauthorized access to building management systems, manipulation of surveillance footage or remote disruption of operational technology,” Orloff says.
Compounding the issue is a disconnect between IT departments and physical security teams. Without this coordination, it’s possible to miss critical signals and ignore vulnerabilities.
“That lack of communication is a strategic gap,” Orloff says.
One of the most consistent challenges in facility security is familiarity. Teams that manage a building every day can become accustomed to its risks and blind to its vulnerabilities, according to Orloff.
This is why he strongly recommends independent risk assessments.
“It’s one thing for a facility manager to look at their own operation,” he says. “But you really need an objective, third-party assessment to reveal gaps you may not see.”
An effective assessment provides a roadmap for action. It helps facility managers prioritize improvements based on risk, cost and feasibility. It also ensures that recommendations are grounded in real-world scenarios, not theoretical threats that are unlikely to occur.
This is especially important for facilities operating under tight budgets, where every security investment must deliver measurable value.
Even when facilities have emergency response plans, these plans often exist to meet regulatory requirements rather than guide real-world action.
“Too many plans get written, put in a binder and sit on a shelf,” Orloff says.
To be effective, an emergency plan must be treated as a living document. It should evolve with the facility, reflect current risks and be reinforced through regular training.
Orloff emphasizes that preparedness happens when emergency plans are embedded into daily operations. Employees must understand their roles, be willing to act and have practiced emergency responses until they become second nature.
Without that level of familiarity, even well-designed plans can fail under pressure, he says.
Orloff stresses that it’s vital to regularly test the plan. Tabletop exercises, in particular, allow teams to walk through realistic scenarios and identify gaps before an emergency. These exercises should include a range of potential events, from fire to severe weather to active shooter threats.
Traditionally, manufacturers designed security systems to document incidents after the fact. Cameras recorded footage, access systems logged entries and investigations followed.
That approach no longer aligns with today’s threat environment, according to Orloff.
“We used to record so we could go back and see what happened,” he explains. “Today, we’re moving toward live monitoring and immediate response.”
The shift from evidentiary to preventative security is one of the most important changes facility managers must make, he adds.
A system that only captures footage after an incident is no longer sufficient. Security systems, he says, must be capable of detecting anomalies in real time and enabling immediate action.
Orloff also maintains facility operations managers must examine whether security systems are still viable. Aging infrastructure often reveals itself through subtle warning signs, such as lagging video feeds, increasing failure rates or rising maintenance costs. When those costs begin to approach replacement levels, he says systems may no longer be assets, but liabilities.
Facility managers can gain valuable insights by looking at how high-security environments, such as the energy sector, operate when it comes to redundancy and resilience, Orloff asserts.
One of the most important lessons is the need for reliable power. Modern buildings depend on electricity for everything from access control to environmental systems. When power is lost, the consequences extend beyond inconvenience.
“You lose power, you can lose control of your building,” he says.
Orloff recommends that critical systems have redundancy built in. Backup generators, battery systems and redundant feeds help ensure that security functions remain operational during power outages. To avoid simultaneous failure, Orloff also recommends separating security technologies from other building systems.
While external threats often receive the most attention, insider risk remains one of the most significant and overlooked challenges, according to Orloff.
Employees have access to facilities, systems and information. The consequences can be severe when access gets misused, whether intentionally or unintentionally.
Regular audits of access logs and system usage is a simple and powerful way to identify unusual behavior before it escalates. It also underscores a broader point: many organizations already have the tools they need but are not using them to their full potential.
If there is one takeaway for facility managers navigating today’s uncertain landscape, it is the need to shift from reactive to proactive security.
That begins with understanding risk, continues with investing in the right systems and processes, and ultimately depends on training people to respond effectively.
Ronnie Wendt is a freelance writer based in Minocqua, Wisconsin.
