BUILDING SYSTEM CYBERSECURITY

BUILDING SYSTEM CYBERSECURITY

All buildings and their controls systems such as HVAC, lighting, fire life-safety, elevator and meters have some level of cybersecurity vulnerability.

For decades, well prior to the smart buildings movement, the manufacturers of control systems have been making their products dependent on local and wide-area networks and computers; yet those designing, specifying, installing and managing the systems such as architects, engineers, facility and property managers do not have information technology (IT) skill sets much less cybersecurity experience. Additionally, enterprise IT departments are not versed in the operational technologies (OT) that are used by building controls systems nor the culture of the contractors and local managers.

Additionally, building owners historically have an “out of site, out of mind” approach to their building control system inventory and risk status. Many of the best real estate organizations in the world do not know what systems, versions, configurations or connections exist in their buildings and also have frequent turnover with contractors, facility and property managers.

This condition applies to billions of square feet which has created an industry-wide vulnerability with consequential risk areas including:

•  Life Safety Risks
•  Equipment Failure
•  Productivity Loss
•  Network Hopping
•  Brand Damage
CYBERSAFECOMPASSSCORECARDVIDEO

BUILDING CYBER PRIMER

Back to top

BUILDING CYBER SCORECARD

We have developed the industry’s first cybersecurity assessment methodology specifically for building controls systems. This approach is based on the NIST (National Institute of Science and Technology) cybersecurity framework that has been widely accepted and includes the categories of identify, detect, protect, respond and recover. Beyond the NIST cyber framework we found that there were no subsequent methods or procedures for building controls systems (BCS), only for industrial controls systems (ICS). Hence, the creation of Building Controls Systems - Cyber Assessment Methods & Procedures (BCS-CAMP sm) and its Building Cybersecurity Evaluation Tool (BCET).

BCET will give you an objective score on each key category in the NIST framework and, more specifically, for each of the building control system sub-categories which will tell you exactly what you need to shore up to improve your score and reduce your risks.

We have developed the industry’s first cyber security assessment methodology specifically for building controls systems. This approach is based on the NIST (National Institute on Science and Technology) cyber security framework that has been widely accepted and includes the categories of identify, detect, protect, respond and recover. Beyond the NIST cyber framework we found that there were no subsequent methods or procedures for building controls systems (BCS), only for industrial controls systems (ICS). Hence, the creation of Building Controls Systems - Cyber Assessment Methods & Procedures (BCS-CAMP sm). 


BCS-CAMP sm will give you an objective score on each key category in the NIST framework and, more specifically, for each of the building control system sub-categories which will tell you exactly what you need to shore up to improve your score and reduce your risks.

Back to top

BUILDING CYBER COMPASS

Similar to our strategy compass, our building cybersecurity compass is a gap analysis that will identify where you are now as an organization and guide you on which areas you want to prioritize for budget, resources and timing.

Back to top

BUILDING OWNER CYBERSAFE SERVICES

It is essential that building owners change the historical dynamic of “out of site, out of mind” with their building control system inventory and risk status. Many of the best real estate organizations in the world do not know what systems, versions, configurations or connections exist in their buildings and also have frequent turnover with contractors, facility and property managers. Our building cybersecurity services are performed by skilled consultants and powered by purpose-built software tools that will assess, remediate, and monitor the risks no matter the staff or contractors servicing the building.

___________

___________

CONTRACTOR CYBERSAFE COMMISSIONING

Intelligent Buildings offers controls contractors a convenient third-party audit service that shows their customers they are utilizing building cybersecurity best practices in maintaining and connecting to the building controls systems. Whether or not the customer requires or provides a virtual private network (VPN) or other remote access requirements, it is essential that the contractor maintain rigid practices in controls profiles, configuration parameters and with the local controls network. Intelligent Buildings CyberSafe Commissioning develops control profiles to create cyber standardization of devices and system and then electronically audits configuration files to ensure the integrator and staff hold to these standards and are scored for compliance on a regular basis. This not only helps the building owner customer but also provides the contractor with a competitive advantage.
Back to top