BUILDING SYSTEM CYBER SECURITY

BUILDING SYSTEM CYBER SECURITY

All buildings and their controls systems such as  HVAC, lighting, fire life-safety, elevator and meters have some level of cyber security vulnerability. For decades the manufacturers of control systems have been making their products dependent on local and wide area networks and computers, yet those designing, specifying and managing the systems such as architects, engineers, facility and property managers do not have information technology (IT) skill sets much less cyber security experience.

While so-called smart buildings concern many because of their connected nature, the industry has had computer-driven, Internet-connected building systems for several decades amounting to millions of installed systems. This has created an industry-wide vulnerability with consequential risk areas including: 

•  Life Safety
•  Equipment Failure 
•  Productivity Loss
•  Network Hopping
•  Brand Damage
VIDEOSCORECARDCOMPASSCYBERSAFE

BUILDING CYBER PRIMER

Back to top

BUILDING CYBER SCORECARD

We have developed the industry’s first cyber security assessment methodology specifically for building controls systems. This approach is based on the NIST (National Institute of Science and Technology) cyber security framework that has been widely accepted and includes the categories of identify, detect, protect, respond and recover. Beyond the NIST cyber framework we found that there were no subsequent methods or procedures for building controls systems (BCS), only for industrial controls systems (ICS). Hence, the creation of Building Controls Systems - Cyber Assessment Methods & Procedures (BCS-CAMP sm). 


BCS-CAMP sm will give you an objective score on each key category in the NIST framework and, more specifically, for each of the building control system sub-categories which will tell you exactly what you need to shore up to improve your score and reduce your risks.

We have developed the industry’s first cyber security assessment methodology specifically for building controls systems. This approach is based on the NIST (National Institute on Science and Technology) cyber security framework that has been widely accepted and includes the categories of identify, detect, protect, respond and recover. Beyond the NIST cyber framework we found that there were no subsequent methods or procedures for building controls systems (BCS), only for industrial controls systems (ICS). Hence, the creation of Building Controls Systems - Cyber Assessment Methods & Procedures (BCS-CAMP sm). 


BCS-CAMP sm will give you an objective score on each key category in the NIST framework and, more specifically, for each of the building control system sub-categories which will tell you exactly what you need to shore up to improve your score and reduce your risks.

Back to top

BUILDING CYBER COMPASS

Similar to our strategy compass, our building cyber security compass will identify where you are now as an organization and guide you on which areas you want to prioritize for budget, resources and timing.

Back to top

CYBERSAFE BUILDING MONITORING

After assessing, prioritizing and remediating your building cyber security risks, ongoing management is essential. There are three key functional areas that must be continuously monitored: 

IB Gate

Remote Access 

Both vendors and staff should access building controls systems through a purpose-built, secure-access cloud. This will authenticate users before allowing them to access the building systems through a virtual private network (VPN). The connection point at the building can only communicate with the authentication cloud and no other entry method is allowed. 

IB Scan

System Configuration

Even authenticated users must adhere to policies and best practices after they have accessed the control system(s) remotely. Password change frequency, password custody, authorized user lists and other critical policy can be monitored and automatically flagged when out of compliance.

IB Watch

Network Traffic

Even when remote access is properly managed, organizations are at risk from internal or in-building breaches. This can be the result of network hopping, physical connections on-site or other "back door" methods. Unlike traditional IT networks, these networks include building automation and control system "field devices". We will establish and document the normal network traffic patterns and automatically flag any unauthorized connections.

Back to top