At a good conference, you often get bonus sessions in the form of hallway conversations with speakers and attendees. That happened at this year’s Critical Facilities Summit.
The topic was one that’s been much in the news recently: cyber security. Fred Gordy of Intelligent Buildings LLC and David Quirk of DLB Associates were talking after a session about BAS cyber risks. Gordy pointed out that “edge” devices (like controllers) that use BACnet IP are being put on the Internet even though these devices cannot be protected with passwords or user names. A hacker who gains access to one device can use discovery software to find — and take over — other devices on the network.
Risks like that show why facility managers should work closely with IT to make sure proper security measures are in place for the BAS. Unfortunately, observed Quirk, fears that the BAS may provide a point of entry to the enterprise network are leading some IT departments to refuse to allow the BAS to use the corporate network. IT should be doing just the opposite, Quirk said: Allow the BAS to reside on the network and manage security just as IT does for other major applications.
The upshot is plain enough. Facility managers who aren’t already working with IT on cyber security should start ASAP. Follow the example of an attendee who told me that, after hearing Gordy’s formal presentation, he had developed cyber security questions to talk to IT about.
The time is right for a conversation like that. The controversy surrounding hacked emails that roiled this year’s presidential election creates a logical opportunity to bring up the subject. Facility managers can take advantage of the headlines to address their own cyber security risks.