SlideShare una empresa de Scribd logo

Be wp cybersmart_buildings

J
JeremyGarcia46

cyber smart buildings

Tecnología
1 de 11
Descargar para leer sin conexión
CYBERSMART BUILDINGSSECURING YOUR INVESTMENTS IN CONNECTIVITY AND AUTOMATION February 2017 In partnership with
2 Smart buildings are not an option for the 21st Century – they are a necessity. These agile, responsive environments leverage building data to optimize operations and lower facility costs, while increasing safety and sustainability. Smart buildings adapt to occupancy needs in real time, while optimizing energy usage as much as possible. They often connect internal systems – HVAC controls, data networks, power management, etc. – with external networks to more efficiently monitor and manage building operations. Building owners, operators and managers have traditionally evaluated and purchased smart building capabilities based on business criteria such as functionality, efficiency, cost, reliability and quality. But as you evaluate your next investment, cybersecurity must also be a factor. As access to building data and operational systems increases, so do the challenges associated with securing the smart building environment. The same capabilities that provide beneficial new features – such as remotely accessible performance analytics or carbon-emission monitoring, can also introduce cyber risk to your occupants and your bottom line. It is no longer enough for a building to be smart – it must now be cybersmart. “Defending against cyber threats today and tomorrow requires the secure design, development and deployment of building automation systems and controls,” said Bill Jackson, president of global products for Johnson Controls, regarding a recently announced partnership with the U.S. Department of Homeland Security on cybersecurity for building automation systems. Cyber threat actors have demonstrated capability and intent in hacking building automation systems, safety systems and critical environmental technology. Not every connected product is inherently valuable, but accessing a given system can provide a gateway into more sensitive data and systems. For example, hackers have exploited vulnerabilities in HVAC contractor credentials and payment systems as the entry point into a retailers’ corporate networks, where they ultimately extracted credit card information. And as the number of sensors and devices talking to one another increases, threat actors can exploit building automation systems to access more data and critical systems than ever before. Data breaches, however, shouldn’t be your only concern. Now, as automated systems control more of our environment, there’s also increased potential for attackers to create physical incidents through cyber means.   IMPACT FOR PRIVATE AND PUBLIC SECTORS Corporations and government agencies at all levels – federal, state and local – have taken significant steps to prevent cyber threats to building controls systems. The Unified Facilities Criteria, published by the United States Department of Defense, states: “While the inclusion of cybersecurity during the design and construction of control systems will increase the cost of both design and construction, it is more cost-effective to implement these security controls starting at design than to implement them on a designed and installed system. Historically, control systems have not included these cybersecurity requirements, so the addition of these cybersecurity requirements will increase both cost and security. The increase in cost will be lower than the increase in cost of applying these requirements after design.” THE RISKS AND REWARDS OF SMART BUILDINGS ARE REAL From sci-fi to reality: Envisioning cyber attacks on smart buildings This new age of connectivity and automation creates tremendous opportunity. Without the proper cyber protections, however, smart buildings can be vulnerable to potential cyber incidents. Risk scenarios include: 1. Shutting down heating or cooling for sensitive locations, such as pharmaceutical or food processing plants 2. Manipulating cooling settings on an HVAC system in a corporate building, creating significant business disruption and lost productivity 3. Shutting down cooling or power management functions for a data center, destroying IT equipment and taking business- critical applications offline 4. Gaining unauthorized access to an internet-connected physical security system to enable kinetic attacks EXECUTIVE SUMMARY
3 According to the 2016 State of Industrial Control System (ICS) Security Survey by SANS, 67% of participants perceived severe or high levels of threat to control systems, up from 43% in 2015. Smart buildings are now at the forefront of this battle—with tremendous complexity and integration of systems, they represent an increasingly valuable target. A CALL TO ACTION Connectivity and automation create entry points for cyber attacks with potential safety, continuity, quality and privacy impact. But we can’t let this risk cripple innovation. This is your chance to get it right; to secure your investment by tackling this challenge head-on. So we challenge you to reverse old mindsets: cybersecurity isn’t a tax on the business, it’s not simply an IT issue, and it certainly shouldn’t be a scare tactic. It’s a business enabler for smart buildings. When done well, cybersecurity is about insuring your investment and assuring your ability to reap the transformative benefits that connectivity offers. At Johnson Controls and Booz Allen, we’ve learned that inaction puts you at a competitive disadvantage. With our experience delivering cyber strategy, technology and analytics in smart building environments, we get the critical need to harness the power of building data – smartly and securely. And this paper summarizes key insights to help you set your agenda for cybersmart buildings. Your first step: define your strategy to work with the right partners to secure your investments when assessing and deploying smart building systems or retrofits. This entails defining the challenge, making cyber a business priority, operating with a risk management mindset, and integrating cyber capabilities across the building lifecycle. "INVESTING IN SMART BUILDINGS IS GOOD BUSINESS. BUT INVESTING IN CYBERSMART BUILDINGS—THAT’S GREAT BUSINESS. WITHOUT SECURITY, THE TRULY TRANSFORMATIVE BENEFITS OF CONNECTIVITY AND AUTOMATION ARE AT RISK. EMBRACING CYBER SECURITY MEANS PROTECTING YOUR CUSTOMERS AND YOUR BOTTOM LINE.” –SEDAR LABARRE, VICE PRESIDENT, BOOZ ALLEN HAMILTON
4 Smart buildings offer valuable new capabilities and features through a connected web of digitally-enabled devices, networks, and applications. Your building can automatically change the temperature of rooms based on occupancy and weather forecasts. It can alert your physical security team when an unknown individual is on camera entering a protected area. It can optimize energy usage and prevent problems before they arise. As a link between physical and digital worlds, smart building technologies use key features of connectivity, automation, open architecture, and interoperability to share data that helps optimize total performance of buildings, businesses, and occupants. Bringing together historically-isolated systems (below), smart buildings have unparalleled power to drive effectiveness and efficiency. Deploying Internet of Things (IoT) sensors and devices offers new sources of data to inform automation and provide analytical insights that improve efficiency. They enable unified, centralized access and control across a variety of building management and operations systems. Systems are running on Internet Protocol (IP) networks, integrated with each other to provide enhanced automation and remote connectivity. And cloud-enabled systems bring accessibility, scalability, and cost savings to smart building systems. Increased connectivity and automation present immense business value. The spectrum of innovation is broad, but even limited integration can yield valuable results. This continued digital evolution, however, also presents a range of cybersecurity concerns that smart building owners, operators, and managers need to seriously consider. MULTIPLE PROPRIETARY SYSTEMS Data Network Voice Network Power Management Video Surveillance Fire Alarm HVAC Control Lighting Control Audio Visual Video Distribution Access Control Multiple Management Consoles for Individual System Controls ONE NETWORK Data Network Voice Network Power Management Video Surveillance Fire Alarm HVAC Control Lighting Control Audio Visual Video Distribution Access Control Local Remote Multifunction Centralized Management Consoles MULTIPLE NETWORKED BUILDINGS YOUR BUILDING IS “TALKING” Smart buildings bring together various operational systems under one network, so owners and operators can efficiently, centrally manage their buildings.
5 In a 2015 Industrial Control Systems Cyber Emergency Response Team (ICS- CERT) report, its critical infrastructure members faced a 74% increase in security vulnerabilities across connected control system infrastructures1 . And this rapid growth in cyber vulnerabilities means that smart building owners, operators, and managers must implement appropriate cyber protections, or they will face business risk. Risk that white hat hackers or researchers discover and publicize a vulnerability without following a coordinated disclosure process. Risk that hackers compromise your building to use it in a DDoS attack, or that criminals will seek out and profit from selling valuable data streams. Risk that state-sponsored organizations will tap in to sensitive business or personal information, or that terrorist groups will disrupt critical systems or create safety hazards. All of this from miles away. Recent outlooks on the cyber threat environment substantiate that control system infrastructures, like building automation systems, are increasingly the target focus of a range of cyber threat actors. In addition to an increase in customized malware developed to target control systems, the building-relevant cyber threat environment is expanding across a variety of threat actors, attack vectors, and methods. Recent headlines tell us that these scenarios aren’t just futuristic examples. This risk is real today. News stories abound, demonstrating that there is both motivation and capability to attack smart buildings: RESEARCHERS HACK BUILDING CONTROL SYSTEM AT A LARGE INTERNET SEARCH PROVIDER2 Security researchers hacked a vulnerable, unpatched building management system of a large internet search provider. This effort allowed the researchers to obtain administrative access to digital building control panels. Although not executed, the researchers could have taken command and control of the entire operating system. HACKER TAKES CONTROL OF HUNDREDS OF ROOMS IN HIGH- TECH CHINESE HOTEL3 As with many facilities that provide network access as a benefit to their guests, the five-star hotel in China was vulnerable. In this case, an ethical hacker tapped into the network of his highly- automated hotel room and was able to take control of hundreds of similar rooms throughout the building. If the proper safeguards aren’t in place, threat actors may be able to manipulate control systems (e.g., lights, temperature, digital locks) and steal private data of hotel guests. INTERNET OF THINGS DEVICES AT THE CENTER OF BIGGEST CYBER ATTACK IN HISTORY4 The largest distributed denial-of-service (DDoS) attack in history (to date) targeted Domain Name System (DNS) provider Dyn, causing major Internet outages to populations in Europe and North America. The attack was executed through a botnet consisting of a large number of Internet-connected devices (e.g., IP cameras, digital recorders, printers) that had been infected with malware. Many of these same devices are those installed throughout smart buildings. CYBER HACKING LEADS HOTEL TO RE-THINK ITS SMART BUILDING INNOVATIONS A luxurious four-star hotel in Austria was recently victimized by a series of cyber attacks. After the fourth incident, the hotel’s managing director communicated that the facility’s electronic keycard systems were infected by ransomware, preventing staff from programming room keys for arriving guests. After paying the bitcoin ransom several times over, hotel management decided to move away from room key automation, and revert back to a physical key system, similar to the one used over 100 years ago upon the hotel’s opening. The proper cyber protections are key to adoption of smart building innovations.5 WHERE THERE IS CONNECTIVITY, THERE IS CYBER RISK
6 To address this cyber risk, owners, operators, and managers need to embrace the challenge. Protecting a smart building shares some principles to protecting enterprise IT, but there are significant differences. What makes securing a building a distinct, new challenge? Cyber incident impact can be far worse. You face a unique challenge—you’re not just susceptible to data breaches and IT service disruptions; building automation systems affect things in the physical world. As you connect your systems to IP networks, external access, and the cloud, there’s potential for cyber threat actors to affect safety and take down business operations. Old and multi-generational building infrastructure limits what you can do. Building investments are big. Unlike your smartphone that you replace almost every year, these capital assets are built to last decades. And until about five years ago, security wasn’t even a thought in the design process. What you have now is a mix of old and new infrastructure. With this variety, it inherently limits the types of security protections that you can “layer” into the smart building environment. There are no holistic “plug and play” cyber solutions. Securing the smart building environment takes a blended approach of risk-based planning, security architecture, technology, processes, and people skills. This is well-codified and packaged by vendors in the IT security realm, but not for building automation systems. And because every building installation tends to be so custom, designing appropriate security solutions takes a sharp eye and a diversity of puzzle pieces. You can’t go it alone. Cyber-relevant stakeholders live outside your IT shop— they extend across your business, as well as far beyond the walls of your organization. Integrating a variety of stakeholders with diverse experience and expertise is the only way to secure your increasingly complex risk landscape (See next page). To realize the full potential of your investments in smart buildings, you need to protect against the evolving cyber risk landscape. This means acknowledging what makes it a unique environment and bringing the right stakeholders in to help you outpace the rapid growth of a building-focused cyber threat.   Manufacturers of IoT devices need to focus on cyber secure design, development and deployment... [while] consumers of IoT devices must prioritize security in those devices.” – Jason Rosselot, Director of Global Product Security at Johnson Controls (“Rise of the IoT machines,” CSO Online, 25 Oct 2016) A NEW WORLD OF RISK “DEFENDING AGAINST CYBER THREATS TODAY AND TOMORROW REQUIRES THE SECURE DESIGN, DEVELOPMENT AND DEPLOYMENT OF BUILDING AUTOMATION SYSTEMS AND CONTROLS.” –BILL JACKSON, PRESIDENT OF GLOBAL PRODUCTS FOR JOHNSON CONTROLS
7 Building Owner: Advocates for cyber security as a core risk management activity for ensuring a sound investment. Building Operator: Plays key role in influencing how cyber is integrated into a building management system and its daily operations. Consulting Engineer: Understands how to integrate security into technical building architecture. Architect: Uses design role for physical security and safety to determine priorities for cyber-threat mitigation. General Contractor: Identifies and contracts cyber-ready partners and suppliers for key building technologies. Integrator: Brings together the proper mix of cyber- ready vendors and partners who can fully integrate diverse building technologies. Manufacturer: Employs secure product lifecycle across the design, build, distribution, and maintenance of smart building devices and systems. New Market Player: Introduces feature-laden products and services to smart buildings, but can present real cyber risk if not done thoughtfully. Occupant/Tenant: Benefits regularly from the features of cybersmart buildings, but must be cautious to not introduce risk through poor behavior. Visitor: Represents a potential advocate for having a secure experience in a smart building, but can also bring unwanted attention if the experience is subpar. HOW CAN KEY BUILDING STAKEHOLDERS SUPPORT CYBER SECURITY? EXTERNAL STAKEHOLDERS INTERNAL STAKEHOLDERS Legal, Safety, Privacy: Deciphers cyber and privacy requirements for regulatory compliance. Procurement: Drives the acquisition process in procuring cyber-ready suppliers and vendors. Marketing Communications: Carries the cyber message forward to your customers and stakeholders, both internal and external. Enterprise Risk Management: Guides strategic risk priorities and influences overall cyber investment portfolio. Finance: Serves as key influencer in prioritizing and guiding fund allocations for security IT: Brings internal technology to life and is typically the accountable entity for ensuring cyber security is happening across the enterprise. Audit: Reviews operationalized cyber security compliance against both regulatory and internal policies. Crisis Management Business Continuity: Provides a company’s backbone capabilities for incident management, including security.
8 Yes, the risk is real. But there’s no need for security hysterics. There is tremendous business value in embracing building automation—including cost savings, efficiency, and convenience. So don’t halt your plans. Instead, protect your investment, and maximize its potential. A smart approach starts with a strategy and framework to guide consistent actions based on your risk landscape. We recommend five foundational steps to frame the challenge, gain quick wins, and start gaining real traction. 1. OBSERVE AND ORIENT AROUND YOUR SPECIFIC CHALLENGE. Building operators and managers can learn a lot from military decision-making when it comes to cybersecurity. Out of the gate, when designing infrastructure from scratch or securing legacy building systems, you need to decide which elements of your smart building matter the most. Is it your connected physical security system? What about ensuring continuous uptime of an on- premises data center? You can’t afford to secure everything with the highest degrees of assurance, but make sure you prioritize what matters to your business. From here, you’ll want to map the available attack surface – take an adversary’s perspective and “red team” (i.e., discover) the available pathways to sensitive assets. And to make sure your concerns are justified, roll in some credible cyber threat intelligence that helps you understand the likelihood of different threat actors actually targeting your infrastructure, and how they would do it. Collectively, this systematic process helps you understand what the real cyber risk landscape looks like, and prepares you with a tailored map to take action against. 2. FORGET OLD SILOS— CYBERSECURITY REQUIRES CROSS- FUNCTIONAL TEAMING. For cyber risks to be well managed, you need involvement and buy-in from across the business. IT, cybersecurity, and facility teams typically have the expertise and the access to take the lead. Working together as one cohesive unit, they also need to coordinate with a range of internal and external stakeholders. Externally, work with business partners and vendors that materially invest in and value cybersecurity. You need to ensure that you work with trusted partners who are committed to the right policies, products, services and talent. Security can’t be an afterthought—it needs to be a primary feature of a third party’s stated value proposition. 3. CHANGE THE CULTURE – SPEAK UP FOR CYBERSMART BUILDINGS. Make sure this issue is heard loud and clear within your leadership community and with internal and external stakeholders. Even with the smartest team, the most expert capabilities, and the most advanced technology solutions, cybersecurity will fail unless you have support from across your ecosystem. Smart building owners, operators, and managers need to build a corporate culture that understands the intrinsic relationship between cybersecurity and the future of your business. Talk to them about the importance of getting this right, including the ROI and their roles in security. Consider the right mechanisms to engage your senior leaders and your junior staff. Roadshows, risk education, and exercises can help build consensus on opportunity and risk. This is some of the hardest work you’ll do, but also the most foundational. WHAT TO DO Applying Military-Grade Security for Smart Buildings At federal and military sites, financial institutions, pharmaceutical companies, hospitals, and high-tech companies and labs, low latency and system integrity are paramount. In these environments, deploying a highly secure, hardened network engine is a must. The Johnson Controls building automation system (BAS) development team saw this need, and got to work with its government and commercial clients to build best-in-class, military-grade security for BAS applications. The result is the recently-released Metasys® secure network automation engine (NAE-S). This new engine provides customers a stronger line of defense against cyber threats to building networks with its new embedded technology designed to shield critical infrastructure against cyber-attacks. Its encryption module encrypts data traveling on the network so that sensitive information cannot be accessed by unauthorized users. This new capability dynamically validates and secures protocol communications. It also secures vulnerable routes in the BAS used to control building operations, providing true end-to-end protection from commonly used hacking techniques.
4. BUILD THE RIGHT CAPABILITIES TO ENABLE – NOT HINDER – SMART BUILDING ADOPTION. You can’t just put security technologies in place and claim victory around cyber. Technical solutions are an important piece of the puzzle, but you need to balance deploying technological tools with investments in people and processes. Incorporate cybersecurity across the smart building lifecycle, being careful not to overburden the process. What core functions will help? 5. FINALLY, GET OPERATIONAL. Checking the box on today’s threat does not mean you’re prepared for tomorrow. A compliance-focused approach to all of the above can have detrimental effects if you stop there. You’re dealing with an ever-evolving adversary, which means you need a security professional’s mindset to defeat them. Your audit team can provide that external assessment of compliance and effectiveness. But your task is to focus on risk and protect your territory. Continually monitor internal and external intelligence to understand your ever-changing risk profile. Find allies — like building controls manufacturers and analytics service providers with a demonstrated commitment to product security—to help you stay ahead. Have a plan, but be prepared to continually evolve. This will help you sleep at night, for years to come. 9 Lifecycle Phase Cyber Capabilities and Descriptions Core Functions Checklist Consider Security Requirements. Include security solutions as part of all specification processes. Work with vendors and technical partners to prioritize security as an integral part of any connected smart building solution. Define how you want the vendor to integrate with your existing network, preferably leveraging a separate network segment for building automation systems. Use system retrofits as opportunities to include the latest security protocols. Be prepared to articulate the budget for security operations throughout the building lifecycle. ▫▫ Security Policy ▫▫ Compliance ▫▫ Planning Design Assess. Set a consistent assessment framework to evaluate security vendors and their solutions. Favor companies that demonstrate a program that implements secure design and coding practices, and that have a mature vulnerability management program to ensure that product vulnerabilities are discovered, remedied, and patched in a timely manner. Recognize that business imperatives—like cost—may supersede security concerns. So design a framework that evaluates the security implications and tradeoffs of integrations between legacy and new systems, but provides flexibility for add-on security controls you can deploy to help minimize identified risks. ▫▫ Third-Party Risk Management ▫▫ Risk Assessments Build in Security. Understand vendor recommendations for how to securely deploy building automation systems and work with your IT department to follow those guidelines, and how to add additional controls over and above vendor recommendations based on your compliance and risk needs. Design is important, but how a system is architected and deployed—particularly in the areas of secure network design and remote access capabilities—is critical to monitoring and minimizing your risk. ▫▫ Security Architecture ▫▫ Identity Access Management ▫▫ Information Protection ▫▫ Secure Product Coding Testing Update Regularly. Maintain a software subscription service and preventive service agreement with your integrator. Building controls manufacturers typically “patch forward”, so keeping your systems at the latest software revisions is critical to maintaining a cybersmart building. Ensure that you understand how long the vendor will provide security updates and support for the systems, and ensure you have an exit strategy for replacement prior to a system’s end of life. ▫▫ Vulnerability Management ▫▫ Service Level Agreements Test, Monitor, and Respond. Know your risk. Maintain situational awareness on what’s connected. Develop and implement an assessment framework that will identify security maturity across all domains in your ecosystem. Diligently and regularly stress-test your assumptions and technical vulnerabilities. Continuously monitor for indicators of an incident. Triage and escalate issues based on a predetermined set of trigger criteria. When needed, lead a whole-of-business response to maintain customer trust as you work with your vendors to deploy the right fixes. ▫▫ Asset Management ▫▫ Security Monitoring ▫▫ Red Teaming ▫▫ Threat Intelligence ▫▫ Incident Response ▫▫ Exercises AcquisitionDeploymentOperationsandMaintenance
The smart building industry has an opportunity and an obligation to proactively address cyber risk. As the world evolves to smart neighborhoods and smart cities, the challenge will only grow. Addressing the pervasive and complex cyber challenge is pivotal to capturing real return on your investment in a smart building. It protects your brand and, most critically, the safety and privacy of your tenants and visitors. Acting today helps you stay ahead of the cyber threat, reducing the likelihood of the ominous 3AM call. It also gives owners, operators, and managers a differentiator for their business. We’re in a security whitespace for now. The U.S. National Institute of Standards and Technology (NIST) and Department of Homeland Security (DHS) have put out initial best practices guidance for securing smart buildings6 , but cyber regulation doesn’t yet rule the day in most sectors. Early movers have the opportunity to shape security standards, while influencing vendors and service providers. That equates to business and security benefits. Getting cyber right matters. But you don’t need to overhype and over-invest in the challenge. Whether you’re looking to retrofit or deploy smart building technology from scratch, you have the ability to act now, and make your approach business-as-usual. First, take a strategic approach by defining a framework and engaging the right team. Next, put your plan into action by developing technical and risk management capabilities that will ensure your smart facilities are safe and secure. Seize this window of opportunity. YOUR WINDOW OF OPPORTUNITY 1 https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/NCCIC_ICS-CERT_FY%202015_Annual_Vulnerability_Coordination_Report_S508C.pdf 2 https://www.wired.com/2013/05/googles-control-system-hacked/ 3 http://www.scmp.com/news/china/article/1561458/hacker-takes-control-hundreds-rooms-hi-tech-shenzhen-hotel 4 http://www.memoori.com/internet-things-devices-center-biggest-cyber-attack-history/ 5 http://www.wired.co.uk/article/austria-hotel-ransomware-true-doors-lock-hackers (2/2/17) 6 http://www.federaltimes.com/articles/nist-unveils-internet-of-things-cybersecurity-guidance ; https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_ Securing_the_Internet_of_Things-2016-1115-FINAL....pdf 7 http://www.forbes.com/sites/pikeresearch/2016/09/13/cybersecurity-and-intelligent-buildings/2/ “The threat of cyber security is beginning to change attitudes and has created interesting challenges in the commercial building controls market. Awareness and education of building owners and operators remain a persistent challenge. However, even building owners and operators who are aware of and concerned about the vulnerabilities of their building systems are often unaware of what to do about the threat7 .” Forbes, 13 September 2016 10
Sedar LaBarre Vice President labarre_sedar@bah.com Matthew Doan Senior Associate doan_matthew@bah.com About Johnson Controls Johnson Controls is a global diversified technology and multi industrial leader serving a wide range of customers in more than 150 countries. Our 130,000 employees create intelligent buildings, efficient energy solutions, integrated infrastructure and next generation transportation systems that work seamlessly together to deliver on the promise of smart cities and communities. Our commitment to sustainability dates back to our roots in 1885, with the invention of the first electric room thermostat. We are committed to helping our customers win and creating greater value for all of our stakeholders through strategic focus on our buildings and energy growth platforms. For additional information, please visit http://www.johnsoncontrols.com or follow us @johnsoncontrols on Twitter. About Booz Allen Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering, and innovation expertise. With international headquarters in McLean, Virginia, the firm employs more than 22,600 people globally and had revenue of $5.41 billion for the 12 months ended March 31, 2016. To learn more, visit BoozAllen.com. (NYSE: BAH) © 2017 Booz Allen Hamilton, Inc. Johnson Controls Contact Jason Rosselot Director jason.r.rosselot@jci.com Alex Runner Director alex.e.runner@jci.com Contact

Recomendados

Emerging Risks, BCP & DRP
Emerging Risks, BCP & DRPEmerging Risks, BCP & DRP
Emerging Risks, BCP & DRPJorge Sebastiao
 
CABA Whitepaper - Cybersecurity in Smart Buildings
CABA Whitepaper - Cybersecurity in Smart BuildingsCABA Whitepaper - Cybersecurity in Smart Buildings
CABA Whitepaper - Cybersecurity in Smart BuildingsIron Mountain
 
The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017Merry D'souza
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public versionIBM Sverige
 
Cognitive security
Cognitive securityCognitive security
Cognitive securityIqra khalil
 
IRJET- Cloud-Based Optimisation Approach to Joint Cyber Security and Insu...
IRJET- Cloud-Based Optimisation Approach to Joint Cyber Security and Insu...IRJET- Cloud-Based Optimisation Approach to Joint Cyber Security and Insu...
IRJET- Cloud-Based Optimisation Approach to Joint Cyber Security and Insu...IRJET Journal
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 

Recomendados

Emerging Risks, BCP & DRP
Emerging Risks, BCP & DRPEmerging Risks, BCP & DRP
Emerging Risks, BCP & DRPJorge Sebastiao
 
CABA Whitepaper - Cybersecurity in Smart Buildings
CABA Whitepaper - Cybersecurity in Smart BuildingsCABA Whitepaper - Cybersecurity in Smart Buildings
CABA Whitepaper - Cybersecurity in Smart BuildingsIron Mountain
 
The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017The 10 most trusted companies in enterprise security for dec 2017
The 10 most trusted companies in enterprise security for dec 2017Merry D'souza
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public versionIBM Sverige
 
Cognitive security
Cognitive securityCognitive security
Cognitive securityIqra khalil
 
IRJET- Cloud-Based Optimisation Approach to Joint Cyber Security and Insu...
IRJET- Cloud-Based Optimisation Approach to Joint Cyber Security and Insu...IRJET- Cloud-Based Optimisation Approach to Joint Cyber Security and Insu...
IRJET- Cloud-Based Optimisation Approach to Joint Cyber Security and Insu...IRJET Journal
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationBooz Allen Hamilton
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityRedspin, Inc.
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.Merry D'souza
 
What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsBill Burns
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Redspin, Inc.
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of securitySouthern Cross Group Services
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
 
What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?Nixu Corporation
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesWavestone
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesCompTIA
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanianeletseditorial
 
Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017José Carlos Álvarez
 
Cloud based security threats with present challenges and opportunities for ma...
Cloud based security threats with present challenges and opportunities for ma...Cloud based security threats with present challenges and opportunities for ma...
Cloud based security threats with present challenges and opportunities for ma...eSAT Publishing House
 
Business Logic Monitoring Primer
Business Logic Monitoring PrimerBusiness Logic Monitoring Primer
Business Logic Monitoring PrimerRocco Magnotta
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Security
 
Securing Smart Cities
Securing Smart CitiesSecuring Smart Cities
Securing Smart CitiesJames '​-- Mckinlay
 
Cyber Security in Smart Buildings
Cyber Security in Smart Buildings Cyber Security in Smart Buildings
Cyber Security in Smart Buildings GAURAV. H .TANDON
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity TrendsIRJET Journal
 
Can you trust your smart building
Can you trust your smart buildingCan you trust your smart building
Can you trust your smart buildingDuncan Purves
 

Más contenido relacionado

La actualidad más candente

PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityRedspin, Inc.
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.Merry D'souza
 
What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsBill Burns
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Redspin, Inc.
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
 
What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?Nixu Corporation
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesWavestone
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesCompTIA
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Cloud based security threats with present challenges and opportunities for ma...
Cloud based security threats with present challenges and opportunities for ma...Cloud based security threats with present challenges and opportunities for ma...
Cloud based security threats with present challenges and opportunities for ma...eSAT Publishing House
 
Business Logic Monitoring Primer
Business Logic Monitoring PrimerBusiness Logic Monitoring Primer
Business Logic Monitoring PrimerRocco Magnotta
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Security
 

La actualidad más candente (18)

PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.
 
What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burns
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based security
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Security
 
What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?
 
The Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devicesThe Internet of Things: the 4 security dimensions of smart devices
The Internet of Things: the 4 security dimensions of smart devices
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for Businesses
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017Aensis Cyber_Sec 2017
Aensis Cyber_Sec 2017
 
Cloud based security threats with present challenges and opportunities for ma...
Cloud based security threats with present challenges and opportunities for ma...Cloud based security threats with present challenges and opportunities for ma...
Cloud based security threats with present challenges and opportunities for ma...
 
Business Logic Monitoring Primer
Business Logic Monitoring PrimerBusiness Logic Monitoring Primer
Business Logic Monitoring Primer
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions Roadmap
 

Similar a Be wp cybersmart_buildings

Cyber Security in Smart Buildings
Cyber Security in Smart Buildings Cyber Security in Smart Buildings
Cyber Security in Smart Buildings GAURAV. H .TANDON
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity TrendsIRJET Journal
 
Can you trust your smart building
Can you trust your smart buildingCan you trust your smart building
Can you trust your smart buildingDuncan Purves
 
ICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceAustin Eppstein
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15shed59
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainDavid J Rosenthal
 
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE코리아
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Axenttech Property
Axenttech PropertyAxenttech Property
Axenttech Propertygladwynlewis
 
Ey managing-real-estate-cybersecurity
Ey managing-real-estate-cybersecurityEy managing-real-estate-cybersecurity
Ey managing-real-estate-cybersecuritycrazyivan389
 
Powering up the shocking truth about cyber security in the energy industry - ...
Powering up the shocking truth about cyber security in the energy industry - ...Powering up the shocking truth about cyber security in the energy industry - ...
Powering up the shocking truth about cyber security in the energy industry - ...online Marketing
 
Top Technology Trends in Insurance Domain.pdf
Top Technology Trends in Insurance Domain.pdfTop Technology Trends in Insurance Domain.pdf
Top Technology Trends in Insurance Domain.pdfledumsd
 
supply chain management.pptx
supply chain management.pptxsupply chain management.pptx
supply chain management.pptxMinnySkyy
 
Cybersecurity Improvement eBook
Cybersecurity Improvement eBookCybersecurity Improvement eBook
Cybersecurity Improvement eBookPablo Junco
 

Similar a Be wp cybersmart_buildings (20)

Securing Smart Cities
Securing Smart CitiesSecuring Smart Cities
Securing Smart Cities
 
Cyber Security in Smart Buildings
Cyber Security in Smart Buildings Cyber Security in Smart Buildings
Cyber Security in Smart Buildings
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity Trends
 
Can you trust your smart building
Can you trust your smart buildingCan you trust your smart building
Can you trust your smart building
 
ICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceICS_WhitePaper_Darktrace
ICS_WhitePaper_Darktrace
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_final
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)GE디지털 월드테크 브로셔(GE Digital Wurldtech)
GE디지털 월드테크 브로셔(GE Digital Wurldtech)
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
Axenttech Property
Axenttech PropertyAxenttech Property
Axenttech Property
 
Ey managing-real-estate-cybersecurity
Ey managing-real-estate-cybersecurityEy managing-real-estate-cybersecurity
Ey managing-real-estate-cybersecurity
 
Powering up the shocking truth about cyber security in the energy industry - ...
Powering up the shocking truth about cyber security in the energy industry - ...Powering up the shocking truth about cyber security in the energy industry - ...
Powering up the shocking truth about cyber security in the energy industry - ...
 
Top Technology Trends in Insurance Domain.pdf
Top Technology Trends in Insurance Domain.pdfTop Technology Trends in Insurance Domain.pdf
Top Technology Trends in Insurance Domain.pdf
 
SMACIC_Clean
SMACIC_CleanSMACIC_Clean
SMACIC_Clean
 
supply chain management.pptx
supply chain management.pptxsupply chain management.pptx
supply chain management.pptx
 
Cybersecurity Improvement eBook
Cybersecurity Improvement eBookCybersecurity Improvement eBook
Cybersecurity Improvement eBook
 
IntelAdapt
IntelAdaptIntelAdapt
IntelAdapt
 

Más de JeremyGarcia46

Simplex networking overview_brochure
Simplex networking overview_brochureSimplex networking overview_brochure
Simplex networking overview_brochureJeremyGarcia46
 
Simplex 5 reasons emergency communications
Simplex 5 reasons emergency communications Simplex 5 reasons emergency communications
Simplex 5 reasons emergency communications JeremyGarcia46
 
Johnson+controls+healthcare+brochure
Johnson+controls+healthcare+brochureJohnson+controls+healthcare+brochure
Johnson+controls+healthcare+brochureJeremyGarcia46
 
Gunshot detection sheet
Gunshot detection sheetGunshot detection sheet
Gunshot detection sheetJeremyGarcia46
 
Bts whitepaper waterdeliverytime
Bts whitepaper waterdeliverytimeBts whitepaper waterdeliverytime
Bts whitepaper waterdeliverytimeJeremyGarcia46
 
Bts whitepaper addressinglifesafetychallengesinindustrialsettings
Bts whitepaper addressinglifesafetychallengesinindustrialsettingsBts whitepaper addressinglifesafetychallengesinindustrialsettings
Bts whitepaper addressinglifesafetychallengesinindustrialsettingsJeremyGarcia46
 
Bts l1summary maintainingfireextinguisherfunctionality
Bts l1summary maintainingfireextinguisherfunctionalityBts l1summary maintainingfireextinguisherfunctionality
Bts l1summary maintainingfireextinguisherfunctionalityJeremyGarcia46
 
Bts l1summary 5yearobstructioninspectionservice
Bts l1summary 5yearobstructioninspectionserviceBts l1summary 5yearobstructioninspectionservice
Bts l1summary 5yearobstructioninspectionserviceJeremyGarcia46
 
Be wp cybersmart_buildings (1)
Be wp cybersmart_buildings (1)Be wp cybersmart_buildings (1)
Be wp cybersmart_buildings (1)JeremyGarcia46
 
Be brochure roc_fire_security
Be brochure roc_fire_securityBe brochure roc_fire_security
Be brochure roc_fire_securityJeremyGarcia46
 

Más de JeremyGarcia46 (13)

Simplex networking overview_brochure
Simplex networking overview_brochureSimplex networking overview_brochure
Simplex networking overview_brochure
 
Simplex 5 reasons emergency communications
Simplex 5 reasons emergency communications Simplex 5 reasons emergency communications
Simplex 5 reasons emergency communications
 
Sg+mes hview
Sg+mes hviewSg+mes hview
Sg+mes hview
 
Johnson+controls+healthcare+brochure
Johnson+controls+healthcare+brochureJohnson+controls+healthcare+brochure
Johnson+controls+healthcare+brochure
 
Gunshot detection sheet
Gunshot detection sheetGunshot detection sheet
Gunshot detection sheet
 
Bts whitepaper waterdeliverytime
Bts whitepaper waterdeliverytimeBts whitepaper waterdeliverytime
Bts whitepaper waterdeliverytime
 
Bts whitepaper addressinglifesafetychallengesinindustrialsettings
Bts whitepaper addressinglifesafetychallengesinindustrialsettingsBts whitepaper addressinglifesafetychallengesinindustrialsettings
Bts whitepaper addressinglifesafetychallengesinindustrialsettings
 
Bts l1summary maintainingfireextinguisherfunctionality
Bts l1summary maintainingfireextinguisherfunctionalityBts l1summary maintainingfireextinguisherfunctionality
Bts l1summary maintainingfireextinguisherfunctionality
 
Bts l1summary 5yearobstructioninspectionservice
Bts l1summary 5yearobstructioninspectionserviceBts l1summary 5yearobstructioninspectionservice
Bts l1summary 5yearobstructioninspectionservice
 
Be wp cybersmart_buildings (1)
Be wp cybersmart_buildings (1)Be wp cybersmart_buildings (1)
Be wp cybersmart_buildings (1)
 
Be brochure roc_fire_security
Be brochure roc_fire_securityBe brochure roc_fire_security
Be brochure roc_fire_security
 
Asr infographic
Asr infographicAsr infographic
Asr infographic
 
Asr diagram
Asr diagramAsr diagram
Asr diagram
 

Último

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Último (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Be wp cybersmart_buildings

  • 1. CYBERSMART BUILDINGSSECURING YOUR INVESTMENTS IN CONNECTIVITY AND AUTOMATION February 2017 In partnership with
  • 2. 2 Smart buildings are not an option for the 21st Century – they are a necessity. These agile, responsive environments leverage building data to optimize operations and lower facility costs, while increasing safety and sustainability. Smart buildings adapt to occupancy needs in real time, while optimizing energy usage as much as possible. They often connect internal systems – HVAC controls, data networks, power management, etc. – with external networks to more efficiently monitor and manage building operations. Building owners, operators and managers have traditionally evaluated and purchased smart building capabilities based on business criteria such as functionality, efficiency, cost, reliability and quality. But as you evaluate your next investment, cybersecurity must also be a factor. As access to building data and operational systems increases, so do the challenges associated with securing the smart building environment. The same capabilities that provide beneficial new features – such as remotely accessible performance analytics or carbon-emission monitoring, can also introduce cyber risk to your occupants and your bottom line. It is no longer enough for a building to be smart – it must now be cybersmart. “Defending against cyber threats today and tomorrow requires the secure design, development and deployment of building automation systems and controls,” said Bill Jackson, president of global products for Johnson Controls, regarding a recently announced partnership with the U.S. Department of Homeland Security on cybersecurity for building automation systems. Cyber threat actors have demonstrated capability and intent in hacking building automation systems, safety systems and critical environmental technology. Not every connected product is inherently valuable, but accessing a given system can provide a gateway into more sensitive data and systems. For example, hackers have exploited vulnerabilities in HVAC contractor credentials and payment systems as the entry point into a retailers’ corporate networks, where they ultimately extracted credit card information. And as the number of sensors and devices talking to one another increases, threat actors can exploit building automation systems to access more data and critical systems than ever before. Data breaches, however, shouldn’t be your only concern. Now, as automated systems control more of our environment, there’s also increased potential for attackers to create physical incidents through cyber means.   IMPACT FOR PRIVATE AND PUBLIC SECTORS Corporations and government agencies at all levels – federal, state and local – have taken significant steps to prevent cyber threats to building controls systems. The Unified Facilities Criteria, published by the United States Department of Defense, states: “While the inclusion of cybersecurity during the design and construction of control systems will increase the cost of both design and construction, it is more cost-effective to implement these security controls starting at design than to implement them on a designed and installed system. Historically, control systems have not included these cybersecurity requirements, so the addition of these cybersecurity requirements will increase both cost and security. The increase in cost will be lower than the increase in cost of applying these requirements after design.” THE RISKS AND REWARDS OF SMART BUILDINGS ARE REAL From sci-fi to reality: Envisioning cyber attacks on smart buildings This new age of connectivity and automation creates tremendous opportunity. Without the proper cyber protections, however, smart buildings can be vulnerable to potential cyber incidents. Risk scenarios include: 1. Shutting down heating or cooling for sensitive locations, such as pharmaceutical or food processing plants 2. Manipulating cooling settings on an HVAC system in a corporate building, creating significant business disruption and lost productivity 3. Shutting down cooling or power management functions for a data center, destroying IT equipment and taking business- critical applications offline 4. Gaining unauthorized access to an internet-connected physical security system to enable kinetic attacks EXECUTIVE SUMMARY
  • 3. 3 According to the 2016 State of Industrial Control System (ICS) Security Survey by SANS, 67% of participants perceived severe or high levels of threat to control systems, up from 43% in 2015. Smart buildings are now at the forefront of this battle—with tremendous complexity and integration of systems, they represent an increasingly valuable target. A CALL TO ACTION Connectivity and automation create entry points for cyber attacks with potential safety, continuity, quality and privacy impact. But we can’t let this risk cripple innovation. This is your chance to get it right; to secure your investment by tackling this challenge head-on. So we challenge you to reverse old mindsets: cybersecurity isn’t a tax on the business, it’s not simply an IT issue, and it certainly shouldn’t be a scare tactic. It’s a business enabler for smart buildings. When done well, cybersecurity is about insuring your investment and assuring your ability to reap the transformative benefits that connectivity offers. At Johnson Controls and Booz Allen, we’ve learned that inaction puts you at a competitive disadvantage. With our experience delivering cyber strategy, technology and analytics in smart building environments, we get the critical need to harness the power of building data – smartly and securely. And this paper summarizes key insights to help you set your agenda for cybersmart buildings. Your first step: define your strategy to work with the right partners to secure your investments when assessing and deploying smart building systems or retrofits. This entails defining the challenge, making cyber a business priority, operating with a risk management mindset, and integrating cyber capabilities across the building lifecycle. "INVESTING IN SMART BUILDINGS IS GOOD BUSINESS. BUT INVESTING IN CYBERSMART BUILDINGS—THAT’S GREAT BUSINESS. WITHOUT SECURITY, THE TRULY TRANSFORMATIVE BENEFITS OF CONNECTIVITY AND AUTOMATION ARE AT RISK. EMBRACING CYBER SECURITY MEANS PROTECTING YOUR CUSTOMERS AND YOUR BOTTOM LINE.” –SEDAR LABARRE, VICE PRESIDENT, BOOZ ALLEN HAMILTON
  • 4. 4 Smart buildings offer valuable new capabilities and features through a connected web of digitally-enabled devices, networks, and applications. Your building can automatically change the temperature of rooms based on occupancy and weather forecasts. It can alert your physical security team when an unknown individual is on camera entering a protected area. It can optimize energy usage and prevent problems before they arise. As a link between physical and digital worlds, smart building technologies use key features of connectivity, automation, open architecture, and interoperability to share data that helps optimize total performance of buildings, businesses, and occupants. Bringing together historically-isolated systems (below), smart buildings have unparalleled power to drive effectiveness and efficiency. Deploying Internet of Things (IoT) sensors and devices offers new sources of data to inform automation and provide analytical insights that improve efficiency. They enable unified, centralized access and control across a variety of building management and operations systems. Systems are running on Internet Protocol (IP) networks, integrated with each other to provide enhanced automation and remote connectivity. And cloud-enabled systems bring accessibility, scalability, and cost savings to smart building systems. Increased connectivity and automation present immense business value. The spectrum of innovation is broad, but even limited integration can yield valuable results. This continued digital evolution, however, also presents a range of cybersecurity concerns that smart building owners, operators, and managers need to seriously consider. MULTIPLE PROPRIETARY SYSTEMS Data Network Voice Network Power Management Video Surveillance Fire Alarm HVAC Control Lighting Control Audio Visual Video Distribution Access Control Multiple Management Consoles for Individual System Controls ONE NETWORK Data Network Voice Network Power Management Video Surveillance Fire Alarm HVAC Control Lighting Control Audio Visual Video Distribution Access Control Local Remote Multifunction Centralized Management Consoles MULTIPLE NETWORKED BUILDINGS YOUR BUILDING IS “TALKING” Smart buildings bring together various operational systems under one network, so owners and operators can efficiently, centrally manage their buildings.
  • 5. 5 In a 2015 Industrial Control Systems Cyber Emergency Response Team (ICS- CERT) report, its critical infrastructure members faced a 74% increase in security vulnerabilities across connected control system infrastructures1 . And this rapid growth in cyber vulnerabilities means that smart building owners, operators, and managers must implement appropriate cyber protections, or they will face business risk. Risk that white hat hackers or researchers discover and publicize a vulnerability without following a coordinated disclosure process. Risk that hackers compromise your building to use it in a DDoS attack, or that criminals will seek out and profit from selling valuable data streams. Risk that state-sponsored organizations will tap in to sensitive business or personal information, or that terrorist groups will disrupt critical systems or create safety hazards. All of this from miles away. Recent outlooks on the cyber threat environment substantiate that control system infrastructures, like building automation systems, are increasingly the target focus of a range of cyber threat actors. In addition to an increase in customized malware developed to target control systems, the building-relevant cyber threat environment is expanding across a variety of threat actors, attack vectors, and methods. Recent headlines tell us that these scenarios aren’t just futuristic examples. This risk is real today. News stories abound, demonstrating that there is both motivation and capability to attack smart buildings: RESEARCHERS HACK BUILDING CONTROL SYSTEM AT A LARGE INTERNET SEARCH PROVIDER2 Security researchers hacked a vulnerable, unpatched building management system of a large internet search provider. This effort allowed the researchers to obtain administrative access to digital building control panels. Although not executed, the researchers could have taken command and control of the entire operating system. HACKER TAKES CONTROL OF HUNDREDS OF ROOMS IN HIGH- TECH CHINESE HOTEL3 As with many facilities that provide network access as a benefit to their guests, the five-star hotel in China was vulnerable. In this case, an ethical hacker tapped into the network of his highly- automated hotel room and was able to take control of hundreds of similar rooms throughout the building. If the proper safeguards aren’t in place, threat actors may be able to manipulate control systems (e.g., lights, temperature, digital locks) and steal private data of hotel guests. INTERNET OF THINGS DEVICES AT THE CENTER OF BIGGEST CYBER ATTACK IN HISTORY4 The largest distributed denial-of-service (DDoS) attack in history (to date) targeted Domain Name System (DNS) provider Dyn, causing major Internet outages to populations in Europe and North America. The attack was executed through a botnet consisting of a large number of Internet-connected devices (e.g., IP cameras, digital recorders, printers) that had been infected with malware. Many of these same devices are those installed throughout smart buildings. CYBER HACKING LEADS HOTEL TO RE-THINK ITS SMART BUILDING INNOVATIONS A luxurious four-star hotel in Austria was recently victimized by a series of cyber attacks. After the fourth incident, the hotel’s managing director communicated that the facility’s electronic keycard systems were infected by ransomware, preventing staff from programming room keys for arriving guests. After paying the bitcoin ransom several times over, hotel management decided to move away from room key automation, and revert back to a physical key system, similar to the one used over 100 years ago upon the hotel’s opening. The proper cyber protections are key to adoption of smart building innovations.5 WHERE THERE IS CONNECTIVITY, THERE IS CYBER RISK
  • 6. 6 To address this cyber risk, owners, operators, and managers need to embrace the challenge. Protecting a smart building shares some principles to protecting enterprise IT, but there are significant differences. What makes securing a building a distinct, new challenge? Cyber incident impact can be far worse. You face a unique challenge—you’re not just susceptible to data breaches and IT service disruptions; building automation systems affect things in the physical world. As you connect your systems to IP networks, external access, and the cloud, there’s potential for cyber threat actors to affect safety and take down business operations. Old and multi-generational building infrastructure limits what you can do. Building investments are big. Unlike your smartphone that you replace almost every year, these capital assets are built to last decades. And until about five years ago, security wasn’t even a thought in the design process. What you have now is a mix of old and new infrastructure. With this variety, it inherently limits the types of security protections that you can “layer” into the smart building environment. There are no holistic “plug and play” cyber solutions. Securing the smart building environment takes a blended approach of risk-based planning, security architecture, technology, processes, and people skills. This is well-codified and packaged by vendors in the IT security realm, but not for building automation systems. And because every building installation tends to be so custom, designing appropriate security solutions takes a sharp eye and a diversity of puzzle pieces. You can’t go it alone. Cyber-relevant stakeholders live outside your IT shop— they extend across your business, as well as far beyond the walls of your organization. Integrating a variety of stakeholders with diverse experience and expertise is the only way to secure your increasingly complex risk landscape (See next page). To realize the full potential of your investments in smart buildings, you need to protect against the evolving cyber risk landscape. This means acknowledging what makes it a unique environment and bringing the right stakeholders in to help you outpace the rapid growth of a building-focused cyber threat.   Manufacturers of IoT devices need to focus on cyber secure design, development and deployment... [while] consumers of IoT devices must prioritize security in those devices.” – Jason Rosselot, Director of Global Product Security at Johnson Controls (“Rise of the IoT machines,” CSO Online, 25 Oct 2016) A NEW WORLD OF RISK “DEFENDING AGAINST CYBER THREATS TODAY AND TOMORROW REQUIRES THE SECURE DESIGN, DEVELOPMENT AND DEPLOYMENT OF BUILDING AUTOMATION SYSTEMS AND CONTROLS.” –BILL JACKSON, PRESIDENT OF GLOBAL PRODUCTS FOR JOHNSON CONTROLS
  • 7. 7 Building Owner: Advocates for cyber security as a core risk management activity for ensuring a sound investment. Building Operator: Plays key role in influencing how cyber is integrated into a building management system and its daily operations. Consulting Engineer: Understands how to integrate security into technical building architecture. Architect: Uses design role for physical security and safety to determine priorities for cyber-threat mitigation. General Contractor: Identifies and contracts cyber-ready partners and suppliers for key building technologies. Integrator: Brings together the proper mix of cyber- ready vendors and partners who can fully integrate diverse building technologies. Manufacturer: Employs secure product lifecycle across the design, build, distribution, and maintenance of smart building devices and systems. New Market Player: Introduces feature-laden products and services to smart buildings, but can present real cyber risk if not done thoughtfully. Occupant/Tenant: Benefits regularly from the features of cybersmart buildings, but must be cautious to not introduce risk through poor behavior. Visitor: Represents a potential advocate for having a secure experience in a smart building, but can also bring unwanted attention if the experience is subpar. HOW CAN KEY BUILDING STAKEHOLDERS SUPPORT CYBER SECURITY? EXTERNAL STAKEHOLDERS INTERNAL STAKEHOLDERS Legal, Safety, Privacy: Deciphers cyber and privacy requirements for regulatory compliance. Procurement: Drives the acquisition process in procuring cyber-ready suppliers and vendors. Marketing Communications: Carries the cyber message forward to your customers and stakeholders, both internal and external. Enterprise Risk Management: Guides strategic risk priorities and influences overall cyber investment portfolio. Finance: Serves as key influencer in prioritizing and guiding fund allocations for security IT: Brings internal technology to life and is typically the accountable entity for ensuring cyber security is happening across the enterprise. Audit: Reviews operationalized cyber security compliance against both regulatory and internal policies. Crisis Management Business Continuity: Provides a company’s backbone capabilities for incident management, including security.
  • 8. 8 Yes, the risk is real. But there’s no need for security hysterics. There is tremendous business value in embracing building automation—including cost savings, efficiency, and convenience. So don’t halt your plans. Instead, protect your investment, and maximize its potential. A smart approach starts with a strategy and framework to guide consistent actions based on your risk landscape. We recommend five foundational steps to frame the challenge, gain quick wins, and start gaining real traction. 1. OBSERVE AND ORIENT AROUND YOUR SPECIFIC CHALLENGE. Building operators and managers can learn a lot from military decision-making when it comes to cybersecurity. Out of the gate, when designing infrastructure from scratch or securing legacy building systems, you need to decide which elements of your smart building matter the most. Is it your connected physical security system? What about ensuring continuous uptime of an on- premises data center? You can’t afford to secure everything with the highest degrees of assurance, but make sure you prioritize what matters to your business. From here, you’ll want to map the available attack surface – take an adversary’s perspective and “red team” (i.e., discover) the available pathways to sensitive assets. And to make sure your concerns are justified, roll in some credible cyber threat intelligence that helps you understand the likelihood of different threat actors actually targeting your infrastructure, and how they would do it. Collectively, this systematic process helps you understand what the real cyber risk landscape looks like, and prepares you with a tailored map to take action against. 2. FORGET OLD SILOS— CYBERSECURITY REQUIRES CROSS- FUNCTIONAL TEAMING. For cyber risks to be well managed, you need involvement and buy-in from across the business. IT, cybersecurity, and facility teams typically have the expertise and the access to take the lead. Working together as one cohesive unit, they also need to coordinate with a range of internal and external stakeholders. Externally, work with business partners and vendors that materially invest in and value cybersecurity. You need to ensure that you work with trusted partners who are committed to the right policies, products, services and talent. Security can’t be an afterthought—it needs to be a primary feature of a third party’s stated value proposition. 3. CHANGE THE CULTURE – SPEAK UP FOR CYBERSMART BUILDINGS. Make sure this issue is heard loud and clear within your leadership community and with internal and external stakeholders. Even with the smartest team, the most expert capabilities, and the most advanced technology solutions, cybersecurity will fail unless you have support from across your ecosystem. Smart building owners, operators, and managers need to build a corporate culture that understands the intrinsic relationship between cybersecurity and the future of your business. Talk to them about the importance of getting this right, including the ROI and their roles in security. Consider the right mechanisms to engage your senior leaders and your junior staff. Roadshows, risk education, and exercises can help build consensus on opportunity and risk. This is some of the hardest work you’ll do, but also the most foundational. WHAT TO DO Applying Military-Grade Security for Smart Buildings At federal and military sites, financial institutions, pharmaceutical companies, hospitals, and high-tech companies and labs, low latency and system integrity are paramount. In these environments, deploying a highly secure, hardened network engine is a must. The Johnson Controls building automation system (BAS) development team saw this need, and got to work with its government and commercial clients to build best-in-class, military-grade security for BAS applications. The result is the recently-released Metasys® secure network automation engine (NAE-S). This new engine provides customers a stronger line of defense against cyber threats to building networks with its new embedded technology designed to shield critical infrastructure against cyber-attacks. Its encryption module encrypts data traveling on the network so that sensitive information cannot be accessed by unauthorized users. This new capability dynamically validates and secures protocol communications. It also secures vulnerable routes in the BAS used to control building operations, providing true end-to-end protection from commonly used hacking techniques.
  • 9. 4. BUILD THE RIGHT CAPABILITIES TO ENABLE – NOT HINDER – SMART BUILDING ADOPTION. You can’t just put security technologies in place and claim victory around cyber. Technical solutions are an important piece of the puzzle, but you need to balance deploying technological tools with investments in people and processes. Incorporate cybersecurity across the smart building lifecycle, being careful not to overburden the process. What core functions will help? 5. FINALLY, GET OPERATIONAL. Checking the box on today’s threat does not mean you’re prepared for tomorrow. A compliance-focused approach to all of the above can have detrimental effects if you stop there. You’re dealing with an ever-evolving adversary, which means you need a security professional’s mindset to defeat them. Your audit team can provide that external assessment of compliance and effectiveness. But your task is to focus on risk and protect your territory. Continually monitor internal and external intelligence to understand your ever-changing risk profile. Find allies — like building controls manufacturers and analytics service providers with a demonstrated commitment to product security—to help you stay ahead. Have a plan, but be prepared to continually evolve. This will help you sleep at night, for years to come. 9 Lifecycle Phase Cyber Capabilities and Descriptions Core Functions Checklist Consider Security Requirements. Include security solutions as part of all specification processes. Work with vendors and technical partners to prioritize security as an integral part of any connected smart building solution. Define how you want the vendor to integrate with your existing network, preferably leveraging a separate network segment for building automation systems. Use system retrofits as opportunities to include the latest security protocols. Be prepared to articulate the budget for security operations throughout the building lifecycle. ▫▫ Security Policy ▫▫ Compliance ▫▫ Planning Design Assess. Set a consistent assessment framework to evaluate security vendors and their solutions. Favor companies that demonstrate a program that implements secure design and coding practices, and that have a mature vulnerability management program to ensure that product vulnerabilities are discovered, remedied, and patched in a timely manner. Recognize that business imperatives—like cost—may supersede security concerns. So design a framework that evaluates the security implications and tradeoffs of integrations between legacy and new systems, but provides flexibility for add-on security controls you can deploy to help minimize identified risks. ▫▫ Third-Party Risk Management ▫▫ Risk Assessments Build in Security. Understand vendor recommendations for how to securely deploy building automation systems and work with your IT department to follow those guidelines, and how to add additional controls over and above vendor recommendations based on your compliance and risk needs. Design is important, but how a system is architected and deployed—particularly in the areas of secure network design and remote access capabilities—is critical to monitoring and minimizing your risk. ▫▫ Security Architecture ▫▫ Identity Access Management ▫▫ Information Protection ▫▫ Secure Product Coding Testing Update Regularly. Maintain a software subscription service and preventive service agreement with your integrator. Building controls manufacturers typically “patch forward”, so keeping your systems at the latest software revisions is critical to maintaining a cybersmart building. Ensure that you understand how long the vendor will provide security updates and support for the systems, and ensure you have an exit strategy for replacement prior to a system’s end of life. ▫▫ Vulnerability Management ▫▫ Service Level Agreements Test, Monitor, and Respond. Know your risk. Maintain situational awareness on what’s connected. Develop and implement an assessment framework that will identify security maturity across all domains in your ecosystem. Diligently and regularly stress-test your assumptions and technical vulnerabilities. Continuously monitor for indicators of an incident. Triage and escalate issues based on a predetermined set of trigger criteria. When needed, lead a whole-of-business response to maintain customer trust as you work with your vendors to deploy the right fixes. ▫▫ Asset Management ▫▫ Security Monitoring ▫▫ Red Teaming ▫▫ Threat Intelligence ▫▫ Incident Response ▫▫ Exercises AcquisitionDeploymentOperationsandMaintenance
  • 10. The smart building industry has an opportunity and an obligation to proactively address cyber risk. As the world evolves to smart neighborhoods and smart cities, the challenge will only grow. Addressing the pervasive and complex cyber challenge is pivotal to capturing real return on your investment in a smart building. It protects your brand and, most critically, the safety and privacy of your tenants and visitors. Acting today helps you stay ahead of the cyber threat, reducing the likelihood of the ominous 3AM call. It also gives owners, operators, and managers a differentiator for their business. We’re in a security whitespace for now. The U.S. National Institute of Standards and Technology (NIST) and Department of Homeland Security (DHS) have put out initial best practices guidance for securing smart buildings6 , but cyber regulation doesn’t yet rule the day in most sectors. Early movers have the opportunity to shape security standards, while influencing vendors and service providers. That equates to business and security benefits. Getting cyber right matters. But you don’t need to overhype and over-invest in the challenge. Whether you’re looking to retrofit or deploy smart building technology from scratch, you have the ability to act now, and make your approach business-as-usual. First, take a strategic approach by defining a framework and engaging the right team. Next, put your plan into action by developing technical and risk management capabilities that will ensure your smart facilities are safe and secure. Seize this window of opportunity. YOUR WINDOW OF OPPORTUNITY 1 https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/NCCIC_ICS-CERT_FY%202015_Annual_Vulnerability_Coordination_Report_S508C.pdf 2 https://www.wired.com/2013/05/googles-control-system-hacked/ 3 http://www.scmp.com/news/china/article/1561458/hacker-takes-control-hundreds-rooms-hi-tech-shenzhen-hotel 4 http://www.memoori.com/internet-things-devices-center-biggest-cyber-attack-history/ 5 http://www.wired.co.uk/article/austria-hotel-ransomware-true-doors-lock-hackers (2/2/17) 6 http://www.federaltimes.com/articles/nist-unveils-internet-of-things-cybersecurity-guidance ; https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_ Securing_the_Internet_of_Things-2016-1115-FINAL....pdf 7 http://www.forbes.com/sites/pikeresearch/2016/09/13/cybersecurity-and-intelligent-buildings/2/ “The threat of cyber security is beginning to change attitudes and has created interesting challenges in the commercial building controls market. Awareness and education of building owners and operators remain a persistent challenge. However, even building owners and operators who are aware of and concerned about the vulnerabilities of their building systems are often unaware of what to do about the threat7 .” Forbes, 13 September 2016 10
  • 11. Sedar LaBarre Vice President labarre_sedar@bah.com Matthew Doan Senior Associate doan_matthew@bah.com About Johnson Controls Johnson Controls is a global diversified technology and multi industrial leader serving a wide range of customers in more than 150 countries. Our 130,000 employees create intelligent buildings, efficient energy solutions, integrated infrastructure and next generation transportation systems that work seamlessly together to deliver on the promise of smart cities and communities. Our commitment to sustainability dates back to our roots in 1885, with the invention of the first electric room thermostat. We are committed to helping our customers win and creating greater value for all of our stakeholders through strategic focus on our buildings and energy growth platforms. For additional information, please visit http://www.johnsoncontrols.com or follow us @johnsoncontrols on Twitter. About Booz Allen Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering, and innovation expertise. With international headquarters in McLean, Virginia, the firm employs more than 22,600 people globally and had revenue of $5.41 billion for the 12 months ended March 31, 2016. To learn more, visit BoozAllen.com. (NYSE: BAH) © 2017 Booz Allen Hamilton, Inc. Johnson Controls Contact Jason Rosselot Director jason.r.rosselot@jci.com Alex Runner Director alex.e.runner@jci.com Contact