Intelligent Buildings and Cybersecurity

Transcription

1 Intelligent Buildings and Cybersecurity March 14-18,2017 Frankfurt, Germany Ron Zimmer CABA President & CEO Connect to what s next 1

2 CABA Board of Directors and Vision CABA Vision Statement CABA accelerates growth in the connected home and intelligent buildings sectors. 2

3 About CABA The Continental Automated Buildings Association (CABA) is an international not-for-profit industry association, founded in 1988, dedicated to the advancement of connected home and building technologies. The organization is supported by an international membership of over 325 organizations involved in the design, manufacture, installation and retailing of products relating to home and building automation. Public organizations, including utilities and government are also members. CABA's mandate includes providing its members with research, services and networking opportunities. CABA also encourages the development of industry standards and protocols, and leads cross-industry initiatives. CABA maintains the largest connected home and intelligent buildings research library in the world. 3

4 Intelligent Building and Cybersecurity Study Funders 4

5 Standalone vs. Converged Building Systems Source: 5

6 What is an Itelligent Building? Source: Compass Intelligence,

7 Selected Access Points for Cyber-Attacks Where is the Risk? Source: Compass Intelligence,

8 The Cybersecurity Ecosystem, 2016 Source: Compass Intelligence,

9 Risks Arising from Compromised Systems Corporate IT systems Building Systems (ICS) Financial Integrity Denial of Service Loss of Information Loss of view Loss of control Financial and reputational risk Impact on systems Safety and operational risk Source: The IET The Institution of Engineering and Technology 9

10 Security Zones and Conduits Solutions developed during the design phase. Proposed design should be assessed for new ideas. BMS application needs networked segregation (firewall). Secure gateway protection (data diode secures BMS). Source: The IET The Institution of Engineering and Technology 10

11 Cybersecurity Responsibility Paradigm Manage interaction between infrastructure and business systems. Need clear operating procedures and agreed best practices. Need to be based on recognized standards (eg., ISO 27001). Legal issues lease/tenancy agreements covering data protection, human rights, etc. Insurance policies need to be revised and possibly updated. Source: The IET The Institution of Engineering and Technology 11

12 Profile of Cyber Attackers and Types of Attacks Carried Out (2015), North America Source: 2015 Verizon Data Breach Investigation Report 12

13 Key Recommendations: Intelligent Building Products & Services Vendors (BMS/BAS) Embedded security is becoming more imperative in today s product development of IoT Understand end users, market trends, and related technologies and solutions Education and cybersecurity expertise should also start with you Stay ahead and know complexities and security risks of your products Understand emerging intelligent building trends Understand standards 13

14 Key Recommendations: IT Managers Understand what systems are connected to the IT network and OT network, including building systems IP-enabled may be a point of attack Have well-defined, well-enforced protocol for adding building systems equipment and devices to the network Performing assessments and audits, have structured security plan in place Understand emerging intelligent building trends Understand standards Evaluate the risks involved by not separating the IT and OT network 14

15 Key Recommendations: Building Owners, Administrators, Managers Work closely and cooperatively with IT managers Perform full assessments of all systems, software, and equipment, focus on IP-enabled, VPN connected, and other vulnerabilities Get educated around building system vulnerabilities Be aware of financial loss, risk, and insurance requirements of cyber-attacks Understand standards Work with BMA/BAS vendors and IT vendors collaboratively 15

16 Reducing Risk and Next Steps to Prepare Securing and hardening wireless and IP networks Stricter authentication and access management Further security protocols to restrict access Security software and ongoing updates and maintenance Separation of the IT and OT networks Other planned measures to harden the building system s infrastructure and networks 16

17 Percent of Revenues by Region for the Global Cybersecurity Market, 2015 MEA $5.3 LATAM $3.8 Region Revenues (B) NA $33.4 APAC $15.9 NA $33.4 Europe $17.4 APAC $15.9 MEA $5.3 LATAM $3.8 Europe $17.4 Source: Compass Intelligence,

18 Global Cybersecurity Revenues Market, Source: Compass Intelligence,

19 Final Word It is important to understand that cybersecurity protective measures that aim at proactively thwarting cyber-attacks, more so than simply monitoring and reporting, are likely to offer the best defense against such incidents/events. Proactive prevention offers a range of economic and noneconomic benefits such as safeguarding infrastructure as well as organizational reputation. 19 Source: Compass Intelligence.

20 CONTACT CABA Continental Automated Buildings Association (CABA) 1173 Cyrville Road, Suite 210 Ottawa, ON K1J 7S Toll free: CABA (2222) Fax: Connect to what s next 20

21 World's Greenest Office Building Is Dutch - The Edge 21