Intelligent Building and Cybersecurity 2016

Similar documents
Intelligent Buildings and Cybersecurity

EXECUTIVE SUMMARY CABA AND THE FOLLOWING CABA MEMBERS FUNDED THIS RESEARCH: RUBY FUNDER EMERALD FUNDER DIAMOND FUNDER

Cybersecurity. Securely enabling transformation and change

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

tm forum live! May 9 12, 2016

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Gujarat Forensic Sciences University

Innovation policy for Industry 4.0

Shifting focus: Internet of Things (IoT) from the security manufacturer's perspective

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Run the business. Not the risks.

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

AT&T Endpoint Security

2017 RIMS CYBER SURVEY

Cyber Security in Smart Commercial Buildings 2017 to 2021

Cyber Resilience Solution for Smart Buildings

Cybersecurity and Hospitals: A Board Perspective

Real estate predictions 2017 What changes lie ahead?

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Incident Response Table Tops

Building cyber security

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

TAN Jenny Partner PwC Singapore

Angela McKay Director, Government Security Policy and Strategy Microsoft

Chapter X Security Performance Metrics

Building a Threat Intelligence Program

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

Introducing Cyber Observer

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

MANAGING CYBER RISK: THE HUMAN ELEMENTS OF CYBERSECURITY

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Cybersecurity for Health Care Providers

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

CloudSOC and Security.cloud for Microsoft Office 365

Cybersecurity, safety and resilience - Airline perspective

with Advanced Protection

Internet of Things Toolkit for Small and Medium Businesses

The NIST Cybersecurity Framework

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

Combating Cyber Risk in the Supply Chain

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

WHITE PAPER. Title. Managed Services for SAS Technology

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

THE POWER OF TECH-SAVVY BOARDS:

European Union Agency for Network and Information Security

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

IDC FutureScape: Worldwide Security Products and Services 2017 Predictions

Protecting your data. EY s approach to data privacy and information security

A revolutionary visual security and analytics solution

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Addressing the elephant in the operating room: a look at medical device security programs

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

How to Align with the NIST Cybersecurity Framework

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Addressing Cyber Threats in Power Generation and Distribution

Securing Digital Transformation

CYBER SECURITY AIR TRANSPORT IT SUMMIT

THE ACCENTURE CYBER DEFENSE SOLUTION

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

LESSONS LEARNED IN SMART GRID CYBER SECURITY

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

CALIFORNIA CYBERSECURITY TASK FORCE

Toronto Hydro Response to December 2013 Ice Storm Independent Review Panel Report

Cybersecurity Session IIA Conference 2018

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

CISO as Change Agent: Getting to Yes

Department of Management Services REQUEST FOR INFORMATION

MITIGATE CYBER ATTACK RISK

Keys to a more secure data environment

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

A Data-Centric Approach to Endpoint Security

Chapter X Security Performance Metrics

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

The Deloitte-NASCIO Cybersecurity Study Insights from

Cyber Security and Cyber Fraud

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

CYBERSECURITY AND THE MIDDLE MARKET

TSC Business Continuity & Disaster Recovery Session

End-to-End Trust, Segmentation and Segregation in the IIoT

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Transcription:

Intelligent Building and Cybersecurity 2016 Landmark Research Executive Summary 2016, Continental Automated Buildings Association

Presentation Contents 1. About CABA, Compass Intelligence & This Research 2. Research Funders 3. Methodology 4. Executive Summary 2016, Continental Automated Buildings Association 2

About CABA & Compass Intelligence Intelligent Building and Cybersecurity: 2016 Landmark Research 2016 by CABA. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage or retrieval system, without permission in writing from the publisher. This report was prepared for CABA by Compass Intelligence, LLC About Compass Intelligence Compass Intelligence is one of the leading market analytics and consulting firms specializing in metrics-driven market intelligence and consulting focused on the mobile, Internet of Things/M2M, green technology, and emerging technology markets. Compass Intelligence provides a number of key services including strategic advisory, market sizing/modeling, competitive benchmarking, executive-level consulting, and turn-key survey services. Providing quality services over 10 years, many of the top technology vendors rely on Compass Intelligence s expertise and insights to make better and more informed planning, strategy, and development decisions. Visit us at http://www.compassintelligence.com to learn more. About CABA The Continental Automated Buildings Association (CABA) is an international not-for-profit industry association, founded in 1988, dedicated to the advancement of connected home and building technologies. The organization is supported by an international membership of over 300 organizations involved in the design, manufacture, installation and retailing of products relating to home automation and building automation. Public organizations, including utilities and government are also members. CABA's mandate includes providing its members with networking and market research opportunities. CABA also encourages the development of industry standards and protocols, and leads cross-industry initiatives. 2016, Continental Automated Buildings Association 3

Intelligent Building and Cybersecurity Study Funders 2016, Continental Automated Buildings Association 4

Project Methodology & Survey Details This project included a detailed review of the Intelligent Building and the impact specific to cybersecurity and cyber-attacks. This research included interviews, briefings, and secondary/primary research with vendors and organizations in the IB and Cybersecurity ecosystem. This project also include a survey of 500+ endusers and decision-makers. The survey research was conducted online using opt-in email lists from a wellregarded Internet research panel vendor and Compass Intelligence Thought Leaders Panel. The survey was conducted in August 2015. The survey involved 939 people who started the survey, 543 of these qualified for the survey and a total of 502 completed it in it s entirety. The survey ran for one week. Qualified respondents were over the age of 18, employed, involved in company s IT or facility management and currently have or plan to purchase Cybersecurity solutions. 2016, Continental Automated Buildings Association 5

Executive Summary 2016, Continental Automated Buildings Association 6

Introduction» Focus on improving operational efficiency and safety Implementation in monitoring, automation, management of buildings Enter BMA/BAS Building Management Building Automation» Advancement of IoT and M2M in BMA/BAS Integration of IT and OT?» Introduction of growing threats and potential for cyber-attacks» Cost savings and reducing energy consumption, drivers for investment» Cybersecurity becomes high priority as incidents and threat activity on the rise Examples include Target breach through HVAC, Ukraine BlackEnergy malware incident, Hollywood Presbyterian Medical Center in LA crypto-ransomware cyber-attack 2016, Continental Automated Buildings Association 7

Standalone vs. Converged Building Systems Source: https://www.wbdg.org/resources/cybersecurity.php 2016, Continental Automated Buildings Association 8

Intelligent Building Integrated Systems, Primary Touchpoints Building Services Fire safety HVAC Elevators Lighting Accommodation Services Physical security Energy management Monitoring Access/video Business Services Communications Networking Source: The IET The Institution of Engineering and Technology. 2016, Continental Automated Buildings Association 9

Building Management System (BMS) Source: CABA s 2011 Smart Grid Impact on Intelligent Buildings & BSRIA. 2016, Continental Automated Buildings Association 10

Other Background based on CABA previous studies» Commercial and larger buildings more likely to implement and use BMS/BAS» Industrial and Commercial buildings more likely to utilize BMS/BAS (primarily non-residential)» Integration of Security and Other Building Systems including Access Control, CCTV, and Intruder Alarms (What s Next?)» Cost savings and reducing energy consumption, drivers for investment 2016, Continental Automated Buildings Association 11

The Cybersecurity Ecosystem, 2016 Source: Compass Intelligence. 2016, Continental Automated Buildings Association 12

Selected Access Points for Cyber-Attacks Where is the Risk? Source: Compass Intelligence. 2016, Continental Automated Buildings Association 13

Protection Requirements Source: Compass Intelligence. 2016, Continental Automated Buildings Association 14

NIST Framework Framework Core which includes a set of cybersecurity activities that are deemed common across various infrastructure sectors: Identify - Develop an organizational understanding to manage cybersecurity risk to systems, assets, data and capabilities. Protect - Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. Detect - Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. Respond - Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. Recover - Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. 2016, Continental Automated Buildings Association 15 Source: National Institute of Standards and Technology, NIST

Key Recommendations & Final Thoughts» Building owners and operators Understand both intra and inter-system integration (IT and OT systems), including understanding the differences among industries and building types. Understand and identify the preparedness level that is needed to protect against the risk of BMS/BAS-related cybersecurity.» Strong collaboration and coordination is required among all building stakeholders, including building control systems vendors and cybersecurity vendors.» Stringent policies and procedures to guard both IT and OT against cybersecurity threats must be implemented. Cybersecurity is not just a technology issue; it is also a people issue. A comprehensive cybersecurity plan is critical and must include all threats, including employees, tenants, and even ex-employees.» Education of building owners and facility managers about cybersecurity issues.» IP and cloud-enabled buildings - Need to protect and secure both the IT and OT networks Security starts with the building systems companies and products, and it ends with the customer. Again, focus on securing endpoints, connectivity, applications/data, and implementing threat management solutions. 2016, Continental Automated Buildings Association 16

Action Items to implement today! Policy Steps VPN connections Unidirectional gateways Standards based security hardware and software Complex and routinely changing passwords Independent 3rd party audits Data encryption to ensure privacy and protection against data thefts Network monitoring and analysis tools that focus on network connections and traffic specifically related to OT NIST Framework and recommended whitelisting techniques that only provide access to approved/authorized parties 2016, Continental Automated Buildings Association 17

Final Word It is important to understand that cybersecurity protective measures that aim at proactively thwarting cyber-attacks, more so than simply monitoring and reporting, are likely to offer the best defense against such incidents/events. Proactive prevention offers a range of economic and non-economic benefits such as safeguarding infrastructure as well as organizational reputation. 2016, Continental Automated Buildings Association

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback