Cybersmart Buildings: Securing Your Investments in Connectivity and Automation

Similar documents
CYBERSMART BUILDINGS. Securing Your Investments in Connectivity and Automation

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Protecting Smart Buildings

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Statement for the Record

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

IoT & SCADA Cyber Security Services

Why you should adopt the NIST Cybersecurity Framework

European Union Agency for Network and Information Security

IoT and Smart Infrastructure efforts in ENISA

Addressing Cybersecurity in Infusion Devices

Sales Presentation Case 2018 Dell EMC

Cyber Risk in the Marine Transportation System

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cybersecurity for Health Care Providers

OA Cyber Security Plan FY 2018 (Abridged)

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Professional Certification in the Commissioning Industry. Mike Eardley, PE, CCP Director of Commissioning services Cannon Design

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Smart Buildings, Towns and Cities: Part 1 #NG07

Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cybersecurity, safety and resilience - Airline perspective

NW NATURAL CYBER SECURITY 2016.JUNE.16

Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security

Keys to a more secure data environment

Gujarat Forensic Sciences University

Cyber Security: It s all about TRUST

locuz.com SOC Services

Introduction to Device Trust Architecture

Cybersecurity and Hospitals: A Board Perspective

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

Information Technology General Control Review

Cyber Security Program

Cyber security - why and how

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

SIEMLESS THREAT DETECTION FOR AWS

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

CONE 2019 Project Proposal on Cybersecurity

FDA & Medical Device Cybersecurity

Google Cloud & the General Data Protection Regulation (GDPR)

Defensible and Beyond

Welcome to the Second Annual Intelligence & National Security Forum

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Commissioning In Healthcare

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Enhancing the cyber security &

Doing More with Less: Maintaining, Operating, and Improving your BMS. Bernard Keister, V PE Senior Engineer Guttmann & Blaevoet Consulting Engineers

Addressing the elephant in the operating room: a look at medical device security programs

5G Security. Jason Boswell. Drew Morin. Chris White. Head of Security, IT, and Cloud Ericsson North America

Securing Buildings & Facilities From Emerging Cyber Threats

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

CYBER SECURITY AIR TRANSPORT IT SUMMIT

NCSF Foundation Certification

The Office of Infrastructure Protection

Homeland Security Perspectives: Oregon Fire District Directors Association October 25, 2018

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

DETAILED POLICY STATEMENT

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

IT Modernization In Brief

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Medical Device Cybersecurity: FDA Perspective

Advanced Security Tester Course Outline

Cyber Security for Process Control Systems ABB's view

Cyber Attacks & Breaches It s not if, it s When

Cybersecurity Overview

Comodo Certificate Manager

Effective Cyber Incident Response in Insurance Companies

Cybersecurity Today Avoid Becoming a News Headline

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Cybersecurity for Service Providers

Digital Health Cyber Security Centre

*NSTAC Report to the President on the Internet of Things.

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Securing Network Devices with the IEC Standard What You Should Know. Vance Chen Product Manager

M.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Cyber Security in Smart Commercial Buildings 2017 to 2021

GDPR Update and ENISA guidelines

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Managing complexity and rapid change in 2019

Securing Industrial Control Systems

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Internet of Things Toolkit for Small and Medium Businesses

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

How AlienVault ICS SIEM Supports Compliance with CFATS

Port Facility Cyber Security

A quick-reference guide to secure your organization s data and reduce cybersecurity attacks

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

The hidden cost of smart buildings

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

CERT Overview. Jeffrey J. Carpenter 2008 Carnegie Mellon University

CLOUD GOVERNANCE SPECIALIST Certification

Dr. Stephanie Carter CISM, CISSP, CISA

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

Achilles System Certification (ASC) from GE Digital

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Transcription:

Cybersmart Buildings: Securing Your Investments in Connectivity and Automation Jason Rosselot, CISSP, Director Product Cyber Security, Johnson Controls

AIA Quality Assurance The Building Commissioning Association is a Registered Provider with The American Institute of Architects Continuing Education Systems (AIA/CES). Credit(s) earned on completion of this program will be reported to AIA/CES for AIA members. Certificates of the Completion for both AIA members and non-aia members are available upon request. This program is registered with AIA/CES for continuing professional education. As such, it does not include content that may be deemed or construed to be an approval or endorsement by the AIA of any material of construction or any method or manner of handling, using, distributing, or dealing in any material or product. Questions related to specific materials, methods, and services will be addressed at the conclusion of this presentation. 2

Learning Objectives 1. List the applicable Federal and State Standards for Cybersecurity that must be adhered to in the commissioning of a new or retrofit building systems. 2. Describe the steps to become compliant to the applicable Federal and State building security standards. 3. Understand the underlying connectivity and automation value proposition for smart buildings. 4. Establish a realistic view of current threats and business risks associated with smart buildings, across both the private and public sectors. 3

Why are we here today? BOTTOM LINE 1. All industries are making smart building investments (seeking reward) 2. Cyber incidents threaten the smart building value proposition 3. Cybersecurity must become a core tenant of building design and operations (to guarantee that investment) Yesterday: Partial Connectivity Today: Smart Buildings Tomorrow: Smart Cities 4

BUILDINGS ARE EVOLVING ON THE OUTSIDE, SMART, DATA-DRIVEN SOLUTIONS MAY NOT BE APPARENT. BUT CONNECTIVITY IS CREATING VALUE FOR BUILDING OWNERS AND OPERATORS. Infographic credit: Johnson Controls 5

CONNECTING OCCUPANTS TO SOLUTIONS ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OCCUPANTS INTERACT SAVING ENERGY, INCREASING SECURITY AND OPTIMIZING OPERATIONS. HEALTHCARE Real-Time Location Systems (RTLS) Critical temperature control Operating room environments Electronic record-keeping Integrated patient care HIGHER EDUCATION GOVERNMENT Access controls & physical security Energy management Sensitive environment monitoring Smart infrastructure Integrated asset tracking TRANSPORTATION Streaming video management Campus-wide system alerting Mobile-friendly presentation spaces Integrated class registration Optimized lighting Real-Time Location Systems (RTLS) HVAC temperature control Physical security Passenger identification systems Arrival/departure prediction K-12 EDUCATION COMMERCIAL BUILDINGS Smart whiteboards Optimized lighting HVAC, data-driven building management Space scheduling integration District-wide performance tracking Access controls & physical security HVAC temperature control Energy management Real-time data analysis Meeting space optimization 6

INVESTMENT AT RISK NEW VALUE PROPOSITION CYBER RISKS ANTICIPATED INVESTMENT BREAKS APART Automated Management Predictive Maintenance Denial of Service Attack Vendor IoT Product Compromise Energy Efficiency Asset Location Finding Occupant Data Theft Hijack of Command & Control App SECURITY IMPERATIVE Pervasive connectivity means more vulnerabilities across a larger attack surface Many threat vectors can potentially harm connected infrastructure Occupant health/safety and environment now depends on cyber security 7

FACING OUR CURRENT REALITY REPORTED INDUSTRIAL CONTROL SYSTEM VULNERABILITIES RELEVANT CYBER INCIDENTS LARGE INTERNET SEARCH PROVIDER Researchers hack building control system of key facility; able to obtain command and control Source: ICS-CERT 2015 Annual Vulnerability Coordination Report SOURCES OF THREATS TO INDUSTRIAL COMPUTERS CHINESE HOTEL Hacker infiltrated hotel room automation system via WiFi; established ability to manipulate room control systems and steal customer data INTERNET DOMAIN NAME SYSTEM PROVIDER Largest distributed denial-of-service (DDoS) attack in history uses massive number of compromised IoT devices to swarm its target and cause major internet outages Source: Kaspersky Lab ICS CERT, Threat Landscape for Industrial Automation Systems in the Second Half of 2016 8

BUILDINGS NEED TO BE CYBERSMART WHAT S A CYBERSMART BUILDING? 1. Security by design for new; retrofit options for established buildings WHO PLAYS A ROLE? 2. IT and operational technology (OT) assets are mapped and zoned for risk management 3. Vulnerability management function in place for connected devices and infrastructure 4. Passive monitoring for critical assets to understand non-baseline anomalies (e.g., network scanning, controller re-flash) 5. Cyber incident response plan is developed and exercised by relevant stakeholders Evolving Guidance: 9

KEY CONSIDERATIONS FOR TAKING ACTION WHAT TO DO 1 Observe and orient around your specific challenge 2 3 Forget old silos cybersecurity requires cross-functional teaming Change the culture speak up for cybersmart buildings Lifecycle Phase Acquisition Deployment Cyber Capabilities Consider Security Requirements Assess Build in Security 4 Build the right capabilities to enable not hinder smart building adoption Operations & Maintenance Update Regularly Test, Monitor, & Respond 5 Finally, get operational 10

Jason Rosselot, CISSP Director Product Cyber Security Johnson Controls jason.r.rosselot@jci.com THANK YOU www.johnsoncontrols.com/productsecurity

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback