Innovations in Comfort, Efficiency, and Safety Solutions.
|The Need for
Holistic BAS Cybersecurity
Our collective success is based on our weakest link. Our industry is inherently collaborative. We seldom work alone on a project, and partnering is our modus operandi.
Article also on LinkedIn
As the building
controls industry works to install more and more sophisticated smart
building technologies, many of which involve working with IT systems,
the subject of cybersecurity continually looms large and persistent.
There are many questions about how we are going to deal with this
challenge; I have some thoughts on a few such questions.
The first and most important aspect for all players in the industry is that cybersecurity is everyone’s business, not just the experts. Yes, cybersecurity is a complex subject, but we are not all going to nerd out on the intricacies of ciphers, zero-day threats, certificates and so on. What every single professional must demand is that our devices, systems, and buildings are secure from cyber threats. Every proposal, project meeting and company planning session going forward must discuss how cybersecurity is being addressed in that instance.
leads to my second point: Our collective success is based on our
weakest link. Our industry is inherently collaborative. We seldom work
alone on a project, and partnering is our modus operandi. This means
not only does each player need to deal with cybersecurity in their
work, but it is the task of everyone to ensure others in the value
chain deliver solutions that are secure.
The two points mentioned above are broad and complex, but our industry is not unique in this respect. A useful tool many other industries use to chart their process of bringing cybersecurity to the forefront is the National Institute of Standards and Technology (NIST) Cybersecurity Framework, a comprehensive set of standards, guidelines and best practices created through a collaborative process by the U.S. government agency responsible for cybersecurity matters. At Cimetrics, we use the NIST Framework to map out the products and solutions we develop and market to the industry. We see this as a holistic way to look at cybersecurity.
AHR Expo in Atlanta this January, my company Cimetrics launched Secured
by Cimetrics, a platform to provide a wide range of
cybersecurity-focused technologies, products, best practices, and
professional services that address these challenges. As a technology
vendor in the industry since 1989, we feel we have a responsibility to
help our industry be much more secure in this new phase of building
controls and automation.
The areas Secured by Cimetrics will help include the following areas:
are the core of building automation, and these days they are typically
BACnet. We are honored that over 60% of global BAS vendors have
selected to use our BACnet stack in their devices. While the upcoming
BACnet/SC (Secure Connect) is a very important development regarding
securing BACnet devices (see this link for more on BACnet/SC), it does not
tick all the boxes to make devices fully secure. Devices branded as Secured by Cimetrics build upon
BACnet/SC by implementing additional features and technologies to make
them as secure as possible while abiding by the guidance of the NIST
Building automation systems are made up of networks of devices which by today’s standards means they are mostly IP-based and thus the most vulnerable attack surfaces for cyber breaches. Having been a vendor of network routers and gateways for more than two decades, it makes sense for us to incorporate Secured by Cimetrics technologies and best practices into such devices. Going forward, the industry should look to network routers and gateways branded as Secured by Cimetrics to reduce the risk of attacks on their networks.
Keys and Credentials
A critical component of secured systems is the array of security keys and credentials used to identify legitimate devices and people; these are more often referred to as security certificates. These certificates are a core component of the upcoming BACnet/SC standard. In complex building systems, the management of these certificates produces specific challenges that we aim to address as part of the Secured by Cimetrics platform.
Buildings and Facilities
At the end of the day, building automation systems enable buildings and
facilities to deliver on the needs of their owners and occupiers. As
such, there is no challenge as important than ensuring facilities do
not suffer any negative consequences of a cybersecurity breach.
Addressing this challenge involves best-practices, business processes
related to monitoring, responding, and recovering systems prior to and
following attacks. This is an area where Secured by Cimetrics will add
significant value to new or existing cybersecurity strategies by
further reducing the risk of attack.
People and Organizations
holistic approach to cybersecurity is not complete unless we consider
the potentially weakest link in the chain, the people and organizations
who design, engineer, operate and maintain building systems. The Secured by Cimetrics platform
addresses this by providing training, certification and professional
services to aid industry professionals and companies to do all that is
possible to secure the systems in which they are involved.
our founding in 1989, Cimetrics has focused on developing key
technologies to enable the BAS industry to grow. We were one of the
first to work on BACnet, and our BACnet stack is used by over 60% of
BAS companies globally. For 30 years, we have garnered broad industry
recognition, support, and trust for producing robust and innovative
is not an easy problem to solve. We feel strongly that our approach to
cover all the bases is the only way to go forward. We further feel
strongly that this is not a fight we can do alone; it takes a village
to position the BAS industry as one that takes security seriously and
has the posture necessary in today’s hyper-connected world.
We invite you to work with us to create an active cybersecurity
community, one that can drive the BAS industry forward to attain a
responsible security posture demanded by building owners, enterprises,
IT organizations, and occupants.
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]