True Analytics™ - Energy Savings, Comfort, and Operational Efficiency
BAS Cyber Risks
It’s Not Just About Numbers. It’s a Business Case
Vice President, Marketing
business people, we hate spending money on things that don’t help our
businesses operate better and more efficiently, perform at maximum
levels or improve the products and services we deliver to the market.
And yes, we know there are necessary expenses in business that require
funding. The thought of spending money on things that are only used in
a worst-case scenario and risk management are not attractive options
when it comes to the allocation of our important resources---funds. They are however, a must.
So what do we do? We look at things such as what is the payoff going to be. Are there risks? What are the risks and where do they exist? How likely is our business and operations going to be affected? What is the potential impact? These are questions that need to be answered. The bottom line, we want a solid business case as to why the risk or reward to the business warrants the expenditure.
make purchasing decisions everyday based upon need over want. We
recognize that the failure to do so puts our company, our business, our
operations, our customers and even our fellow associates in an
unacceptable position of risk. We don’t like it, but we understand it.
are things that we hate spending money on but to do so in order to
protect our business. Looking at the rationale for spending money in
these areas can help you make the case why cyber security prevention
and protection of your building automation systems and network needs to
be a priority today. For example, there is insurance – in business and
in our personal life, insurance is a check we don’t want to write; but
we do. We understand that protecting our critical assets against a
catastrophic event is a necessity. Failure do so would be putting our
business and our operations at risk of serious harm. And when the day
comes around and you need it, you are relieved you have it.
about attorneys? Yes I said it, that nine letter word. While I
personally respect and appreciate our attorneys and the value they
provide us, let’s face it, life would be much simpler without the legal
wrangling over contracts and other complicated legal issues. But to try
to do it alone would be crazy. Being protected is a must and it’s well
worth the expenditure to have these experts on your team.
about the huge investments and dollars we spend each year on data
storage and yet we still get those annoying alerts (it seems like
weekly), telling us that our email box is over the size limit and
contact your administrator. The reason we hate spending money in this
area is because we know that a large percentage of what is being stored
does not contain critical data tied to the success of the business.
However, we can’t take the chance that this data is not accessible or
may be needed some day, so we make the additional investment.
Then there is disaster recovery – again, worst-case scenario expenditure, but one that is absolutely necessary. In today’s market where we depend on data and information so much and for it to be unavailable is something we don’t want to experience.
you are noticing a common theme here. We don’t like to spend money on
these types of things, but do anyway. We have to and should. In
each case, the potential cost to the business of not making the
investment far exceeds not making the investment. These are all
critical to our business and are necessities not choices.
cyber security has always been a concern when it comes to protecting
traditional systems and devices such as computers, routers, servers and
our business operation IT networks, our building automation system
devices such as thermostats, HVAC equipment, access control, elevators
and lighting controls seemed to escape protection and are “living below
the poverty line”.Today however, cyber security protection and risk
prevention for building automation systems is a necessity. Building
automation networks and IT networks should not be treated differently
when it comes to cyber security and threat protection. Just like an IT
network (you invest in its cyber protection), building automation
networks should have multiple layers of defense and protection as well
as policies and procedures that are continuously addressed.
A comprehensive cyber security program includes a defense-in-depth strategy and leverages industry standards and best practices to protect systems, devices and the networks they run on and detect potential problems along with processes to understand current threats and enable timely response and recovery. Cyber security should be an integral part of the design of the automation system and the deployment, not an afterthought.
a business perspective, the negative consequences that BAS-initiated
cyber incidents can cause are disruptive and potentially catastrophic.
Such events can impact occupant productivity and personal safety,
disrupt critical processes, and shut down business operations entirely.
Then there is the potential theft and loss of intellectual property.
Threats and breaches to building systems can be entry points into the
company’s network and become a pivot point that can bypass many
existing network defenses. A hacker can use a BAS device as a jumping
off point to get onto other devices and systems, introduce malware,
viruses and worms or engage in other detrimental activities. The social
implications can be as equally devastating with negative publicity and
loss of customer confidence while the financial ramifications may be
compounded with lawsuits and equipment replacement and repair. And
there is more.
numbers are important, it is the business case that is important and
the critical role cyber security protection of building automation
systems plays in the operation of our businesses. The operational,
financial and reputational impact to a business is tremendous.
About the Author
Vice President, Marketing for Lynxspring, Marc Petock leads corporate
and product marketing strategy and execution, brand management, public
relations and communications to support the company’s strategic and
growth initiatives. Marc is a contributing author, noted speaker and
recognized industry leader having earned Realcomm’s Top 35 People to
Watch for the last six years in a row, M2M Magazines Who’s Who in M2M,
a Digital Impact Award and several other industry accolades. He also is
a recipient of the Niagara Community Spirit Award and most recently,
the recipient of Control Trends CTA “Petock Award”, an annual industry
award named in his honor. Marc also serves on the board of directors of
Connexx Energy and as an advisor to Realcomm.
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]