August 2013
Article
AutomatedBuildings.com

Innovations in Comfort, Efficiency, and Safety Solutions.
Belimo

(Click Message to Learn More)


BAS Cyber Risks

 It’s Not Just About Numbers. It’s a Business Case

Marc Petock
Vice President, Marketing
Lynxspring     
                                                                                                             

Articles
Interviews
Releases
New Products
Reviews
Securing Buildings News
Editorial
Events
Sponsors
Site Search
Newsletters
ABB
Archives
Past Issues
Home
Editors
eDucation
Secured by Cimetrics
Training
Links
Software
Subscribe
Control Solutions, Inc

As business people, we hate spending money on things that don’t help our businesses operate better and more efficiently, perform at maximum levels or improve the products and services we deliver to the market. And yes, we know there are necessary expenses in business that require funding. The thought of spending money on things that are only used in a worst-case scenario and risk management are not attractive options when it comes to the allocation of our important resources---funds. They are however, a must.

So what do we do? We look at things such as what is the payoff going to be.  Are there risks? What are the risks and where do they exist? How likely is our business and operations going to be affected? What is the potential impact? These are questions that need to be answered. The bottom line, we want a solid business case as to why the risk or reward to the business warrants the expenditure.

We make purchasing decisions everyday based upon need over want.  We recognize that the failure to do so puts our company, our business, our operations, our customers and even our fellow associates in an unacceptable position of risk. We don’t like it, but we understand it.

There are things that we hate spending money on but to do so in order to protect our business. Looking at the rationale for spending money in these areas can help you make the case why cyber security prevention and protection of your building automation systems and network needs to be a priority today. For example, there is insurance – in business and in our personal life, insurance is a check we don’t want to write; but we do. We understand that protecting our critical assets against a catastrophic event is a necessity. Failure do so would be putting our business and our operations at risk of serious harm. And when the day comes around and you need it, you are relieved you have it.

How about attorneys? Yes I said it, that nine letter word. While I personally respect and appreciate our attorneys and the value they provide us, let’s face it, life would be much simpler without the legal wrangling over contracts and other complicated legal issues. But to try to do it alone would be crazy. Being protected is a must and it’s well worth the expenditure to have these experts on your team.

How about the huge investments and dollars we spend each year on data storage and yet we still get those annoying alerts (it seems like weekly), telling us that our email box is over the size limit and contact your administrator. The reason we hate spending money in this area is because we know that a large percentage of what is being stored does not contain critical data tied to the success of the business. However, we can’t take the chance that this data is not accessible or may be needed some day, so we make the additional investment.

Then there is disaster recovery – again, worst-case scenario expenditure, but one that is absolutely necessary. In today’s market where we depend on data and information so much and for it to be unavailable is something we don’t want to experience.

Hopefully you are noticing a common theme here. We don’t like to spend money on these types of things, but do anyway. We have to and should.  In each case, the potential cost to the business of not making the investment far exceeds not making the investment. These are all critical to our business and are necessities not choices.

While cyber security has always been a concern when it comes to protecting traditional systems and devices such as computers, routers, servers and our business operation IT networks, our building automation system devices such as thermostats, HVAC equipment, access control, elevators and lighting controls seemed to escape protection and are “living below the poverty line”.Today however, cyber security protection and risk prevention for building automation systems is a necessity. Building automation networks and IT networks should not be treated differently when it comes to cyber security and threat protection. Just like an IT network (you invest in its cyber protection), building automation networks should have multiple layers of defense and protection as well as policies and procedures that are continuously addressed.

contemporary A comprehensive cyber security program includes a defense-in-depth strategy and leverages industry standards and best practices to protect systems, devices and the networks they run on and detect potential problems along with processes to understand current threats and enable timely response and recovery. Cyber security should be an integral part of the design of the automation system and the deployment, not an afterthought.

From a business perspective, the negative consequences that BAS-initiated cyber incidents can cause are disruptive and potentially catastrophic. Such events can impact occupant productivity and personal safety, disrupt critical processes, and shut down business operations entirely. Then there is the potential theft and loss of intellectual property. Threats and breaches to building systems can be entry points into the company’s network and become a pivot point that can bypass many existing network defenses. A hacker can use a BAS device as a jumping off point to get onto other devices and systems, introduce malware, viruses and worms or engage in other detrimental activities. The social implications can be as equally devastating with negative publicity and loss of customer confidence while the financial ramifications may be compounded with lawsuits and equipment replacement and repair. And there is more.

While numbers are important, it is the business case that is important and the critical role cyber security protection of building automation systems plays in the operation of our businesses. The operational, financial and reputational impact to a business is tremendous.



About the Author

As Vice President, Marketing for Lynxspring, Marc Petock leads corporate and product marketing strategy and execution, brand management, public relations and communications to support the company’s strategic and growth initiatives. Marc is a contributing author, noted speaker and recognized industry leader having earned Realcomm’s Top 35 People to Watch for the last six years in a row, M2M Magazines Who’s Who in M2M, a Digital Impact Award and several other industry accolades. He also is a recipient of the Niagara Community Spirit Award and most recently, the recipient of Control Trends CTA “Petock Award”, an annual industry award named in his honor. Marc also serves on the board of directors of Connexx Energy and as an advisor to Realcomm.

footer

Lynxspring
[Click Banner To Learn More]

[Home Page]  [The Automator]  [About]  [Subscribe ]  [Contact Us]

Events

Want Ads

Our Sponsors

Resources