Award winning manufacturer of IT-based building automation.
Let’s Talk BAS Cybersecurity
..for the vast majority of BAS players:
vendors, the channel, and even operation staff, cybersecurity could be
described as “out of mind,” in other words, ranked #∞.
New Deal for Buildings
As published on New Deal blog
For IT Departments, cybersecurity is a top-of-mind issue, consistently ranking #1 on their list of concerns. Interestingly, some identify this concern as IoT security, while others as security skill shortage as well as concerns from “Shadow IT,” people installing their own IT solutions. On the other hand, for the vast majority of BAS players: vendors, the channel, and even operation staff, cybersecurity could be described as “out of mind,” in other words, ranked #∞.
Let me put this another way. For BAS companies working to extract the value of BAS data with analytics, cloud SaaS, enterprise integration and other applications, working with IT systems isn’t optional, it is the only effective way to deliver their value to enterprise customers. Conversely, for IT departments, who have enough on their plates dealing with daily threats from hackers, requests to connect their carefully secured infrastructure to a network of questionable secured devices, often for questionable business value (in their eyes), is likely to get the silent treatment.
While I am exaggerating to make a point, it is the chasm between these positions that should awaken any BAS professionals interested in extracting the business opportunities from IoT.
Many see the issue of BAS cybersecurity as about securing BAS systems, so they are not hacked and manipulated, of course, this is true but not the critical problem we face today.
Others see IoT as the solution of how IP-based devices will be secured, again this is true for future systems but not a solution to today’s buildings, many with decades-old systems.
Many in the industry are pinning their hopes on BACnet/SC, yes this is an important and much-needed addendum to the BACnet standard, but this in itself, isn’t going to solve all our problems.
A growing number of companies are developing great security features in their products; again this is a welcomed trend but not something that will help the chasm in the short term.
million-dollar problem hampering progress is that of a perception
problem of the industry. In my December article,
I laid out how we got here. BAS has never had much motivation to secure
their networks because it never had to. This has made the default
behavior that of apathy about security. If this wasn’t bad enough, we
have “effectively marketed” that position, and now everybody believes
the BAS industry to advance and tap into the promise, and value of IoT,
it is imperative that we urgently fix this perception problem and work
diligently, and collectively to put BAS into a posture that is in line
with the expectations of security-centric IT industry, and the rest of
the business community.
Some will view this as only relevant to companies offering the types of IT-centric products and services I mentioned above; this is shortsighted. The promise of IoT will lift the value of all the products and services in the BAS space, from sensors, actuators, installation, maintenance and so on. As they say, a rising tide lifts all boats.
This is not an easy task by any means. The first step is to acknowledge this position and start an open, industry-wide dialog to address this issue. It is with this in mind, I invite leaders of the industry to attend the Cybersecurity Summit to be held at the upcoming AHR Expo 2019 in Atlanta. Attendance is free to AHR Expo ticket holders.
info on the summit is available at http://summit.newdeal.blog
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]