Innovations in Comfort, Efficiency, and Safety Solutions.
Steve Fey, CEO, Totem Buildings
expert in building controls, career entrepreneur, CEO of Tridium during
its growth phase, and recently President of Proxios, a Richmond-based
IT-as-a-Service provider. Steve holds a B.S. from Cornell
University in Electrical Engineering.
Platform for Assessing and Managing Cybersecurity Risks
What was needed was a scalable, software solution and a software-experienced leadership team.
Sinclair: What is Totem Buildings?
Fey: Totem Buildings has developed the industry’s first software platform for assessing and managing the cybersecurity risks associated with all types of operational technology systems in the non-residential buildings market. And most importantly, all from a single dashboard or on a mobile app.
As a result of the COVID-19 pandemic, we
have responded to public health concerns by including a contractor
health-risk screen that is quick and convenient and provides a
"boarding pass” approach for contractors to enter and service buildings
while also providing rollup reporting to building managers and
Sinclair: How did Totem get started?
Founders of Totem Buildings are Rob Murchison and Tom Shircliff of
Intelligent Buildings. Since 2004, Intelligent Buildings has
provided consulting and services to the largest real estate owners in
the world including federal governments in the US, Canada and
Singapore, dozens of Fortune 500 companies, REITs, large military bases
and higher education. Approximately four years ago, their
consulting practice expanded to include OT cybersecurity assessments.
It quickly became apparent that the entire OT industry was unprepared to deal with the multitude of cybersecurity threats. Building owners were quietly experiencing industry losses through ransomware, downtime, unnecessary service calls and rising cost structure. However, consulting is not a scalable solution given the breadth and depth of the problem – what was needed was a scalable, software solution and a software-experienced leadership team.
Rob and Tom connected with me in the summer of 2018, and in January 2019 we launched Totem Buildings. Many of your readers may remember me from my time at Tridium, where I led the company from 2006 to 2012, before leaving to run an IT Managed Services company in Richmond, Virginia.
Sinclair: How pervasive are cybersecurity threats to our industry?
Fey: Two recent studies from last year underline the problem. According to
Kaspersky, one of the leading providers of anti-virus software, 37.8% of smart building automation systems were affected by malicious cyber-attacks in the first half of 2019. Harvard Research released a study showing that 60% of attacks on publicly traded companies were traced to IT systems from suppliers and third parties such as contractors. This is precisely what happened to Target stores because of stolen user credentials from an HVAC contractor.
Sinclair: How does the Totem platform manage cybersecurity risk?
Fey: The first thing to understand about managing cybersecurity risk is that it is a process challenge. Cyber threats are continuously changing as cybercriminals identify vulnerabilities and quickly develop means to exploit them. The OT industry is particularly vulnerable when compared to IT (Information Technology) because the focus of our industry has always been on operational functionality, not the security of the system itself. As a result, so many of the installed systems have obvious vulnerabilities including public facing IP addresses, manufacturer default passwords that have not been changed or removed, unencrypted network communications and inadequate backups. The Totem platform is used by automation contractors and building owners to identify these vulnerabilities through a combination of audits and real time monitoring. Totem has also developed standard security policies and procedures to follow when designing and managing control systems. We refer to systems that have been installed according to this standard as Totem TrustedTM.
Sinclair: How does Totem Buildings go to market?
Fey: Totem is marketing on a worldwide basis through Totem TrustedTM Partners. These companies include automation distributors, Master System Integrators, and OT Managed Service providers. Through the Totem platform, our objective is to provide the same companies that are installing and supporting control systems today with the knowledge and tools to secure these systems for their customers. As I mentioned previously, managing cybersecurity risk is a process challenge. For Totem TrustedTM Partners, the Totem software forms the basis of a subscription-based, managed service that our partners provide to their customers after the system has been installed. Systems that go unmanaged may start out as secure, but will quickly degrade if attention is not paid to all of the risk areas on a continuous basis.
Sinclair: How has Totem Buildings adjusted to the COVID-19 pandemic?
mentioned earlier, we’ve just released a highly flexible, health risk
survey that can be used to manage contractor personnel and building
occupants before being cleared to enter a building. The survey
tool is available for the next 90 days at no charge. This is a
great way for building owners to raise everyone’s confidence in
returning to work. Also, we are also offering a special sign-up
package for new Totem TrustedTM Partners that delays our
normal sign-up fees for 90 days. As part of the package, we have
moved our certification training class on-line and the price lowered to
$100 per student.
Sinclair: How do I learn more about Totem Buildings?
Fey: Our web site is www.totembuildings.com. I can be reached at Steve.firstname.lastname@example.org. We are actively recruiting partners at this time, so please contact me if you are interested in learning more.
More about Steve in this article Working Remotely - the New Norm! Published on March 21, 2020
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]