Innovations in Comfort, Efficiency, and Safety Solutions.
EMAIL INTERVIEW – Marc Petock and Ken Sinclair
Marc Petock, Vice President, Marketing, Lynxspring
Sinclair: We are seeing an increase in coverage about BAS cyber security. Is it good or bad for our industry?
Petock: I believe it is
good for a number of reasons.
It is calling attention to an issue that is part of the new reality we
are faced with. It is enabling us to gain a greater understanding of
the challenges associated with cyber threats as it relates to building
automation systems and networks and it is causing us as an industry to
address it. I also believe it has woken up many end users and providers
to the need for better cyber security protection for building
automation systems and networks.
Sinclair: What are the misconceptions about cyber security and threats on building automation systems?
Petock: That cyber threats against building automation systems are not just about being able to turn the lights on or off or raising or lowering the temperature a degree or two. It is way more than that. Characterizing possible disruptions to lighting or HVAC controls as a little harmless mischief dramatically underestimates the value of these systems to productivity, safety and the business. Threats and breaches to building systems can also be entry points into the company’s network and become a pivot point that can bypass many existing network defenses. A hacker can use a BAS device as a jumping off point to get onto other devices and systems, introduce malware, viruses and worms or engage in other detrimental activities.
The Building Automation Network and IT network should NOT be treated differently when it comes to cyber security and threat protection. One needs to ask themselves more than just ‘Are we secure?’ You need to be asking…. ‘How do we know we’re not compromised today? How would we know? What would we do about it if we were?’” Are we prepared to face the threat?
Sinclair: What about the business implications, can you elaborate a little more on this?
Absolutely. There is occupant comfort,
safety and productivity to operational disruption including
interruption of key services and shutdown of operations. On the
physical side, there is the potential damage to equipment and the
building structure and accessibility to the facility. On the business
side, there is the potential exposure of sensitive information,
financial loss caused by interruptions and equipment replacement and
repair, negative publicity, tenant loss, loss of customer confidence
and potential lawsuits. And there is the risk of physical harm to
Sinclair: What are the key risk areas?
So at the end of the day, who is
responsible for BAS cyber security?
Petock: Cyber security
is a shared
responsibility---shared between technology providers, system
integrators and end users. Technology providers should take every
step to increase the security quality and reduce the attack surface as
much as possible. When an incident is discovered, they need to inform
their customers, address the issue quickly and comprehensively. Also,
incorporate cyber security practices related to their technology into
their training and deployment practices. For system integrators discuss
the importance of cyber security with the end user; be proactive about
it; automatically include as part of the solution you design and deploy
and ensure that the security capabilities of all system components are
used and configured properly. And end users demand and insist on
cyber threat protection. Make sure your overall system security levels
Sinclair: Any final thoughts?
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]