Innovations in Comfort, Efficiency, and Safety Solutions.
EMAIL INTERVIEW John Suzuki and Ken Sinclair
John Suzuki, VP of Sales, 3eTI, an Ultra
John Suzuki has
more than 20 years of telecom industry experience and a strong pedigree
for developing and executing sales and marketing strategies for
technology-driven companies. Before joining 3eTI, Mr. Suzuki was senior
vice president of sales for EFJohnson Technologies, where he led that
organization’s public safety sales efforts in the federal, state and
local government sectors worldwide. He also spent 15 years with
Ericsson, where he held several sales and marketing management
positions in both the United States and Canada. Mr. Suzuki holds a
bachelor’s degree in science, electrical engineering from the
University of Ottawa and a master’s degree in business administration
from Duke University.
Getting the Capabilities of an Open Platform without the Security Risk
The recent move toward Smart Grid and the Internet of Energy makes buildings and public utilities more vulnerable to attack, increasing the need for more sophisticated security in these facilities.
Sinclair: The industry is now aware as I’m sure you are, of the recent ICS-CERT alert released notifying critical infrastructure owners and operators of security vulnerabilities of open platforms such as Tridium’s Niagara Framework.
Suzuki: Yes, I am. With open platforms, communication is exactly what the name implies – open. In the world of networked devices that we live in, this has certainly become an essential capability. But in the world of security, as this alert demonstrates, this can present security vulnerabilities that could compromise critical infrastructures. This alert is just one example of a vulnerability that could occur with an open platform.
Sinclair: Cyber security is certainly a hot topic these days, but how relevant is it to the automated building industry?
Suzuki: Very relevant – definitely something that should, at the very least, be on the radar of those responsible for their organizations’ information and network security. While cyber attacks used to be seen primarily as a threat to government and military institutions, cyber terrorist groups have recently expanded their efforts against private industry – increasing the need for higher security in this sector as well. The recent move toward Smart Grid and the Internet of Energy makes buildings and public utilities more vulnerable to attack, increasing the need for more sophisticated security in these facilities.
So it sounds like
cyber attacks should be a pretty big area of concern for our readers?
Suzuki: Generally speaking, given the expanding cyber threat to private industry, your readers should be concerned with the lack of cyber security in their Commercial Off-the-shelf [COTS] building automation controllers. But the truth is everyone’s risk tolerance is different. For some, an open platform is fine and offers many benefits, but for those that are more security conscious or require critical asset protection, extra security is required to mitigate these risks. I would certainly advise your readers to do their due diligence and determine what an acceptable risk tolerance is for their organizations and operations.
Sinclair: Is there a way for organizations to increase security without sacrificing the flexibility of an open platform?
Suzuki: Yes. 3eTI offers cyber secure systems such as our energy monitoring and control solution, EnergyGuard, which is U.S. Federal Government Information Assurance approved, while providing all the capabilities of an open platform. EnergyGuard has built-in cyber security that incorporates the open platform, Tridium Java Application Control Engine (or JACE); this happens to be the platform in question from the alert you mentioned earlier.
Sinclair: Interesting, can you tell me a little
more about EnergyGuard and how it
works with the open platform, JACE?
Suzuki: Certainly. EnergyGuard protects
access to the JACE by authorizing every
device, instantly removing the ability to compromise and extract
information from the JACE remotely. It does this by employing a
Defense-in-Depth architecture, which includes hardware authentication,
device authentication, firewall functionality and Deep Packet
Inspection. It has been independently tested by the Department
of Homeland Security Idaho National Labs Control Systems Security
Program – ensuring vulnerabilities are mitigated and allowing energy
managers the flexibility to operate while ensuring DoD-grade
information assurance.In short, EnergyGuard provides the same building
automation control functions as a standard Tridium JACE, but in a cyber
hardened deployable package that has been tested and accepted by the
U.S. Federal Government.
Sinclair: Does EnergyGuard work with other open platforms? If so, what ones?
Suzuki: It is universally compatible with existing legacy building automation systems – providing customized energy management and/or energy security for each facility.
technology extends connectivity, integration and
interoperability to deployed devices wirelessly and allows integrators
to build platforms that manage complex building monitoring control
systems in a “plug-n-play” environment. By utilizing an energy
management application for device-to-enterprise integration, open
standards architecture, and common network protocols, EnergyGuard
delivers a unified system without implementation barriers.
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]