Articles

Interviews

Releases

New Products

Reviews

Editorial

Events

Sponsors

Site Search

Newsletters

Archives

Past Issues

Home

Editors

eDucation

Training

Links

Software

Subscribe

Anto: Ken, I am very glad that you have dedicated your April edition to the important subject of cybersecurity. As someone who is very much in touch with the pulse of the BAS industry, could you describe the mood of the industry with respect to cybersecurity today?

Ken: Concerned, confused and in need of good information to make better decisions. I am hoping our April issue will provide a place to start, I am extremely pleased with the information posted and the resources linked. Very pleased to have articles from industry experts like Fred, Marc, Jim Lee, Jim Butler, Kevin, Therese, Deb, Pook-Ping, Scott, plus yourself. Anto, you have some great resources on your New deal web site can you explain why you see cybersecurity is such an important part of the new deal?

Anto: The mission of the New Deal is to figure out how the BAS industry can better deliver value to building owners and facility managers. We evolved that into the Facility IT framework to explain how BAS interacts with IT and FM. It’s clear from looking at Facility IT that the best way to extract the value from BAS is for information to flow easily and securely between BAS, IT and FM. This cannot happen if BAS systems are considered unsecured by IT. My article this month is about this, how cybersecurity is an enabler of value for BAS. Ken, I wonder if you agree that BAS is considered not secure by IT people?

Ken: I have avoided this discussion in the past because understand and highlighting all of the potential security & privacy concerns generally will paralyze us all. Yes, I think BAS is not considered secure by IT people. We need to fix this as you can currently drive a truck through older BACnet systems without cyber protection. This is why we have gathered the views of several Cybersecurity experts in our April issue to provide us advice on how to proceed without immobilizing us.

Anto: Point taken Ken. It’s important to move forward without stopping the great progress we are making. I hope that the collection of articles in April articulates the issues and how the industry should move on in a secure way.

Ken: Talking about free resources, please tell me about the Cybersecurity Summit you organized at AHR in Atlanta in January? It came together at the last minute and seemed to be a huge hit!

Anto: Considering it was a last minute event, I too was pleasantly surprised with the support received from sponsors and speakers. And, to everyone who woke up early for the 7 am start on Monday. We had no trouble filling three hours of conversation on the subject. I got a feeling that the industry is now ready to tackle this subject. You can read a recap of it in my interview with Nicolas Waern.

Ken: Anto I see you have started blog SecuringBuildings.News Please explain why you have done this how the industry can best use this resource?

Anto: It’s not a blog as such, it’s an AI-driven aggregation of news from all around the Internet related to cybersecurity and building systems. It creates an issue every day, and if you subscribe, you will receive an email daily with BAS-related cybersecurity news. I’ve found it very interesting to see what appears there; I suggest your readers subscribe, it’s free!

Ken: I get it you have replaced us both of us as editors using an AI-driven aggregation ...big smile! I have been using this one for a few years; it brings an amazing amount of information to me. I am actually learning by reading my own AI blog; always interesting as to what my alter AI self publishes. I often get connections to places I would never have imagined to find relative information.

Anto: Talking about AI, there is undoubtedly significant opportunities for careers in the cybersecurity space, especially for those young professionals in BAS looking for an angle to specialize in. I would think it has good synergy with the IT-centric skills that we’re starting to see in the industry.

Ken: Yes, see this piece Trying to Build a Cybersecurity Workforce, I have also been tweeting to the women of our industry encourage them to get involved this article brought to my attention by my daughter's tweet gives good insight 1 big thing: Women and automation I am on yet another crusade to involve more women as our newest employment resource they are very well suited to cybersercurity and automation in general.

Anto: Changing the subject, I continue to see articles and interviews about the “IT-OT Debate.” In light of the value argument I am making about a close integration with IT, I feel that it’s important to see the “air-gap” mentality as an interim stop-gap (pun intended!) to an eventual single network philosophy that is best for all involved. Having said that, I do see specific use cases where a tight integration is not possible, Scott Cochrane illustrated one of these in his recent article regarding nonexistence IT infrastructure before building occupation. Scott also identified an innovative solution to this problem. This goes to show that if we aim at the right outcome, people will innovate. What are your thoughts?

Ken: I concur, in that same article this innovation to solve the same problem but Stanford had an answer… a Temporary Construction Network, or TCNet for short. A rack of temporary switches that mirror the switch technology that will ultimately be installed in the building, and they built these switches on wheels so they can roll them into the electrical IT closets prior to the rest of the network being installed. Anto, in Fred’s article he talks of the value of Cybersecurity assessments what are your thoughts on this?

Anto: Fred Gordy and the IB team are doing great work on assessments of buildings and control systems. Their findings should be a clear warning call to all in the industry moving forward, and it’s very encouraging that IB is sharing this information to the industry. Cybersecurity is a challenge that all players in the industry should collaborate on; no single player can solve this. I also see this month Jim Butler’s article on the upcoming BACnet/SC addendum from the BACnet IT working group that he chairs. Ken, what are your thoughts on the collaborations going on on this important subject?

Ken: BACnet/SC looks like a giant leap of an improvement, it appears that the industry is taking cybersecurity very seriously and lots of great work is going on. We are pleased to provide links to even more information. Jim Butler writes “I have skipped over many important details of BACnet/SC in this short article. If you are interested in learning more, I encourage you to read the white paper "BACnet Secure Connect" written by members of the BACnet IT working group.”

Anto: I also see Tridium’s CTO Kevin Smith is bringing this important cybersecurity discussion to the April edition, as well as later this year to ControlsCon & Realcomm. His perspective on how to avoid the harsh realities of cyber attacks by taking a proactive approach is a great resource. So is Therese Sullivan stressing the importance of not just achieving Cybersecurity, but putting a plan in place to maintain it while providing us links to valuable resources like ICS-CERT.

Ken: I am learning lots, and I am sure our readers will as well. Jim Lee’s comments have set the theme of our April issue. This is a great summation of why we must do Cybersecurity, "Our collective success is based on our weakest link. Our industry is inherently collaborative. We seldom work alone on a project, and partnering is our modus operandi."

Anto: It would be great to have the BAS industry rally around the subject of cybersecurity. I see Marc Petock has also opined on the business impact of security, and Optigo on How does NIST’s cybersecurity framework apply to Operational Technology?.

Plus this just in from Deb Noller, CEO, Switch Automation -  How to Safeguard your CRE portfolio against Cybersecurity Attacks

Great to have this discussion online with you Ken, thanks for your efforts to drive the industry on this.

Ken: The April issue is an amazing resource for the industry, I’m very pleased with the outcome. Thanks for poking me to make the April issue our Holistic Cybersecurity Issue.