[an error occurred while processing this directive]

One Million! Tridium is approaching the milestone of one Million instances of Niagara Framework installed globally —and that count just includes the licenses of our open-protocol building management system sold since 2005, about when Niagara AX was introduced. This should be a celebration for the entire community of Niagara facility managers, contractors, business partners, OEMs, and so many systems integrators who create, build, support, and manage innovative spaces using the Niagara Framework. 

In 2015, more than half a decade ago now, Tridium launched the Niagara 4 Framework and the JACE 8000, while still supporting our legacy framework product, Niagara AX.  Over the last six years, while we continued to release security fixes and updates for Niagara AX, we continued to build new features and cyber-defense capabilities into new releases of Niagara 4 that we were unable to add to our legacy product.  On July 1, 2021, that legacy product - Niagara AX - will reach its end-of-life, which is a long run for any software-based technology!

Given the large Niagara install base and the large community of Niagara distributors, system integrators, contractors, specifiers, developers, and equipment manufacturers with Niagara-based controller lines, it should come as no surprise to Facility Managers overseeing a portfolio of buildings that they have one or more Niagara networks in place. What is surprising and deeply concerning, however,  is that some of these deployments continue in their building management role with no regular cadence of software updating—even without vital cyber defense upgrades and patches.  

This is a problem.

In today’s rapidly evolving cyber threat landscape where we have seen attacks on IT and OT networks alike, malware and ransomware have grown to a multi-billion-dollar criminal industry, threatening virtual every organization with a building.   To be fair, our industry has challenges - real estate changes hands, and the changing roles and responsibilities of stakeholders often leads to unintentional neglect of OT networks. It is not unusual for a new facility manager to find they have inherited responsibility over a Niagara network, realizing they don’t know what they have, what versions of software they are running, and what passwords they need to access their own systems.

Nevertheless, facility managers should know there are dangers in running outdated, unsupported software and that such BAS systems are exploitable.  Many times, they foolishly think their networks are safe running outdated software  because they are “air-gapped” or “disconnected”, and unfortunately, far too many cyberattacks have proven that victim OT networks are much more complex and had more connections than leaders realized.  After an attack, enterprise risk managers advise them to migrate to a new release once they realize their exposure, but by then, it’s often too late, and the “if it ain’t broke, don’t fix it” attitude typically leads to mounting expenses in the form of equipment downtime (or failure), lost revenue, legal ramifications, lost business, and unhappy occupants.

Other facility managers are often fooled into buying “band-aid” security fixes, coupling new or existing security solutions with outdated, unsupported systems, thinking that this will forestall the need to upgrade. While this approach often looks compelling as a perceived cost-savings measure,  it is often problematic and can be disastrous. What people don’t realize is that often, many of these security solutions are invasive to OT systems and threaten current building operations. Many approaches that couple vulnerable systems with add-on security technology even expose the organizations to cyber threats themselves, resulting in unintended costs that are far more than the costs of upgrading. 

There is no substitute for upgrading outdated Niagara systems to Niagara 4. Over the past six years, Tridium has built in so many new features and capabilities that could not be added to AX, and many of the capabilities relate to cybersecurity protection. Digitally-signed code and secure boot for ransomware and malware protection, Single Sign-On that simplifies security account management, customizable security audit logging, and a customizable Security Dashboard that provides insight into the security of all of your connected Niagara 4 systems – are just a few of the capabilities we have added in order to protect our customer base (You can find a list with descriptions here.).  And while cyber security is one good reason to upgrade your Niagara network, there are a host of other ways that Niagara 4 has improved upon AX.  Current Niagara 4 customers are taking advantage of the building industry’s best platform for device connectivity and data normalization. These Facility Managers are armed with the capabilities needed to acquire and unlock operational data from device-level and equipment-level silos, using the information to drive energy savings, comfort levels and other efficiencies across their properties.

Don’t delay upgrading or replacing systems that are no longer supported or updated—and don’t listen to anyone who advises you otherwise. There are no short-term band-aids that allow a facility manager to, in good conscience, ignore the wide-open vulnerabilities in older systems.  As the number of Niagara instances grow to one million – and beyond – we want all of our stakeholders to have healthy and secure networks.  It is time to upgrade to Niagara 4.

Kevin T. Smith is the Chief Technology Officer (CTO) of Tridium and a Fellow in Honeywell’s Cyber Organization. The author of seven technology books on the subjects of cybersecurity, semantic interoperability, and software engineering, he is a frequent speaker at industry conferences on various topics, including a focus on cybersecurity and building control systems. For more than 25 years, Kevin has led technology organizations and endeavored to develop highly secure, data-focused software solutions for a wide variety of customers, including US government and commercial industry.