Intelligent Buildings and Cybersecurity Rawlson O’Neil King CABA Communications Director IoT Emerge 2016 Chicago, IL
About CABA The Continental Automated Buildings Association (CABA) is a leading international, not-for-profit, industry organization that promotes advanced technologies in homes and buildings. Vision CABA advances the connected home and intelligent buildings sectors. Mission CABA enables organizations and individuals to make informed decisions about the integration of technology, ecosystems and connected lifestyles in homes and buildings. CABA Intelligent Buildings and Cybersecurity 2016
Benefits Competitive intelligence Collaborative research opportunities Efficient access to information Promotion of products and services World's largest research library Industry events and workshops Updated news and data Active industry councils Networking opportunities Marketing support Influence industry trends Cost savings in research and travel CABA Intelligent Buildings and Cybersecurity 2016
Research Program The CABA Research Program offers a range of opt-in technical and advisory research services designed to provide industry stakeholders with collaborative market research and R&D opportunities. Offers collaborative Landmark Research Projects and Boutique Multi-Client Research Projects CABA Intelligent Buildings and Cybersecurity 2016
Landmark Research Intelligent Buildings & Cybersecurity Landmark Research Report Evaluation of the state of cybersecurity in intelligent buildings Stakeholder analyses via in-depth interviews and directed surveys Value proposition evaluation for cybersecurity solutions An assessment of the future market direction and specific recommendations. CABA Intelligent Buildings and Cybersecurity 2016
Research Vendor CABA Intelligent Buildings and Cybersecurity 2016
Intelligent Building and Cybersecurity Study Funders CABA Intelligent Buildings and Cybersecurity 2016
Snapshot of an Intelligent Building CABA Intelligent Buildings and Cybersecurity 2016
Evaluation of Cybersecurity in Buildings CABA Intelligent Buildings and Cybersecurity 2016
Intelligent Building Macro Environment Source: Institute of Engineering Technology and Compass Intelligence Analysis. CABA Intelligent Buildings and Cybersecurity 2016
Standalone vs. Converged Building Systems Source: https://www.wbdg.org/resources/cybersecurity.php CABA Intelligent Buildings and Cybersecurity 2016
IT/Horizontal Convergence Source: CABA’s 2015 Intelligent Buildings and Big Data, International Association of Fire and Rescue Services, and BSRIA CABA Intelligent Buildings and Cybersecurity 2016
Selected Access Points for Cyber-Attacks – Where is the Risk? Source: Compass Intelligence. CABA Intelligent Buildings and Cybersecurity 2016
Protection Requirements Source: Compass Intelligence. CABA Intelligent Buildings and Cybersecurity 2016
Cybersecurity Threats Source: GAO analysis of unclassified government and nongovernment data. GAO-15-6,; Symantec. CABA Intelligent Buildings and Cybersecurity 2016
Cybersecurity Threats (continued) Source: GAO analysis of unclassified government and nongovernment data. GAO-15-6 CABA Intelligent Buildings and Cybersecurity 2016
Cybersecurity Threats (continued) Source: GAO analysis of unclassified government and nongovernment data. GAO-15-6,; Symantec. CABA Intelligent Buildings and Cybersecurity 2016
Profile of Cyber Attackers and Types of Attacks Carried Out (2015), North America Source: 2015 Verizon Data Breach Investigation Report CABA Intelligent Buildings and Cybersecurity 2016
NIST Framework Framework Core which includes a set of cybersecurity activities that are deemed common across various infrastructure sectors: Identify - Develop an organizational understanding to manage cybersecurity risk to systems, assets, data and capabilities. Protect - Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. Detect - Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. Respond - Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. Recover - Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.” Source: National Institute of Standards and Technology, NIST CABA Intelligent Buildings and Cybersecurity 2016
Survey Details The survey was conducted in August 2015. The survey involved 939 people who started the survey, 543 of these qualified for the survey and a total of 502 completed it in it’s entirety. The survey ran for one week. Qualified respondents were involved in company’s IT or facility management and currently have or plan to purchase cybersecurity solutions. CABA Intelligent Buildings and Cybersecurity 2016
Survey Respondent Profile Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Survey Respondents by Size of Business Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Change in Severity of Building/Facility Security Incidents Over Last 12 Months Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Importance of Cybersecurity Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Truths of Those in the Market Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Building Elements Perceived to be at High Risk Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Top Areas of Concern for Securing and Protecting Buildings/Offices Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Availability of Resources and Skills to Tackle Cybersecurity Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Readiness Level by Group Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
What is Being Done to Reduce Risk? Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Perceived Sources of Cyber Threat Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Most Spend between 5-20% of IT Budget on Cybersecurity Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Changes in Security Budget from 2014 to 2015, Survey Results Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Percentage Increase in Cybersecurity Budget Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Global Cybersecurity Revenues Market, 2015-2022 (In Billions) Source: Compass Intelligence, 2015 CABA Intelligent Buildings and Cybersecurity 2016
Willingness to Pay for Cybersecurity Source: Compass Intelligence ‘s Intelligent Building and Cybersecurity, Landmark Research 2015. CABA Intelligent Buildings and Cybersecurity 2016
Key Recommendations & Final Thoughts Building owners and operators Understand both intra and inter-system integration (IT and OT systems), including understanding the differences among industries and building types. Understand and identify the preparedness level that is needed to protect against the risk of BMS/BAS-related cybersecurity. Strong collaboration and coordination is required among all building stakeholders, including building control systems’ vendors and cybersecurity vendors. Stringent policies and procedures to guard both IT and OT against cybersecurity threats must be implemented. Cybersecurity is not just a technology issue; it is also a “people” issue. A comprehensive cybersecurity plan is critical and must include all threats, including employees, tenants, and even ex- employees. Education of building owners and facility managers about cybersecurity issues. IP and cloud-enabled buildings - Need to protect and secure both the IT and OT networks Security starts with the building systems companies and products, and it ends with the customer. Again, focus on securing endpoints, connectivity, applications/data, and implementing threat management solutions. CABA Intelligent Buildings and Cybersecurity 2016
Key Recommendations: Building Owners, Administrators, Managers Work closely and cooperatively with IT managers Perform full assessments of all systems, software, and equipment, focus on IP-enabled, VPN connected, and other vulnerabilities Get educated around building system vulnerabilities Be aware of financial loss, risk, and insurance requirements of cyber-attacks Understand standards Work with BMA/BAS vendors and IT vendors collaboratively CABA Intelligent Buildings and Cybersecurity 2016
Key Recommendations: IT Managers Understand what systems are connected to the IT network and OT network, including building systems IP-enabled may be a point of attack Have well-defined, well-enforced protocol for adding building systems equipment and devices to the network Performing assessments and audits, have structured security plan in place Understand emerging intelligent building trends Understand standards Evaluate the risks involved by not separating the IT and OT network CABA Intelligent Buildings and Cybersecurity 2016
Key Recommendations: Intelligent Building Products & Services Vendors (BMS/BAS) Embedded security is becoming more imperative in today’s product development of IoT Understand end users, market trends, and related technologies and solutions Education and cybersecurity expertise should also start with you Stay ahead and know complexities and security risks of your products Understand emerging intelligent building trends Understand standards CABA Intelligent Buildings and Cybersecurity 2016
Reducing Risk & Next Steps to Prepare Securing and hardening wireless and IP networks Stricter authentication and access management Further security protocols to restrict access Security software and ongoing updates and maintenance Separation of the IT and OT networks Other planned measures to harden the building system’s infrastructure and networks CABA Intelligent Buildings and Cybersecurity 2016
Key Pillars to Success for Intelligent Building and Cybersecurity Market (2015), North America CABA Intelligent Buildings and Cybersecurity 2016
Action Items to implement today! Policy Steps VPN connections Unidirectional gateways Standards based security hardware and software Complex and routinely changing passwords Independent 3rd party audits Data encryption to ensure privacy and protection against data thefts Network monitoring and analysis tools that focus on network connections and traffic specifically related to OT NIST Framework and recommended whitelisting techniques that only provide access to approved/authorized parties CABA Intelligent Buildings and Cybersecurity 2016
More Information Cyber security for intelligent buildings Engineering & Technology Reference, 2016, 6 pages Rawlson O'Neil King April 2016 http://bit.ly/29hRaqg CABA Intelligent Buildings and Cybersecurity 2016
Continental Automated Buildings Association (CABA) 613. 686 Continental Automated Buildings Association (CABA) 613.686.1814 Toll free: 888.798.CABA (2222) Fax: 613.744.7833 caba@caba.org www.CABA.org www.twitter.com/caba_news www.linkedin.com/groups?gid=2121884