CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO...

11
CYBERSMART BUILDINGS Securing Your Investments in Connectivity and Automation JANUARY 2018

Transcript of CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO...

Page 1: CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO SOLUTIONS ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OCCUPANTS INTERACT

CYBERSMARTBUILDINGSSecuring Your Investments in Connectivity and Automation

JANUARY 2018

Page 2: CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO SOLUTIONS ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OCCUPANTS INTERACT

WELCOME

1

STEVE BRUKBACHERApplication Security ManagerGlobal Product SecurityJohnson Controls

Page 3: CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO SOLUTIONS ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OCCUPANTS INTERACT

2

WHY ARE WE HERE TODAY?

Yesterday:Partial Connectivity

Today:Smart Buildings

Tomorrow:Smart Cities

1. All industries are making smart building investments (seeking reward)

2. Cyber incidents threaten the smart building value proposition

3. Cybersecurity must become a core tenant of building design and operations (to guarantee that investment)

BOTTOM LINE

Page 4: CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO SOLUTIONS ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OCCUPANTS INTERACT

3

BUILDINGS ARE EVOLVING

ON THE OUTSIDE, SMART, DATA-DRIVEN SOLUTIONS MAY NOT BE APPARENT.

BUT CONNECTIVITY IS CREATING VALUE FOR BUILDING OWNERS AND OPERATORS.

Infographic credit: Johnson Controls

Page 5: CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO SOLUTIONS ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OCCUPANTS INTERACT

4

CONNECTING OCCUPANTS TO SOLUTIONS

ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OC CUPANTS INTERACT – SAVING ENERGY, INCREASING SECURITY AND OPTIMIZING OPE RATIONS.

HEALTHCARE GOVERNMENT

HIGHER EDUCATION TRANSPORTATION

K-12 EDUCATION COMMERCIAL BUILDINGS

• Real-Time Location Systems (RTLS)• Critical temperature control• Operating room environments• Electronic record-keeping• Integrated patient care

• Streaming video management• Campus-wide system alerting• Mobile-friendly presentation spaces• Integrated class registration• Optimized lighting

• Smart whiteboards• Optimized lighting• HVAC, data-driven building management• Space scheduling integration• District-wide performance tracking

• Access controls & physical security• Energy management• Sensitive environment monitoring• Smart infrastructure• Integrated asset tracking

• Real-Time Location Systems (RTLS)• HVAC temperature control• Physical security• Passenger identification systems• Arrival/departure prediction

• Access controls & physical security• HVAC temperature control• Energy management• Real-time data analysis• Meeting space optimization

Page 6: CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO SOLUTIONS ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OCCUPANTS INTERACT

5

INVESTMENT AT RISK

NEW VALUE PROPOSITION

ANTICIPATED INVESTMENT BREAKS

APART

CYBER RISKS

Denial of Service Attack

Vendor IoT Product Compromise

Occupant Data Theft

Hijack of Command & Control App

Automated Management

Predictive Maintenance

Energy Efficiency

Asset Location Finding

SECURITY IMPERATIVE

▪ Pervasive connectivity means more vulnerabilities across a larger attack surface

▪ Many threat vectors can potentially harm connected infrastructure

▪ Occupant health/safety and environment now depends on cyber security

Page 7: CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO SOLUTIONS ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OCCUPANTS INTERACT

6

FACING OUR CURRENT REALITY

Source: Kaspersky Lab ICS CERT, Threat Landscape for Industrial Automation Systems in the Second Half of 2016

SOURCES OF THREATS TO INDUSTRIAL COMPUTERS

RELEVANT CYBER INCIDENTS

LARGE INTERNET SEARCH PROVIDERResearchers hack building control system of key facility; able to obtain command and control

CHINESE HOTELHacker infiltrated hotel room automation system via WiFi; established ability to manipulate room control systems and steal customer data

INTERNET DOMAIN NAME SYSTEM PROVIDERLargest distributed denial-of-service (DDoS) attack in history uses massive number of compromised IoT devices to swarm its target and cause major internet outages

REPORTED INDUSTRIAL CONTROL SYSTEM VULNERABILITIES

Source: ICS-CERT 2015 Annual Vulnerability Coordination Report

Page 8: CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO SOLUTIONS ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OCCUPANTS INTERACT

7

Evolving Guidance:

BUILDINGS NEED TO BE CYBERSMART

1. Security by design for new; retrofit options

for established buildings

2. IT and operational technology (OT) assets

are mapped and zoned for risk

management

3. Vulnerability management function in

place for connected devices and

infrastructure

4. Passive monitoring for critical assets to

understand non-baseline anomalies (e.g.,

network scanning, controller re-flash)

5. Cyber incident response plan is developed

and exercised by relevant stakeholders

WHAT’S A CYBERSMART BUILDING? WHO PLAYS A ROLE?

Page 9: CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO SOLUTIONS ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OCCUPANTS INTERACT

8

Lifecycle Phase

Cyber Capabilities

Acquisition

Consider Security Requirements

Assess

Deployment Build in Security

Operations & Maintenance

Update Regularly

Test, Monitor, & Respond

KEY CONSIDERATIONS FOR TAKING ACTION

Observe and orient around your specific challenge

1

Forget old silos — cybersecurity requires cross-functional teaming

2

Change the culture — speak up for cybersmart buildings3

Build the right capabilities to enable – not hinder – smart

building adoption4

Finally, get operational5

WHAT TO DO

Page 10: CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO SOLUTIONS ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OCCUPANTS INTERACT

9

Q&A

Page 11: CYBERSMART BUILDINGS€¦ · Infographic credit: Johnson Controls. 4 CONNECTING OCCUPANTS TO SOLUTIONS ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OCCUPANTS INTERACT

THANK YOU

10

FOR MORE INFORMATION:

BOOZALLEN.COM/CYBERSMART

JOHNSONCONTROLS.COM/PRODUCTSECURITY

STEVE BRUKBACHER

[email protected]