BEWARE OF GSX LIST AND HOUSING SCAMMERS – view the official ASIS/GSX vendors

Cybersmart Buildings: Investments in Connectivity and Automation

By Jason Rosselot, CPP, CISSP

Your building is talking.

Can you quiet it down before hackers hear?

“Door held open.” “Object left behind.” “Access granted.” Building systems—from security and life safety systems to building automation and controls—generate and process data 24/7/365. Today’s buildings and the people, assets, and information protected by them are comprised of systems of systems and networks of networks. Unfortunately, most security professionals don’t speak the language of IT and cyber, and as a result, those buildings and everything in them is left vulnerable.

Is the answer to have IT take over building systems? Should the security department focus only on mechanical keyed locks and physical barriers? Do we even have keyed locks anymore? The answers are resoundingly “no”, “no”, and “yes”. While building systems are becoming increasingly connected and often leverage much of the IT infrastructure that the rest of the organization relies on, there is no reason the security department shouldn’t evolve to effectively manage their own systems and devices. Everyone in the security department doesn’t need to run out and get a Cisco certification, but clearly there is a need for at least one person on the team to take on the mantel of “security technologist.”

When Booz Allen Hamilton, who staffs a tremendous amount of the U.S. offensive cyber capability, and Johnson Controls, who helped launch the building controls industry, began discussing the cybersecurity posture of critical building systems, it was apparent to both companies that from the manufacturer to the integrator, and finally sitting with the customer, the need to raise awareness and educate was at a critical juncture. The tremendous benefits of connectivity and automation in building systems are increasingly becoming at risk as the key stakeholders in the ecosystem of building are unaware of how their action or inaction to design, develop, and deploy systems with cybersecurity built in are increasing their risk. In the case of security and life safety systems, the very systems purchased to protect assets may actually be putting those assets at risk.

Join me at 3:30 p.m. on Tuesday, September 25th at Global Security Exchange (GSX) for Session #5326, Cybersmart Buildings: Investments in Connectivity and Automation.