Building Automation Systems Security - Learning from Industrial System Practices

By Eric Cosman

ARC Report Abstract

With advances in various technologies, building automation systems have become both more capable and sophisticated. With the recent emphasis on “smart buildings,” part of the broader theme of smart infrastructure, this trend will continue and is even likely to accelerate. Broadly available technologies in areas such as control and networking have become com-mon, and various elements of building infrastructure (e.g., HVAC, lighting, etc.) are increasingly integrated. Capabilities such as remote monitoring and control have become commonplace as facility managers have looked to improve effectiveness and productivity.

These and other themes should sound familiar to those of us who work with industrial control systems (ICS). They are identical to the developments and trends that we have been dealing with for years, as industrial systems have been transformed to use commercial technology and pro-vide increased internal and external integration.

For this reason, those providing, configuring and operating building management systems can expect to encounter similar challenges when trying to secure their systems. In fact, common operating systems and other systems software, combined with increased network connectivity, presents building systems to a much wider potential audience, making them more vulnerable to probing and possible attack.

ARC Advisory Group clients can view the complete report at ARC Client Portal on Office 365 or or New Client Portal on this website

If you would like to buy this report or obtain information about how to become a client, please Contact Us

Keywords: Automation, Cybersecurity, Infrastructure, Smart Buildings, ARC Advisory Group.






Engage with ARC Advisory Group