Insider Reports

QUICK Sign-up

New Content Updates
Educational Webcast Alerts
Building Products/Technology Notices
Access Exclusive Member Content

All fields are required.

Building Operating Management

SIDEBAR: 10 Questions FMs Should Ask About Cybersecurity

Part 4 of a 4-part cover story on cybersecurity and the BAS.

By Ronald Kovach, managing editor July 2016 - Building Automation   Article Use Policy

Billy Rios, an ethical hacker and head of WhiteScope, offers these “top 10” questions facility operators can ask themselves about BAS security:
1. Are our devices configured securely? 
How can we verify this?
2. Do we have a security policy deployed to 
all of our devices?
3. Are the log files being monitored for 
intrusion or malicious activity?  
4. How would we know if any of our devices 
have been compromised?
5. How can we confirm that the network segmentation or “air gap” is secure? (An air gap is a figurative phrase denoting, in this context, that a company’s corporate network — for servers and employees’ day-to-day work — and the building control system do not touch. If they do, says Fred Gordy, of Intelligent Buildings, it offers intruders a golden opportunity to pivot into the corporate network — “like waving a red shirt in a bull ring.”)

6. Are any of our devices facing the Internet? 
Have we confirmed this?
7. Are our devices patched with the latest 
version of vendor software? 
8. Do we know if any devices were recently replaced? 
If so, were they deployed in a way that matches 
our security policy?

9. Are any of our old devices deployed to 
locations we no longer manage?
10. How do we audit our devices in a 
cost-effective and repeatable way?


Find us on Google+