SIDEBAR: 10 Questions FMs Should Ask About Cybersecurity

SIDEBAR: 10 Questions FMs Should Ask About Cybersecurity

Part 4 of a 4-part cover story on cybersecurity and the BAS.

By Ronald Kovach, managing editor  
OTHER PARTS OF THIS ARTICLEPt. 1: The Power and Convenience of Networked BAS Come With Cybersecurity Concerns As WellPt. 2: How Common Are Attacks Through The BAS? Pt. 3: Steps To Take To Improve BAS CybersecurityPt. 4: This Page

Billy Rios, an ethical hacker and head of WhiteScope, offers these “top 10” questions facility operators can ask themselves about BAS security:
1. Are our devices configured securely? 
How can we verify this?
2. Do we have a security policy deployed to 
all of our devices?
3. Are the log files being monitored for 
intrusion or malicious activity?  
4. How would we know if any of our devices 
have been compromised?
5. How can we confirm that the network segmentation or “air gap” is secure? (An air gap is a figurative phrase denoting, in this context, that a company’s corporate network — for servers and employees’ day-to-day work — and the building control system do not touch. If they do, says Fred Gordy, of Intelligent Buildings, it offers intruders a golden opportunity to pivot into the corporate network — “like waving a red shirt in a bull ring.”)

6. Are any of our devices facing the Internet? 
Have we confirmed this?
7. Are our devices patched with the latest 
version of vendor software? 
8. Do we know if any devices were recently replaced? 
If so, were they deployed in a way that matches 
our security policy?

9. Are any of our old devices deployed to 
locations we no longer manage?
10. How do we audit our devices in a 
cost-effective and repeatable way?

Contact FacilitiesNet Editorial Staff »

  posted on 7/18/2016   Article Use Policy

Related Topics: