You Might Like
On FacilitiesNet

Building Operating Management

SIDEBAR: 10 Questions FMs Should Ask About Cybersecurity

Part 4 of a 4-part cover story on cybersecurity and the BAS.

Billy Rios, an ethical hacker and head of WhiteScope, offers these “top 10” questions facility operators can ask themselves about BAS security:
1. Are our devices configured securely? 
How can we verify this?
2. Do we have a security policy deployed to 
all of our devices?
3. Are the log files being monitored for 
intrusion or malicious activity?  
4. How would we know if any of our devices 
have been compromised?
5. How can we confirm that the network segmentation or “air gap” is secure? (An air gap is a figurative phrase denoting, in this context, that a company’s corporate network — for servers and employees’ day-to-day work — and the building control system do not touch. If they do, says Fred Gordy, of Intelligent Buildings, it offers intruders a golden opportunity to pivot into the corporate network — “like waving a red shirt in a bull ring.”)

6. Are any of our devices facing the Internet? 
Have we confirmed this?
7. Are our devices patched with the latest 
version of vendor software? 
8. Do we know if any devices were recently replaced? 
If so, were they deployed in a way that matches 
our security policy?

9. Are any of our old devices deployed to 
locations we no longer manage?
10. How do we audit our devices in a 
cost-effective and repeatable way?

Contact FacilitiesNet Editorial Staff »

  posted on 7/18/2016   Article Use Policy

Related Topics: