Contact Us   |   Your Cart   |   Sign In   |   Join
Building Innovation 2014 Conference & Expo Program: Cybersecurity of Buildings Workshop

Cybersecurity of Buildings Workshop:
OT and IT Convergence – A New Paradigm

Monday, January 6, 1:30 pm – 5:00 pm

Buildings are becoming increasingly reliant on technologies that allow centralized monitoring and control of multiple building systems (such as building automation, fire and life safety, energy management, physical security, access control, etc.), to assist in accomplishing design and operational goals. Unfortunately, these new access points, including smart meters and enterprise energy management systems, have potential vulnerabilities. The traditional information technology (IT) and building systems operational technology (OT) are now converging into one data backbone and a new cybersecurity paradigm must now encompass these converged systems.

Since passage of the Federal Information Security Management Act (FISMA) in 2002, federal agencies have been required to meet stringent cybersecurity standards for traditional information technology (IT) systems. However, the development of protection and analysis standards for building control systems is only just beginning for the private sector. The challenge is that the cybersecurity standards and methods used for traditional IT processes are likely ineffective or even detrimental to building control systems.

In February 2013, President Obama issued the Executive Order "Improving Critical Infrastructure Cybersecurity” in response to the exponential rise in attacks against OT. It is essential for every organization to understand how an attack can compromise building systems; the tools cyber-attackers use; the potential damage that could occur; and how building owners and managers can respond and recover after a cyber-event.

The Cybersecurity of Buildings Workshop will provide an overview of building control systems; explain what federal agencies and the private sector are doing to develop standards, guidelines, and tools; offer best practices to help building owners, operators and maintainers create an Operations Center and Test and Development environment; and culminate in a live demonstration of a cyber-attack and defense on building control systems.

The fundamental concept attendees will come away with is, "Your systems will be attacked and compromised. You need Inbound Protection, Outbound Detection.


  • Michael Chipley, The PMC Group LLC
  • Lisa Kaiser, U.S. Department of Homeland Security (DHS) Industrial Control System Cyber Emergency Response Team (ICS-CERT)
  • Daryl Haegley, U.S. Department of Defense Business Enterprise Integration Office (TBD)
  • Michael Morris, Root9b
  • Robert Talbot, Parsons Government Services
  • John Saunders, Professor of Systems Management, National Defense University
Topics of Discussion:
  • Overview of Building Control Systems and Cybersecurity Efforts
  • Cybersecurity Initiatives and Tools
  • Attacking and Defending Building Control Systems and Networks

The presentations below are available as Adobe Acrobat PDFs. PDF

1:30 pm – 2:00 pm

Overview of Building Control Systems and Cybersecurity Efforts
Michael Chipley

2:00 pm – 3:00 pm

Cybersecurity Initiatives and Tools

Building Insecurity: the Industrial Control System Cyber Emergency Response Team (ICS-CERT) Cybersecurity Evaluation Tool (CSET)
Lisa Kaiser

Cybersecuring U.S. Department of Defense (DoD) Industrial Control Systems
Daryl Haegley (TBD)

Kali Linux
Michael Morris

Robert Talbot

3:00 pm – 3:15 pm


3:15 pm – 5:00 pm

Attacking and Defending the Building Control Systems and Networks

Network Reconnaissance, Universal Serial Bus (USB) Attack, Human Machine Interface (HMI) Spoofing
John Saunders

Accessing the Network through a Misconfigured Device, Password Cracking, Pivoting through the Network with Pass the Hash
Michael Morris

Water Plant Exploitation, Using Metasploit to Attack the Programmable Logic Controller (PLC)
Robert Talbot

U.S. Department of Homeland Security (DHS) Cybersecurity Evaluation Tool (CSET), Identifying an Intrusion, Incident Response
Michael Chipley

Community Search
Latest News

MMC Webinar: How Does Business Continuity Contribute to Community Resilience?

12/4/2016 » 12/8/2016

Workshop: Your Building Control Systems Have Been Hacked, Now What?

1/9/2017 » 1/12/2017
Building Innovation 2017 Conference & Expo