Cybersecurity of Buildings Workshop:
OT and IT Convergence – A New Paradigm
Monday, January 6, 1:30 pm – 5:00 pm
Buildings are becoming increasingly reliant on technologies that allow centralized monitoring and control of multiple building systems (such as building automation, fire and life safety, energy management, physical security, access control, etc.), to assist in accomplishing design and operational goals. Unfortunately, these new access points, including smart meters and enterprise energy management systems, have potential vulnerabilities. The traditional information technology (IT) and building systems operational technology (OT) are now converging into one data backbone and a new cybersecurity paradigm must now encompass these converged systems.
Since passage of the Federal Information Security Management Act (FISMA) in 2002, federal agencies have been required to meet stringent cybersecurity standards for traditional information technology (IT) systems. However, the development of protection and analysis standards for building control systems is only just beginning for the private sector. The challenge is that the cybersecurity standards and methods used for traditional IT processes are likely ineffective or even detrimental to building control systems.
In February 2013, President Obama issued the Executive Order "Improving Critical Infrastructure Cybersecurity” in response to the exponential rise in attacks against OT. It is essential for every organization to understand how an attack can compromise building systems; the tools cyber-attackers use; the potential damage that could occur; and how building owners and managers can respond and recover after a cyber-event.
The Cybersecurity of Buildings Workshop will provide an overview of building control systems; explain what federal agencies and the private sector are doing to develop standards, guidelines, and tools; offer best practices to help building owners, operators and maintainers create an Operations Center and Test and Development environment; and culminate in a live demonstration of a cyber-attack and defense on building control systems.
The fundamental concept attendees will come away with is, "Your systems will be attacked and compromised. You need Inbound Protection, Outbound Detection.”
Topics of Discussion:
- Michael Chipley, The PMC Group LLC
- Lisa Kaiser, U.S. Department of Homeland Security (DHS) Industrial Control System Cyber Emergency Response Team (ICS-CERT)
- Daryl Haegley, U.S. Department of Defense Business Enterprise Integration Office (TBD)
- Michael Morris, Root9b
- Robert Talbot, Parsons Government Services
- John Saunders, Professor of Systems Management, National Defense University
- Overview of Building Control Systems and Cybersecurity Efforts
- Cybersecurity Initiatives and Tools
- Attacking and Defending Building Control Systems and Networks
The presentations below are available as Adobe Acrobat PDFs.