Highlights the Importance of Protecting Facilities, Building Occupants
From residential heating and automated entry systems to commercial facility monitoring systems of all kinds, buildings in the United States have seen a rise in the use of “smart” systems to improve their functionality in the past several years. Yet, with this increasing reliance on operational technology, very few people are aware of the potential threats from hackers and others with malicious intent. In a world where companies and individuals are increasingly at risk of having their personal data and assets compromised, it is imperative that building owners also protect their properties and building occupants from cyber threats and potential harm.
Internet-enabled building control systems provide critical services that allow a building to meet the functional and operational needs of building occupants. However, once installed, many of these systems have minimal protections to keep hackers out. Throughout 2015, the National Institute of Building Sciences is sponsoring a Cybersecurity Workshop series to help facility professionals learn how to make their buildings more secure and reduce the risks.
And the risks are severe: attackers can exploit these systems to gain unauthorized access to facilities; cause physical destruction of building equipment; be used as an entry point to infect or sabotage traditional information technology (IT) systems and data; and expose an organization to significant financial obligations to contain and eradicate malware or recover from a cyber event.
The Introduction to Cybersecuring Building Control Systems Workshop and the Advanced Cybersecuring Building Control Systems Workshop, both taught by Michael Chipley of The PMC Group LLC, are geared to help architects, engineers, contractors, owners, facility managers, maintenance engineers, physical security specialists, information assurance professionals—essentially anyone involved with implementing cybersecurity in the facility life cycle—to learn the best practice techniques to better protect their facilities.
Both the introductory and advanced workshops are built around key federal guidelines that have come out in recent years, including:
- Executive Order 13636—Improving Critical Infrastructure Cybersecurity (Issued February 19, 2013)
- National Institute of Standards and Technology (NIST) Cybersecurity Risk Management Framework (Issued February 12, 2014)
- NIST Special Publication (SP) 800-82 Rev. 2 Industrial Control Systems Security Guide Final Public Draft (Issued February 2015)
- U.S. Department of Homeland Security (DHS) Interagency Security Committee “Securing Government Assets through Combined Traditional Security and Information Technology” White Paper (Issued February 2015)
These new requirements will have a transformational impact on the traditional building design, construction, operation and protection of building control systems and will require facility and information assurance professionals to learn building control system cyber skills. The time to learn more about cybersecurity for building control systems is now.
Comments from Previous Workshop Attendees
“The course was a great way for security industry manufacturers and manufacturers of critical infrastructure components to gain a better understanding of both the certification landscape, as well as the common threats facing their systems/devices today. We plan to utilize the information gained at the workshop to raise awareness internally of common threats and exploits, as well as leverage some of the tools to recommend more effective, robust network designs as 'good practice' for our integrators.”
Peter Boriskin, Director of Product Management – Electronic Access Control, ASSA ABLOY Americas
“I personally found the workshop and information presented on tools and services available from Homeland Security and other agencies to be of high value. It covered a great amount of information in one day, providing an excellent overview of issues related to cybersecurity in buildings. I also found the internet-based pen test tools that can be used against buildings a bit frightening, but valuable to know about. I strongly recommend that anyone with an interest in cybersecurity for buildings attend.”
Bob Mealey, Chief Business Development Officer, Lynxspring Inc.“Cybersecuring Building Controls Systems is a hugely valuable class that opened my eyes to the very real risks of building-level cyber attacks. It's a must for building system and security professionals to become aware of this threat and how to protect against it. The instructor, Michael Chipley, is an expert in the field. During the one-day course he was able to simply and clearly walk us through this complex and important topic in a very understandable hands-on way.”
Dennis R. Shelden, AIA, PhD, Chief Technology Officer, Gehry Technologies
The Introduction to Cybersecuring Building Control Systems Workshop is geared to those professionals new to the world of building cybersecurity. This course provides a combination of classroom learning modules and hands-on laboratory exercises using tools. The Advanced Cybersecuring Building Control Systems Workshop is geared towards building and information assurance professionals who have experience in IT or control systems cybersecurity but need to learn how to apply those skills to building control systems. This course provides a more technical, in-depth training solution geared towards developing security professionals with the ability to approach security with an attacker mentality.
No matter the workshop, attendees will need a laptop with administrative privileges to load software. They will receive the course content, tools and lab exercises on a CD at the beginning of the course.
The Introduction to Cybersecuring Building Control Systems Workshop and Advanced Cybersecuring Building Control Systems Workshop will be held once per month throughout 2015. Registration for each workshop is $600 per person. Seating is limited to 20 students per day. View the full list of calendar dates.