managing a both at gsx and selling goods for good reasons.€¦ · infographic credit: johnson...
TRANSCRIPT
WELCOME
JASON ROSSELOTDirector, Product CybersecurityJohnson Controls
RYAN NOLANManager, Public RelationsJohnson Controls
MATTHEW DOANCyber Strategist, Commercial Solutions PracticeBooz Allen Hamilton
WHY ARE WE HERE TODAY?
Yesterday:Partial Connectivity
Today:Smart Buildings
Tomorrow:Smart Cities
1. All industries are making smart building investments (seeking reward)
2. Cyber incidents threaten the smart building value proposition
3. Cybersecurity must become a core tenant of building design and operations (to guarantee that investment)
BOTTOM LINE
BUILDINGS ARE EVOLVING
ON THE OUTSIDE, SMART, DATA-DRIVEN SOLUTIONS MAY NOT BE APPARENT.
BUT CONNECTIVITY IS CREATING VALUE FOR BUILDING OWNERS AND OPERATORS.
Infographic credit: Johnson Controls
CONNECTING OCCUPANTS TO SOLUTIONS
ACROSS INDUSTRIES, TECHNOLOGY IS REDEFINING HOW BUILDINGS AND OC CUPANTS INTERACT – SAVING ENERGY, INCREASING SECURITY AND OPTIMIZING OPERATIONS.
HEALTHCARE GOVERNMENT
HIGHER EDUCATION TRANSPORTATION
K-12 EDUCATION COMMERCIAL BUILDINGS
• Real-Time Location Systems (RTLS)• Critical temperature control• Operating room environments• Electronic record-keeping• Integrated patient care
• Streaming video management• Campus-wide system alerting• Mobile-friendly presentation spaces• Integrated class registration• Optimized lighting
• Smart whiteboards• Optimized lighting• HVAC, data-driven building management• Space scheduling integration• District-wide performance tracking
• Access controls & physical security• Energy management• Sensitive environment monitoring• Smart infrastructure• Integrated asset tracking
• Real-Time Location Systems (RTLS)• HVAC temperature control• Physical security• Passenger identification systems• Arrival/departure prediction
• Access controls & physical security• HVAC temperature control• Energy management• Real-time data analysis• Meeting space optimization
INVESTMENT AT RISK
NEW VALUE PROPOSITION
ANTICIPATED INVESTMENT BREAKS
APART
CYBER RISKS
Denial of Service Attack
Vendor IoT Product Compromise
Occupant Data Theft
Hijack of Command & Control App
Automated Management
Predictive Maintenance
Energy Efficiency
Asset Location Finding
SECURITY IMPERATIVE
Pervasive connectivity means more vulnerabilities across a larger attack surface
Many threat vectors can potentially harm connected infrastructure
Occupant health/safety and environment now depends on cyber security
FACING OUR CURRENT REALITY
Source: Kaspersky Lab ICS CERT, Threat Landscape for Industrial Automation Systems in the Second Half of 2016
SOURCES OF THREATS TO INDUSTRIAL COMPUTERS
RELEVANT CYBER INCIDENTS
LARGE INTERNET SEARCH PROVIDERResearchers hack building control system of key facility; able to obtain command and control
CHINESE HOTELHacker infiltrated hotel room automation system via WiFi; established ability to manipulate room control systems and steal customer data
INTERNET DOMAIN NAME SYSTEM PROVIDERLargest distributed denial-of-service (DDoS) attack in history uses massive number of compromised IoT devices to swarm its target and cause major internet outages
REPORTED INDUSTRIAL CONTROL SYSTEM VULNERABILITIES
Source: ICS-CERT 2015 Annual Vulnerability Coordination Report
Evolving Guidance:
BUILDINGS NEED TO BE CYBERSMART
1. Security by design for new; retrofit options
for established buildings
2. IT and operational technology (OT) assets
are mapped and zoned for risk
management
3. Vulnerability management function in
place for connected devices and
infrastructure
4. Passive monitoring for critical assets to
understand non-baseline anomalies (e.g.,
network scanning, controller re-flash)
5. Cyber incident response plan is developed
and exercised by relevant stakeholders
WHAT’S A CYBERSMART BUILDING? WHO PLAYS A ROLE?
Lifecycle Phase
Cyber Capabilities
Acquisition
Consider Security Requirements
Assess
Deployment Build in Security
Operations & Maintenance
Update Regularly
Test, Monitor, & Respond
KEY CONSIDERATIONS FOR TAKING ACTION
Observe and orient around your specific challenge
1
Forget old silos — cybersecurity requires cross-functional teaming
2
Change the culture — speak up for cybersmart buildings3
Build the right capabilities to enable – not hinder – smart
building adoption4
Finally, get operational5
WHAT TO DO
Q&A