By Greg Fitzpatrick, CxA | Business Development | Cochrane Supply & Engineering
Original post: automatedbuildings.com
For the last 2 years, Covid has sent the world’s economy into a tailspin and has introduced an incredible amount of uncertainty when it comes to how we conduct business and service our customers. We are also uncertain of what the long-term effects will be when the smoke clears and we reach, which feels like, an equilibrium in our respective business sectors.
Most analyst have found that sectors such as banking and healthcare were shaken, but not quite beaten by the pandemic. Other industries such as the restaurants and hospitality were not that fortunate. Experts across the globe are being asked, what are the greatest unknowns we face? How will we live and work in the post-pandemic future? How is Covid reshaping our society and will this last forever? All of these questions have experts calling for a shift in the way we do business or what is being called “The Great Reset.”
These questions have also prompted industries across the globe to look for solutions for this great reset, and the words “data and automation” seem to be at the forefront of every conversation.
We are now a society that has moved towards online shopping, software subscription services, in-home learning, virtual offices, home offices, hybrid work environments, more video conferencing and reduced international travel. All changes that require the support of a sophisticated technology platform. For instance, the traditional use of office space has declined and has forced building owners to pivot and look for ways to retain occupancy by enhancing their occupants experience using technology. Hardware and software solutions such as asset locators, personal wayfinders, UV disinfection technology, and building management systems that enable intelligent spaces and drive overall energy and building performance are becoming the norm. These applications and technology platforms require a method to move, store, share and analyze data as quickly as possible. The amount of data that is being moved, along with the speed required has created a need for BAS manufacturers to develop controllers that use IP technology.
We are rapidly approaching an era in which DDC communication protocols over RS-485 networks will be a thing of the past and everyone in our industry from designers to installers will have to get up to speed with IP controllers and the operational technology networks (OTN) that support them.
Although IP technology has its benefits, designing a secure network environment is paramount. Poor and careless planning of the network infrastructure can lead to cyber security risks and potential issues with critical building functions or sensitive business systems. The OT network should be designed in a manner that not only addresses first cost, but also places a high priority on cyber security. Best in breed products that are OT-focused should always be selected.
The OT network design also needs to include a cyber security solution that is OT-focused. Securing operational technology is different than securing information technology. IT security protects information and OT security protects control of critical devices, equipment and building systems. Traditional IT security manufacturers and vendors do not address OT-specific protocols, environments, equipment, or systems. They also don’t address specific vulnerabilities found across device and software manufacturers’ products that are typically found in an OT environment.
Products and solutions that are OT-focused tend to address network security needs with broad IoT solutions. A perfect example is that OT-focused solutions are designed to deter or detect what a typical IT firewall would miss. The typical IT firewall will defend traditional IT traffic at the enterprise edge, but not in the OT environment. An OT-focused solution is designed to defend in all directions and all the way down to the application control level.
Although product selection is vital, most security breaches are caused by lack of knowledge by the user, therefore it is highly recommended that a written cyber security plan be put in place and users receive extensive training on network security. A good cyber security policy should, at a minimum, include the following:
- Risk Management Objectives
- User Authorization Policy
- Password Policy
- User Removal Policy
- User Audit Policy
- Administrative Users Policy
- Internet Management
- Backup Policy
- Integration Platform Server Management Policy
- Remote Communications Policy
- Disaster Recovery Policy
- System Configuration Policies
- Subsystem Configuration Policies
As IoT, smart buildings, and IP devices promise powerful business outcomes from connected sensory-based solutions, the business challenge with OT is that cyber-attacks on these environments threaten both safety, productivity, and profitability. End users, facilities personnel, and system integrators need to protect against these threats to ensure operational safety and minimum downtime. With building systems becoming more interconnected, the exposure to cyber incidents increases. Attacks and disruptions on critical infrastructure put business reputation, production, people, and profits at risk. We live in a new reality in which if it’s connected, it needs to be protected.