Hi. Welcome to Ingram Micro.

Please choose your role, so we can direct you to what you’re looking for.

If you’d like to learn more about Ingram Micro global initiatives and operations, visit ingrammicro.com.

Building Management System Security

October 26, 2021

Building Management System Security
 
powered by Sounder


Smart building technology has evolved over the last few years. In fact, we are putting all kinds of IoT technology into our buildings today to make them more energy efficient, reducing our carbon footprint and so much more.

The evolution of building technology has also led to an evolution of the infrastructure that supports it—and this new connected infrastructure means that buildings are susceptible to attacks the likes of which they never had to worry about before.

Shelby Skrhak speaks with Michael Rothschild, Director of OT Solutions at Tenable, about:

  • Cyber security risk in smart building technology
  • Most common vulnerabilities with building management systems
  • Three things you need to know about building management system securit
  • How Tenable helps with mitigating risk

Cyber security risks

There are two major systems in place in smart buildings:

  • Operational technology (OT)
  • IoT devices

In the past, these systems were closed off. They were not connected to the internet and people didn’t have any control. In essence, they were an air-gapped system.

Today, they are connected, which means they have become a potential new attack surface.

Common vulnerabilities

It is no longer necessary for bad actors to be present in a room to cause havoc. Now, they simply need to connect into the building system.

“Attackers are taking advantage of what we call IT and OT convergence,” Michael says.

A building may have security on both the IT and OT side, but those systems often don’t talk to each other. So an attack that begins on one side can easily creep over to the other side.

That lack of visibility is a major issue.

Another issue is that OT systems cannot be taken down for maintenance as frequently as IT systems. That’s because they often run critical operations. For example, you really can’t take HVAC offline in a hospital.

As a result, vulnerabilities keep piling up rather than being identified and patched.

Top 3 considerations

  1. It’s not a doomsday scenario. There’s great security out there to address your needs today. However, it’s important to take steps to secure your system before it’s too late.
  2. OT systems, like building management systems, are open today. Just because your OT system may be air-gapped, there’s still the possibility of an accidental convergence.
  3. Your security products should create an “ecosystem of trust.” Choose products that play well together.

Tenable OT

Tenable is known for their management and vulnerability assessment products, but they work in many other areas as well.

For example, Tenable OT is a product that provides visibility, security and control across your OT environment—more importantly, it plays well with all of your other systems.

The big takeaway is you want to be forward compatible.

“Make sure whatever you deploy today has that scalability,” Michael says, “because we don’t know what’s coming next.”

For more information, contact Amy White or visit tenable.com.

To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk

 Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify, Apple Podcasts, or Stitcher. Or, tune in on our website.