Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Integrating cyber into new construction and commissioning across asset classes
Corporate Real Estate Journal,
13
(3),
242-264
(2024)
Abstract
According to the majority, the phrase ‘smart building’ first appeared in the early 2000s. This was about the time that building control systems (BCS) were being connected to the Internet – but others believe it happened as early as the late 1970s. In the 1980s smart buildings were first referred to as intelligent buildings. In actuality, the first smart building came into existence many years before. The primary objectives of smart buildings are to make systems open to other systems and to make external connections for staff, service providers and analytic companies to help service and maintain these systems without impediment. In doing so, they have created a company’s largest attack surface. To help reduce this attack surface, new construction must be designed with cyber security controls. It is less expensive and easier to implement at this point. But this is only half of the equation. Post implementation, the system must also be checked to ensure that all cyber security controls have been properly configured using cyber commissioning.
Keywords: open protocol; proprietary systems; BACnet; LON Works; Modbus; application host; supervisory controller; field controller; smart building; Censys; Shodan
The full article is available to subscribers to the journal.
Author's Biography
Fred Gordy is a smart building industry expert and thought leader with 20 years’ experience in secure control system development and implementation for Fortune 500 companies throughout the USA and abroad. He is one of the first in the smart building industry to address the inherent risk that control system technology poses. He has authored and participated in more than 100 articles on building control cyber security with industry magazines, as well as the Wall Street Journal, CNBC and healthcare publications. His articles have been featured in the USA and abroad. In addition to publishing articles, for almost a decade, he led control system cyber security workshops and has been a passionate speaker and teacher on the subject of building control cyber security. In recent years, Fred has developed control system cyber security assessment methodologies and tools based on the International Society of Automation (ISA) 62443 and the Center for Internet Security (CIS). He currently serves on Building Cyber Security for Commercial Real Estate as a technical adviser, ISA99 as a technical adviser and UL/TIA SPIRE Smart Building Assessment as a technical adviser. He is a CS2AI Senior Fellow. Fred holds ICS-Cert, Honeywell, Tridium and Schneider certifications and has more than 20 years’ experience with control technology such as Siemens, Johnson Controls, Automated Logic, Trane and Carrier.
