As Building Automation and Control Systems (BACS) become embedded in the modern infrastructure of smart buildings, security and facility managers need to gain a better understanding of cybersecurity risks.
The BACS industry is expected to reach $104 billion by 2022 and is growing at the pace of 15 to 34% per year due to demand for energy efficiency and sustainability, increasing government regulation, and greater monitoring, control, and operability.
However, according to a report by the Continental Continental Automated Buildings Association (CABA) security and facility professionals may lack a comprehensive understanding of BACS cyber threats and risks
Building control and automation systems essentially converge, integrate and connect many different facility technologies through information flow to a single monitoring point.
While the primary purpose of BACS is to facilitate the flow of information and automated decision-making through connectivity deployment, they are formed from the integration of multiple devices, equipment and communication platforms which makes them more vulnerable to cyber-attacks due to an increased number of points of entry for potential intruders.
According to the study, 75% of security and facility professionals had an awareness of BACS architecture, but only 50% featured these risks management documentation. The study also found that most security and facility professionals displayed a limited understanding of technical elements that can result in critical vulnerabilities especially cyber attacks.
Part of the problem is a gap between the different occupational roles between facility operators, security professionals, and IT managers.
Facility professionals manage and operate building controls, security professionals predominately manage and run the security systems within the buildings and IT manage and operate the broader technical elements of the networked system architecture.
Compared with IT managers, most building security and facility professional lacked understanding of BACS cyber vulnerabilities.
The study revealed that what integration or BACS meant was too broad and undefined, and views among facility managers ranged depending on one’s professional role.
The report identified four ways to create more awareness among building staff to close the gap.
4 ways to increase awareness of BACS cyber vulnerabilities in office buildings
- Promote greater awareness of BACS and its threats and risks posed to the organization through the distribution of materials which are easy to read and understandable especially for nontechnical people.
- Improve cross-department communications, by creating working groups chaired by facilities managers which include vital stakeholders and advisors from security, cybersecurity industries
- Build partnerships with BACS experts, especially IT and cybersecurity professionals, and Integrators. These professionals may be in-house or “third party” contractors.
- Provide a general BACS guideline that is simple to read and apply as an aid to security and facility professionals.