Notice
  • EU e-Privacy Directive

    This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

    View e-Privacy Directive Documents

Building Management Systems (BMS) Must Now Integrate Cybersecurity

By Terry Edwards, Director of Real Estate at Jelf

How to effectively monitor and configure building management systems (BMSs) continues to emerge as an issue in the management of property.

The threat of cyber- attacks on BMS systems is increasingly becoming a very real risk issue.
Typically building and access control systems are computers that monitor and control building operations, such as air-conditioning, electrical power, electronic card reading, lifts, fire alarms and fire suppression systems, heating, lighting, ventilation and surveillance. Advances in building technology means these systems are invariably linked to all manner of other services and the internet.
Its these very advancements in technology and the ever increasing reliance on automation and remote operations that is exposing these systems to possible cyber-breaches and full on attacks.
Most BMS systems are typically not designed with cyber security in mind. Although, increasingly experts have started to alert real estate and building owners and managers that such systems are vulnerable to external penetration.
The advent and development of more sophisticated insurance and risk mitigation technics means that options now exist to help defend against cyber threats to BMS systems.

Smart(er) Buildings And Their Heightened Exposure
Centralised building management systems are now integrated and connected into other building systems, these in turn are connected to a network ring with IT data centers and remote access servers used via open protocols and clear access.
Building owners, managers and FM providers have seen huge advantages in the “usability” of these systems but they are also highly susceptible to cyber risks as they are more complex and interconnected into IP networks which leaves them inevitably more exposed.
Heating, lighting and security in most buildings are generally not being developed with technology designed to be connected into cross building IT networks. In fact, designers and decision makers in charge of facilities (Heating, lighting, security) or smart building systems can often consider the risks of cybersecurity to be irrelevant and non-critical.
Equipment failures are not new and these incidents have already been reported hundreds of times and redundancy techniques used by specialists in operational safety are effective methods for managing these risks but they do not cover the risks of cyberattacks.
‘It seems unlikely that two redundant systems would break down at the same time; however, a hacker can take control of two systems simultaneously’

Why Does Cybersecurity Play Such An Important Role In BMS?
In 2013 one of the largest retailers in the United States was hacked and had debit and credit card data corrupted from close to 110 million accounts. How did the criminals gain access to the system? A flaw in the network of an HVAC (Heating, Ventilation and Air-Conditioning) system that had been, connected to the building to control their heating and air conditioning installations.
Even a business of this size with a secure BMS should have been able to prevent considerable damage, however the virtual intruders were able to by-pass via the third-party attachment to the system any cyber defenses that might have been in place.
Ultimately, everything can be hacked. Outsiders can take control of all connected systems to turn off lights, trigger a fire alarm and cause panic, add external users to access controls, interfere with the HVAC system to knock staff off their guard and even disrupt machines, or to deactivate the CCTV system to allow an intruder to enter, and the list goes on.
The ability, or inability to control and block these systems can have a direct impact on people’s safety, a company’s performance and reputation. How would a company run if its employees couldn’t enter the building? If a breach can be quickly brought under control damage and disruption can be mitigated, although there is still the possibility of damage to systems that depend on constant power such as generators and 24-hour market economies.
These risks can also evolve to any smart systems reliant assets, economies or lifestyles such as: Smart Public Services, Smart Cities, Smart Homes.
The advantages of ICT for ICS and BMS installations and for future smart systems are undeniable and nobody would think twice about going back on this system. Using new technology from the conventional IT world means we have to come to terms with the constraints that come with it.
Retro actively dealing with these issues can be costly and complex especially if they have not been factored into protocols at design phase. This is also the case for older assets that were built at a time when cybersecurity awareness and the ability to transfer and manage these risks was limited.
Fortunately, as well as sophisticated mitigation technics a number of risk management and insurance option now exist. Insurance protection for the risks that owners and managers of real estate face is now readily available through insurance intermediary’s, or direct insurance companies.
Typically, a Cyber Insurance policy would provide protection for the following eventualities:
Forensics After a breach has occurred, expert forensics can determine what has been affected and how it can be contained, repaired or restored.
Legal and Public Relations expert legal and PR consultants can formulate a plan to contain reputational damage. The cover provides payment for costs you may incur for a PR consultant to avert or mitigate damage to your brand and business operations.
Notification Any ‘data subject’ affected by the breach will need to be notified, and credit monitoring put in place to prevent further losses.
Fines and investigation professional support to help prepare for any investigations you are subject to. A cyber policy can also cover payment of insurable fines and penalties imposed upon you.
Cyber business interruption this can cover you for loss of business income resulting from the total or partial interruption, degradation in service, or failure of information and communication assets.
It’s easy to think that the only risk you face is from hackers. In reality, human error – such as losing a laptop or a mobile loaded with client data and passwords can be just as destructive.
Cyber liability insurance can ensure you’re not just covered for incidents caused by external forces. Your customers, your data, and even your reputation (arguably the most valuable thing to your company) can also be covered for a range of internal as well as external eventualities.


 

OPTEX to demonstrate enhanced perimeter security and boundary protection at INTERSEC

OPTEX, the leading sensor manufacturer, will demonstrate its recently enhanced long-range RLS-3060 LiDAR series live on its stand, as well as showcase its new 180-degree outdoor sensor ideal for boundary protection.
“OPTEX’s LiDARs have been successfully deployed in the Middle East region for years, for a number of applications ranging from perimeter security to roof and asset protection. At this year’s Intersec we are looking forward to showing the new functionalities of our long-range REDSCAN series which will make it more flexible and compelling for perimeter security,” says Gaurav Mahajan, Divisional Manager for OPTEX in Middle East.
The long-range RLS-3060L has a detection range of up to 30 metres, and now features four detection areas that can be independently adjusted via an analogue connection, and up to eight areas that can be adjusted via an IP connection. The inclusion of Area Allocation and Masking functions enable these detection zones to be precisely defined.
The advanced RLS-3060-SH model has been designed for harsher environments and extends the detection area to 50m radius in horizontal mode. When in vertical detection mode, it can detect a standing or squatting person over 100m away.
The event is also the opportunity for OPTEX to showcase its new 180-degree outdoor sensor, ideal to protect the boundary of residential and commercial premises. The new WXI 12m 180-degree outdoor PIR has left and right alarm outputs that trigger alarm signals from both sides individually, making it ideal for PTZ activation, direction, recognition and changing detection pattern by day and night. The WX Infinity series features advanced Super Multidimensional Analysis (SMDA) logic to differentiate between human beings and animals, advanced temperature compensation, an area masking shutter, and a single or dual pulse count. The new series is available as both hard wired and battery-operated models.
“With the launch of our new 180-degree PIR, we are complementing our boundary protection range,” says Masaya Kida, Managing Director of OPTEX EMEA. “We are now able to offer single sided and double sided curtain PIRs, 90-degree volumetric and 180-degree volumetric sensors, covering all areas around the building.”
Also, on the stand OPTEX’s sister company Fiber Sensys will be showcasing its compact radar range which offers object tracking and object categorising that differentiates between vehicles, people and drones. It complements its fibre optic perimeter fence detection system by offering protection for wide open areas.
Masaya says the company is looking forward to exhibiting again at Intersec and having the opportunity to present its range of perimeter protection sensors: “A delegation from OPTEX EMEA will be attending the show including technical engineers, marketing specialists, Middle East and Africa sales managers, and our Strategic Alliance Manager.
“This gives visitors to Intersec a great opportunity to connect with the OPTEX team and discuss their projects.”


 

Camfil welcomes Clean Air Strategy’s focus on IAQ

Following the launch of the government’s Clean Air Strategy (14th January), Camfil welcomes its recognition of the effect of Indoor Air Quality (IAQ) on people’s health. The document outlines a range of recommendations that focus on reducing exposure to particulate matter (PM), the very smallest of which cause the most damage.
Notable mentions, include:
•    Confirmation that the National Institute of Health and Care Excellence (NICE) is currently working on forthcoming guidance on IAQ.
•    News that the government wants to raise public awareness of the potential impacts of indoor air pollution e.g. at home and among consumers.
•    Confirmation that the Ministry of Housing Communities and Local Government will consult in spring 2019 on changes to standards in Part F of the Building Regulations, which relates to ventilation in homes and other buildings.
Mark Taylor, from Camfil said: “reducing outside air pollution, from traffic jams and exhaust fumes, is of course a priority. What’s clear, however, is the Clean Air Strategy recognises that this is only one part of the story, with a programme of work across government, industry and society to reduce emissions from a wide range of sources. These include agriculture, solid fuel burning and the products and materials we use to furnish, clean and decorate our buildings.”
Simon Birkett, from Clean Air London (CAL), who works with Camfil to improve air quality in the Capital, said: “it is marvellous to find more than 20 mentions of indoor air quality in Defra’s new Clean Air Strategy. The strategy helpfully identifies the sources of many different indoor air pollutants and says that plans will be forthcoming to reduce them.
What’s important is momentum, stressed Simon: “The Clean Air Strategy makes an encouraging start on indoor air quality but must be followed through quickly with meaningful action. For example, Building Bulletin 101 (BB101), which sought to improve indoor air quality in schools, was published with out of date standards for air filtration. Producing corrected guidance in 2019 must be a priority.
“Within healthcare, the ‘Change in Air Filter Test and Classification standards’, issued by SVHSoc in November 2018, is an important step but CAL considers that ‘HTM 03-01; Specialised Ventilation for Healthcare Premises; Part A’ needs also to be updated for the latest ISO and British standards for air filtration.”
Mark added, “with air filtration a key step in improving IAQ, another important standard that will help contribute to improvements in this area is the Eurovent Energy Rating 2019, which came into force on January 1st. Under the new Eurovent classification, the demands on energy efficiencies have increased improving the performance of their filters through more stringent test standards.”
The UK is the first major economy to adopt air quality goals based on WHO recommendations, going far beyond EU requirements. Let’s hope this document marks the start of real action to improve the air we breathe both outside and inside our buildings.


 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 8 of 63

© Copyright 2010, The World's Fair Limited. All rights reserved.

Registered office: The Worlds Fair Limited 
Chambers Business Centre
Chapel Road
Oldham OL8 4QQ
United Kingdom

Registered No. 114239, England