Lynxspring Technology Blog

Building Automation Cyber Risks It’s not about numbers; it is a business issue.

As business people we hate spending money on things that don’t help our businesses operate better and more efficiently, perform at maximum levels or improve the products and services we deliver to the market. And yes, we know there are necessary expenses in business that require funding. The thought of spending money on things that are only used in a worst-case scenario and risk management are not attractive options when it comes to the allocation of our important resources---funds. They are however, a must. So what do we do? We look at things such as what is the payoff going to be. Are there risks? What are the risks and where do they exist? How likely is our business and operations going to be affected? What is the potential impact? These are questions that need to be answered. The bottom line, we want a solid business case as to why the risk or reward to the business warrants the expenditure.

Back in the day, (2012) I wrote the following:

Some people collect comics; some art. Some collect sports memorabilia, others coins. I could go on. I collect intelligent building definitions. Not really, but I thought I'd share some of the definitions I have managed to collect. While each definition offers its own perspective, it is interesting to see the similarities and the differences.

While buildings are smarter and more connected than ever before, when it comes to cybersecurity, they are stuck in the 1980s.Today’s connected business world means there are thousands of entry points in and out of companies. It is impossible to miss the continued headlines on the latest breaches and cyber-attacks. Cyber-attacks today are more sophisticated and targeted than ever before.The truth is that network security and the security of devices and systems do not work as well as we thought.

Cybersecurity protection and defense prevention for the building automation systems and the operational technology that operates and manages our facilities is now a necessity and should not be treated differently than an IT network when it comes to cybersecurity. Just like an IT network, building automation networks should have multiple layers of defense and protection as well as policies and procedures that are continuously addressed. In fact, cybersecurity should be an integral part of the design of intelligent buildings and today’s building automation system and not an afterthought; it has gone from a nice-to-have to a must-have.
Let’s look at some of the latest cyber stats—cyber issues are up 144% compared to four years ago with an average of 138 successful attacks per week, compared to 50 attacks per week in 2010; cyber-attacks cost the average U.S. company $12.7 million; attacks have become increasingly sophisticated in nature; reported incidents of have increased 48% in the past twelve months (this does not include the number of attacks that go unnoticed or are unaware); the average time it takes to detect a malicious cyber-attack is 170 days with some types of attack taking 259 days on average to detect.