Cyber Security for OT
For years cyber security in the OT space was an afterthought. With the emergence of Smart Buildings, remote access, and more data being shared on an OT network, the need to secure these networks has become critical. Products and solutions that are OT-focused tend to address network security needs with broad IoT solutions. Although best-in-class product selection is vital when choosing your hardware and software, most security breaches are caused by lack of knowledge by the user. It is highly recommended that a written cyber security plan is developed and followed in order to provide proper network security training for all users.
Four Areas of Cyber Security for OT Networks
Play the video below and listen as we explain our basic approach to ensuring that your OT network design is cyber secure. It is crucial that you follow a few basic best practices so that your data and assets are protected from cyber threats.
- Area 1: Encrypted Data (Tridium's Niagara/BACnet SC)
- Area 2: Managed Network Switches
- Area 3: Physical Firewall
- Area 4: A Written Cyber Security Policy
Cyber Security Policy Guide Specification
OT cyber security management is a continuous process with all types of factors influencing the results. Changes in business demands, organizational changes and changes in the threat landscape all require adaption of the OT cyber security management process. A good cyber security plan is an excellent place to start. This document is merely a starting point and is considered a guide specification. The document should be edited by the owner before being adopted by your organization.
Foundations for OT Cybersecurity: Asset Inventory Guidance (CISA)
CISA, working with national and international partners, has developed guidance to help owners and operators of Operational Technology (OT) systems create and maintain a comprehensive asset inventory. The document outlines how to identify, classify, and manage OT assets so organizations can better understand their environments and strengthen cybersecurity.
Highlights include:
- Establishing scope, roles, and responsibilities for asset management.
- Identifying and documenting OT assets through inspections and network surveys.
- Creating a taxonomy to classify assets by function and criticality.
- Applying the inventory for vulnerability management, monitoring, reporting, and continuous improvement.
Why it matters for smart buildings:
An accurate and well-managed asset inventory helps building owners and operators prioritize critical systems, uncover hidden vulnerabilities, and improve resilience against cyber threats across building automation and control environments.
Cyber Security Tips for OT from Around the Industry
BACnet Secure Connect (BACnet/SC)
BACnet/SC is a new BACnet datalink that eliminates many of the concerns Owners, Facility Managers, and IT professionals have with BACnet today. It is based on standard TLS 1.3 security with options for 128-bit. and 256-bit elliptic curve cryptography. It eliminates the need for static IP addresses. Information sent through a BACnet/SC connection is verified to be authentic, and unaltered from the original data source. BACnet Secure Connect (BACnet/SC) is an addendum to the BACnet protocol released by the ASHRAE BACnet Committee.
