Cyber Protection for Building Automation and Energy Management Systems

Similar documents
Lynxspring Professional Services

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

The Business Case for Security Information Management

Cisco Advanced Services for Network Security

A HELPING HAND TO PROTECT YOUR REPUTATION

Website Security: It s Not all About the Hacker Anymore

Network Security Administrator

Security Issues with Integrated Smart Buildings

How To Secure Your System From Cyber Attacks

Inspection of Encrypted HTTPS Traffic

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

2014 North American Building Automation Systems 2013 North American SSL Certificate Customer Value Leadership Award Product Leadership Award

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Using a VPN with Niagara Systems. v0.3 6, July 2013

Firewalls, Tunnels, and Network Intrusion Detection

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Building A Secure Microsoft Exchange Continuity Appliance

The Importance of Cybersecurity Monitoring for Utilities

Zone Labs Integrity Smarter Enterprise Security

Increase insight. Reduce risk. Feel confident.

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Intro to Firewalls. Summary

DeltaV System Cyber-Security

Global Partner Management Notice

Reducing the Cost and Complexity of Web Vulnerability Management

Remote Services. Managing Open Systems with Remote Services

Cyber Security An Exercise in Predicting the Future

The Attacker s Target: The Small Business

Designing a security policy to protect your automation solution

8 Steps for Network Security Protection

PCI Requirements Coverage Summary Table

8 Steps For Network Security Protection

Industrial Security Solutions

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

Securing the Database Stack

PCI Requirements Coverage Summary Table

Information Security Services

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Managed Security Services for Data

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Defending Against Cyber Attacks with SessionLevel Network Security

Cyber Security Where Do I Begin?

Innovative Defense Strategies for Securing SCADA & Control Systems

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Guideline on Auditing and Log Management

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

The Leading Provider of Endpoint Security Solutions

Internet threats: steps to security for your small business

Trend Micro Cloud Security for Citrix CloudPlatform

A Case for Managed Security

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

A Decision Maker s Guide to Securing an IT Infrastructure

TECHNICAL WHITE PAPER. Symantec pcanywhere Security Recommendations

Using a VPN with CentraLine AX Systems

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

Locking down a Hitachi ID Suite server

Seven Things To Consider When Evaluating Privileged Account Security Solutions

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Does your Citrix or Terminal Server environment have an Achilles heel?

Protecting Your Organisation from Targeted Cyber Intrusion

Beyond the Hype: Advanced Persistent Threats

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Basics of Internet Security

Sophistication of attacks will keep improving, especially APT and zero-day exploits

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Data Security Incident Response Plan. [Insert Organization Name]

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

Top five strategies for combating modern threats Is anti-virus dead?

SANS Top 20 Critical Controls for Effective Cyber Defense

Security Policy JUNE 1, SalesNOW. Security Policy v v

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Ovation Security Center Data Sheet

McAfee Security Architectures for the Public Sector

Document ID. Cyber security for substation automation products and systems

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

Understanding SCADA System Security Vulnerabilities

Managed Security Services

NATIONAL CYBER SECURITY AWARENESS MONTH

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

2015 CENTRI Data Breach Report:

External Supplier Control Requirements

Transcription:

Cyber Protection for Building Automation and Energy Management Systems IT and Network Operations Managers Perspective

PROTECT YOUR INVESTMENT Reinforcing the Integrity of Enterprise Networks The intersection of the Building Automation Systems (BAS) and IT over the past decade has revealed the exponential potential of networked building controls. The sophistication of building automation (BAS) and energy management (EMS) networks makes it possible to not just share data with the enterprise, but to interpret trends and introduce operational and building performance strategies that save money, resources and time valuable benefits that impact all facets of an organization. However, the transition from standalone systems to the highly connected world of Ethernet and cloud-based computing has put these networks on equal footing with the IT network in their shared need for a vigilant cyber protection strategy. When it comes to cyber security and threat protection, BAS, EMS and IT networks should not be treated differently. BAS networks are abundant in today s modern buildings, and security through obscurity is not a solution. If a device is on the network, then it can be discovered. Threats and breaches to building and energy management systems can be entry points into a company s network, becoming a pivot point that can bypass existing network defenses. A hacker or unauthorized person can use a simple thermostat, lighting controller or the HVAC system as a launching pad to infiltrate other devices and systems, introduce malware, viruses and worms, or engage in other detrimental activities.

The Moment a Malicious Hacker Exploits a BAS, the Countdown to Chaos Begins From a business perspective, the negative consequences that BAS/EMS-initiated cyber incidents cause are potentially catastrophic. Such events may impact occupant productivity and personal safety, disrupt critical processes, and shut down business operations entirely. The potential theft and loss of intellectual property can be as equally devastating with negative publicity and loss of customer confidence while the financial ramifications may be compounded with lawsuits and equipment replacement and repair. Responsible & Efficient Network Citizenship IT managers must continuously defend their domain from vulnerabilities, viruses and threats that mutate on a regular basis to outwit encryption methods. It is their responsibility to know exactly what systems and devices exist on the network, how they communicate, what type of data is shared, and who has access rights. Thus, the addition of new control networks and their devices to the enterprise s central nervous system creates further complexity, adding more layers and tangents that require the same level of watchful protection as their IT counterparts. From an IT point of view, the management of these integrated control systems can require additional time, money and resources. Simply adding a device to the system without the knowledge of the IT department can be detrimental, introducing unsecured portals that can jeopardize the entire enterprise. Pervasive connectivity and integration of BAS networks necessitates a comprehensive cyber security solution that enables organizations to extend their corporate IT strategies to allow them to exist and interoperate with traditional IT management tools. Such a solution must not drain resources of the IT department; it should enable facility personnel to manage their own systems in a secure environment without continued involvement from IT. Physical Repercussions Uninhabitable facilities Uncontrollable and locked-out systems Equipment damage and replacement Inefficient systems Sprinkler and smoke alarm failure Disabled elevators controls system Lighting failure Compromised building access and intrusion systems Business Repercussions Interruption of business and operations Exposure and compromise of intellectual property and sensitive information Introduction of malicious files, viruses to the corporate IT network Negative publicity, loss of customer confidence Brand damage Litigation Occupant harm, loss of life An effective BAS cyber security program will enforce responsible network citizenship with policies and procedures that are continually addressed and maintained to the highest standards.

LYNX CyberPRO Real time, Continuous Cyber Protection for Building Automation and Energy Management Systems Cyber-threats remain one of the most insidious issues within the building automation industry today; threats are becoming more frequent, becoming increasingly sophisticated and are now at a point where we have legitimate and reasonable concern Terry Swope President, CEO of Lynxspring Lynxspring s LYNX CyberPRO is a cyber-threat protection solution designed specifically for building automation and energy management networks. Lynxspring has partnered with Netop, the premier developer of secure remote access solutions for complex global IT environments, to create a simple, cost-effective and multi-layered security solution for the mechanical and electrical devices and systems that reside on the enterprise network including HVAC, lighting and energy measuring systems. LYNX CyberPRO establishes pre-emptive threat protection for the devices and systems across a building network by securing, managing, controlling, tracking and monitoring all account access and activities. LYNX CyberPRO creates shields of security, tailored protection for groups of devices and systems, in addition to layers of cyber protection that reinforce firewall authenticity by eliminating attack surfaces created by exposed devices on the Internet and within the network. Comprised of a CyberPRO Key and an encrypted LYNX CyberPRO Secure Connect Cloud connection, LYNX CyberPRO is simple to install, configure and operate, and does not require any changes to a device s existing network settings. The CyberPRO Key is installed on the network behind the firewall and configured to the CyberPRO Cloud. This is the single access point into the network and becomes a forensic tool for the entire building control network with an auditable access trail. The solution supports leading building automation protocols with TCP/IP networks, open and legacy systems and can be accessed anywhere without exposing building system devices to the public internet.

1 Lynx CyberPRO consists of a CyberPRO Key and an encrypted LYNX CyberPRO Secure Connect Cloud connection. It is simple to install, configure and operate and does not require any changes to a device s existing network settings. There are three simple steps with setting up a key: 1. The Key is plugged into the corporate network. 2. Devices needing secure remote access are added to the Key. 3. Users are added to the Key. How it Works LYNX CyberPRO Ladder Diagram INTERNET AX Supervisor Firewall Remote WorkPlaceAX or Browser CyberPro Key Remote Applications Building Automation LAN/WAN Energy Management Building Security DVR 2 3 4 5 6 HVAC Plant Control Open ADR & Generation 7 8 9 0 # * Lighting Asset Monitoring Utility Metering Card Access & Intrusion CCTV

CyberPRO Addresses Multiple Areas of Cyber Protection Reduces the Attack Surface CyberPRO removes all devices from the public Internet, closes all ports on the corporate firewall, and eliminates the need of having to add and manage authorized users to the VPN access directory. It hardens and maintains the integrity of the corporate firewall and allows authorized users--including third-party contractors--secure remote access to the appropriate systems. Provides one single access point into the corporate IT network versus multiple points Restricts access to specific, authorized systems only Minimizes the number of devices on the Internet; avoids a proliferation of direct-to-internet devices LYNX CyberPRO Protects & Connects Secures the Connection Sophisticated encryption is used to protect the confidentiality and integrity of data transmitted between the user and the devices. To gain secure remote access to these systems, the user logs into the encrypted LYNX CyberPRO Cloud and is authenticated via distinct checkpoints. After positive verification a list of available keys is presented. Consists of two layers of verification (device and cloud) Features SSL encryption and enterprise-grade administration capabilities LYNXCyberPro Cloud (Router) Manages User Access & Rights Users must log into the selected key, and once authenticated, are presented with a list of devices and randomly generated ports to use during the session. At no time does the user use IP addresses for the devices, only the randomly generated ports the key provides. Ability to isolate remote users and their traffic, policies and administrative interfaces from all other users using the same platform All communication interactions require authentication and authorization Prevents automated Internet port scans Documents Occurrences An audit log is created for each session and records all user activity. When the session is over, the key closes all ports. Automated collection of events are stored for future analysis LYNXCyberPro Connect (Remote Client) Encrypted Tunnel LYNXCyberPro Key (Network Client)

Benefits of CyberPRO for IT Professionals Single, unified access and view Secures connections through high encryption; authentication via distinct checkpoints Reduces the number of devices exposed to the public Internet; ports remain closed Creates secure remote access without firewall exceptions, proxies or special configurations Restricts device connectivity and authorizes devices on the network Enforces trusted change policies Meets compliance requirements Allows for patch management in a trusted, secure environment Frees up VPN licenses for concurrent users for corporate personnel use only Centralized accountability In combining efforts with Lynxspring on LYNX CyberPRO, we have created a single, secure, monitored and audited access point to building control systems. This will give authorized personnel timely and secure access to building data while reducing external threats to building automation systems Kurt Bager CEO, Netop

About Lynxspring Lynxspring is changing the way devices and systems communicate and collaborate across enterprises. Our technologies enable users to manage and operate their facilities and equipment smarter, safer, more efficiently and at peak performance levels within a secure IT environment. Embracing open framework platforms, Lynxspring designs, manufactures and distributes JENEsys brand Internet-based automation infrastructure technology and device-to-enterprise integration solutions for Building Automation, Energy Management, Cyber Security, Equipment Control and other Specialty applications. www.lynxspring.com About Netop Netop develops and sells market leading software solutions that enable swift, secure and seamless transfer of video, screens, sounds and data between two or more computers. Used by half of the Fortune 100, Netop s solutions help businesses provide better customer service, reduce support costs and meet security and compliance standards. Headquartered in Denmark, Netop has offices in the United States, China, Romania and Switzerland. The company sells its solutions to public and private clients in more than 80 countries. Netop Solutions A/S shares are listed on the Copenhagen Stock Exchange. www.netop.com Lynxspring GO FURTHER. For more information on Lynxspring s National Account Services, please contact us at 816-347-3500 or at www.lynxspring.com. LYNXCyberPRO is a trademark of Lynxspring

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information