If you’re using building automation systems, see this BOMA/ASIS/SIA guidance on protecting your facilities from inherent risks

by Brianna Crandall — August 10, 2018 — The Building Owners and Managers Association (BOMA) International, in partnership with the ASIS Foundation and the Security Industry Association (SIA), just released what BOMA says is groundbreaking, first-of-its-kind guidance for practitioners in the commercial real estate and security fields. Intelligent Building Management Systems: Guidance for Protecting Organizations provides a framework to help decision makers protect their buildings against risks associated with intelligent building management systems and ask relevant security questions to develop appropriate mitigation strategies. It also serves to establish a common language between the many intelligent building stakeholders.

BOMA infographic on intelligent building security

Infographic courtesy BOMA. Click to enlarge.

The guidance document is based on original research, Building Automation & Control Systems: An Investigation into Vulnerabilities, Current Practice and Security Management Best Practice, by David J. Brooks, Michael Coole and Paul Haskell-Dowland of Edith Cowan University in Perth, Australia. Also taken into consideration were the responses of BOMA International members, who were surveyed on their use of and security practices for building automation systems. The resulting report provides an exhaustive overview of identified intelligent building critical vulnerabilities and mitigation strategies.

Intelligent building management systems increasingly have become embedded into the built environment as technology has evolved and the demand for reduced operating costs and greater monitoring, control and operability has continued to grow. However, this growth in efficiency also comes with a substantial set of security vulnerabilities. Importantly, the research finds a significant disconnect between the perceived understanding of intelligent building threats and risks versus actual dangers. In addition, the report reveals that a lack of common terminology and practices can result in misunderstandings and siloed views of associated security risks.

The report emphasizes the need to take a multidisciplinary proactive management approach to intelligent building vulnerability mitigation and fuse multidisciplinary participants into an intelligent building security team. It also highlights the importance of intelligent building integrators and cybersecurity experts as partners who can help organizations better understand threats and risks and more effectively achieve intelligent building security.

The ASIS Foundation, BOMA International and SIA developed this guidance document as a service to property professionals and security specialists. The information included in the report should be considered as guidance, says BOMA; consult with your security professional for your specific needs.

For more information or to download the Intelligent Building Management Systems: Guidance for Protecting Organizations report, visit the BOMA International website.