Page 21 - BACnet_Europe-Journal_43
P. 21
BACnet Insight
Cybersecurity in Building Operations:
A Methodical Approach for Future-Proof
and Scalable IT/OT Security in Building
Automation
Cybersicherheit im Gebäudebetrieb:
Ein methodischer Ansatz für zukunftssichere
und skalierbare IT/OT-Sicherheit in der
Gebäudeautomation
Advances in digitalization enable data-based control and IT/OT Security in Building Operations management, is also reflected in the fee schedule
monitoring of buildings and have revolutionized building for architects and engineers (HOAI), where it is listed
operations. The basis for sustainable IT/OT security in building as a special service. This emphasizes that IT/OT
Die fortschreitende Digitalisierung ermöglicht eine operations is a methodical and risk-oriented approach security cannot be considered a by-product, but rather
datenbasierte Steuerung und Überwachung von based on proven standards such as BSI basic protection. an independent and essential task in the planning,
Gebäuden und hat den Gebäudebetrieb revolutioniert. This approach makes it possible to systematically identify construction, and operation process.
and evaluate cybersecurity risks and minimize them
In the relevant technical literature – especially in older through appropriate measures. A methodical approach to IT/OT security integrates the
editions – buildings were often still regarded as isolated relevant components of risk analysis into the service
structures. This paradigm has changed fundamentally. Risk analysis is a central component of this process. phases of the HOAI. This includes:
Today, there is no question that modern buildings are no It creates the necessary risk transparency to enable Clarification of responsibilities and roles: Clear respon-
longer isolated structures, but highly networked systems informed decisions to be made. This involves not sibilities for construction, operation, and IT/OT security
in which operational technology (OT) and information only identifying vulnerabilities, but also assessing the must be defined early on in the planning phases.
technology (IT) are seamlessly integrated. potential impact of threats on building operations. Identification of the objects to be examined: Which
systems and components are critical for building
However, this development, fueled by market trends Cybersecurity as a Special Service Already Included operation?
and legal and regulatory requirements, not only brings in Planning in Accordance with HOAI Determination of protection requirements: What avail-
efficiency gains, but also new challenges – especially in ability, confidentiality, and integrity requirements exist
the area of cybersecurity. The threat of cyberattacks on The importance of cybersecurity, especially risk for the identified systems?
building infrastructures is real and growing steadily.
Comprehensive Requirements
Until now, IT security has primarily been anchored as
a central task of classic corporate IT. However, this
security approach is now increasingly extending to
operational technology (OT) as IT/OT security and thus
also holistically to building digitization.
Cyber security must therefore be established as an
integral part of building operations. It is crucial that the © all pictures: Deutsche Bundesbank | © alle Bilder: Deutsche Bundesbank
principle of “security by design” is taken into account
right from the requirements analysis stage. Only then can
all those involved – from planners and building owners to
operators – act on a sound basis.
The key: a methodical and risk-oriented approach.
BACnet Europe Journal 43 09/25 21
