Page 31 - 240909_BACnet_Europe-Journal_41
P. 31
Mission BACnet
Planung erfolgt, die Basis für die Zukunftsfähig- The increasing technological developments in the building technology with its operational tech-
keit eines Gebäudes geschaffen. Intelligente und building technology, including smart buildings, nologies (OT) can no longer fulfill its operator obli-
vernetzte Systeme steigern dabei den Nutzer- and the rapid market penetration of building gations or can only do so with enormous effort.
komfort sowie den Wert einer Immobilie. technology with general information technology
are leading to an increasingly high cyber secu- The circle of operators of critical infrastructures
Passend zu den zur Anwendung kommen- rity risk. will increasingly include more business areas in
den Systeme und Kommunikationsprotokolle the future. As a result, the requirements of vari-
sowie zur Gebäudenutzung müssen wirksame Due to a lack of expertise (no IT core compe- ous national associations and organizations to
IT/OT-RMP als Security-Maßnahmen getrof- tence) in construction management, building ensure IT/OT security are growing. Setting up
fen werden. Die Starter-Rollen des IT/OT-RMP planning and operators in the building context, and maintaining a reliable and resilient IT/OT
sind in den gesamten Planungs- und Integrati- a shortage of skilled workers among integrators infrastructure is a discipline for IT and building
onsprozess zur Errichtung der GA zu involvie- and commissioning companies and the poten- automation specialists. Therefore, the applica-
ren. Der Integrationsplaner, der ebenso für die tially major impact of successful cyber-attacks tion of measures to achieve IT/OT security is not
GA, IT und OT zuständig ist, benötigt Informa- on the infrastructure of buildings, joint IT/OT only relevant for the operation of critical infra-
tionen zu den konkreten Anforderungen an den security is not only relevant for operators of criti- structure and federal authorities, but should
Gebäudebetrieb sowie zu dessen Umsetzung. cal infrastructure and federal authorities, but become an integral approach to the standard of
Zugleich muss die Umsetzung der Maßnahmen must become the standard for building opera- building operation.
durch beteiligte Bauherren während des gesam- tions; because attackers often look for and find
ten Planungs-, Integrations- und Inbetriebnah- the weakest point. There are several prominent The current status of the guideline is based on
meprozesses überwacht werden. Hierbei sollten examples of this detour via building technology. established methods from Germany. The consid-
Bauherren durch ein planungs- und baubeglei- eration of Demand Planning – Operating Con-
tendes Qualitätscontrolling sicherstellen, dass Legislators have recognized this potential threat cept (LP 0) and Basic Evaluation – Project Prep-
die Anforderungen korrekt erfüllt werden und and have set appropriate cyber security require- aration (LP 1) is not intended to suggest that the
keine Schnittstellen- sowie Sicherheitsprobleme ments at both European and national level: contents of the guideline should not be taken
a
entstehen. Gibt es in dem Umfeld keine Exper- t European level into account in the subsequent service phases.
tise, kann diese Dienstleistung im Rahmen eines NIS 2 Directive (EU 2022/2555),
Inbetriebnahmemanagement (IBM) extern ein- Cyber Resilience Act (CRA - EU 2022/0272), The further compilation of the necessary rec-
gekauft werden. t national level (using Germany as an ommendations, guidelines and processes are in
a
example) progress and will be integrated into subsequent
Für den künftigen Betrieb der technischen Anla- NIS-2 implementation and Cybersecurity versions of the guide.
gen über eine integrierte Gebäudeautoma- Strengthening Act (NIS2UmsuCG, German:
tion sind in der Phase der Bedarfsanalyse und Cybersicherheitsstärkungsgesetz). Phase 0 is taken up here as an example:
des Betriebskonzeptes wichtige Grundlagen im
Bereich der Netzwerksicherheit zu betrachten. In the increasingly modern and digitalized envi- LP 0: Demand Planning – Operating
Dazu gehören: ronment and due to increasing international Concept
S
pezifikation des Untersuchungsgegenstan- political tensions, there is therefore growing con-
des und Festlegung des Schutzbedarfs, cern about massive negative economic effects Demand Planning, including IT/OT RMP (Risk-
E
rmittlung der IT-Sicherheitsanforderungen in the professional environment – among other Management-Plan) operating concepts, plays a
und deren Schutzziele, things, if technical systems are compromised fundamental role in efficient, economical and
F
estlegung von Maßnahmen zur Identifikati- under one‘s own responsibility. These include: safe building operation. The basis for the future
e
on und Bewertung von technischen conomic damage due to loss of reputation viability of a building is also created by the high-
Restrisiken, – for example through negative public quality implementation of building automation,
B
erichterstattung und Genehmigung von perception with press releases or social which is based on needs-based planning. Intelli-
Restrisiken. media, gent and networked systems increase user com-
nancial loss due to restricted availability of fort and the value of a property.
fi
Zudem stellen sich weitere Fragen zum Schutz internal company options, including
der Informationen und der eingesetzten IT- und blackmail attempts or negative influence in Effective IT/OT RMP security measures must
OT-Komponenten: production processes. be implemented in line with the systems and
V
ertraulichkeit (Confidentiality), communication protocols used and the use of
I
ntegrität (Integrity), In addition, high fines have been announced, in the building. The IT/OT RMP starter roles must
V
erfügbarkeit (Availability), some cases even with personal liability for the be involved in the entire planning and integra-
werden personenbezogene Daten erhoben management (such as the EU‘s “Cyber Resil- tion process for setting up the BMS. The inte-
bzw. verarbeitet? (DSGVO). ience Act”). gration planner, who is also responsible for the
BMS, IT and OT, needs information on the spe-
Die hier gewonnenen Kriterien und Erkenntnisse This guideline is intended to achieve added value cific requirements for building operation and its
fließen dann in die weitere Realisierung des through recommendations for standardization of implementation. At the same time, the imple-
Bauprozesses nach der HOAI (Honorarordnung processes, infrastructures, services and suitable mentation of the measures by the building own-
für Architekten und Ingenieure) ein. organization (roles), among other things (security ers involved must be monitored throughout the
by design from the outset). This is because a fail- entire planning, integration and commissioning
ure of the information technology (IT) means that process. Building owners should ensure that
BACnet Europe Journal 41 09/24 31
