• Home

  • Documents

  • IDC Analyst Connection - The Critical Importance of ......The Critical Importance of Securing...
6
IDC ANALYST CONNECTION Sponsored by: Fortinet The Critical Importance of Securing Government Smart Buildings October 2019 Questions posed by: Fortinet Answers by: Ruthbea Yesner, Vice President, IDC Government Insights Why is the security of smart buildings in government important? Government facility managers worldwide are facing pressures to reduce energy use and improve sustainability, reduce operating costs and, most importantly, ensure the physical safety and cybersafety of building occupants and assets. Government buildings house valuable systems and information, such as datacenters that contain sensitive or classified information or operations centers that manage key systems such as traffic and streetlights and emergency response. Security breaches in these systems have far-reaching and serious consequences for the daily lives of the public and their sense of trust in government. IDC survey results show that over 50% of governments have smart building technologies in pilot or production. Community interest in sustainability and the declining costs of sensors and cloud computing have made embedding smart building technologies in new buildings, as well as retrofitting old buildings, a priority. Networked lighting systems; connected heating, ventilating, and air-conditioning (HVAC); smart thermostats; smart elevators; and frictionless building entry systems are examples of smart building technologies that offer benefits to facility managers and building occupants and help meet sustainability and efficiency goals. However, the proliferation of these technologies expands the attack surface and increases government risk of attack as IP-connected endpoints are added and physical systems are connected to the network. A IDC predicts that by 2023, 20% of public sector cybersecurity incidents will stem from Internet of Things (IoT) device deployments. Government organizations — national, regional, and local — have seen increased attacks over the past years. This threat of attack is not theoretical. For example, in the summer of 2019, 22 cities across the state of Texas were simultaneously held hostage by hackers for millions of dollars. Hackers target essential municipal service agencies such as hospitals, police agencies, and libraries, and cities can spend millions of dollars and lose months of productivity attempting to recover from these attacks. Over 50% of governments currently have smart building technologies in pilot or production. By 2023, 20% of public sector cybersecurity incidents will stem from IoT device deployments. The threat of cyberattacks on smart buildings is real and imminent. This paper discusses a strategic approach to smart building security for governments.

IDC Analyst Connection - The Critical Importance of ......The Critical Importance of Securing Government Smart Buildings What are the top considerations for smart building technology

  • Upload
    others

  • View
    5

  • Download
    0

Embed Size (px)

Citation preview

Page 1: IDC Analyst Connection - The Critical Importance of ......The Critical Importance of Securing Government Smart Buildings What are the top considerations for smart building technology

IDC ANALYST CONNECTION Sponsored by: Fortinet

The Critical Importance of Securing Government Smart Buildings October 2019

Questions posed by: Fortinet

Answers by: Ruthbea Yesner, Vice President, IDC Government Insights

Why is the security of smart buildings in government important?

Government facility managers worldwide are facing pressures to reduce energy use and improve sustainability, reduce operating costs and, most importantly, ensure the physical safety and cybersafety of building occupants and assets. Government buildings house valuable systems and information, such as datacenters that contain sensitive or classified information or operations centers that manage key systems such as traffic and streetlights and emergency response. Security breaches in these systems have far-reaching and serious consequences for the daily lives of the public and their sense of trust in government.

IDC survey results show that over 50% of governments have smart building technologies in pilot or production. Community interest in sustainability and the declining costs of sensors and cloud computing have made embedding smart building technologies in new buildings, as well as retrofitting old buildings, a priority. Networked lighting systems; connected heating, ventilating, and air-conditioning (HVAC); smart thermostats; smart elevators; and frictionless building entry systems are examples of smart building technologies that offer benefits to facility managers and building occupants and help meet sustainability and efficiency goals. However, the proliferation of these technologies expands the attack surface and increases government risk of attack as IP-connected endpoints are added and physical systems are

connected to the network. A

IDC predicts that by 2023, 20% of public sector cybersecurity incidents will stem from Internet of Things (IoT) device deployments. Government organizations — national, regional, and local — have seen increased attacks over the past years. This threat of attack is not theoretical. For example, in the summer of 2019, 22 cities across the state of Texas were simultaneously held hostage by hackers for millions of dollars. Hackers target essential municipal service agencies such as hospitals, police agencies, and libraries, and cities can spend millions of dollars and lose months of productivity attempting to recover from these attacks.

Over 50% of governments currently have smart building technologies in pilot or production. By 2023, 20% of public sector cybersecurity incidents will stem from IoT device deployments. The threat of cyberattacks on smart buildings is real and imminent. This paper discusses a strategic approach to smart building security for governments.

Page 2: IDC Analyst Connection - The Critical Importance of ......The Critical Importance of Securing Government Smart Buildings What are the top considerations for smart building technology

Page 2 #US45598219

IDC ANALYST CONNECTION The Critical Importance of Securing Government Smart Buildings

What are the top considerations for smart building technology investment?

Typically, when government facilities begin investing in smart building technologies, they are investing for the following outcomes and using the associated technologies:

» Efficient operations and services. Building automation systems centrally control all building systems and provide additional physical security by alerting managers of issues or emergencies related to air quality, fire, flooding, or unauthorized building access.

» Protection against physical attacks and cyberattacks. Video surveillance, building access control, emergency alert and response systems, endpoint security and analytics, and network security are fundamental to building safety.

» Sustainability and energy efficiency. Closely tied to operational efficiency, smart HVAC and building automation systems are key tools for sustainability, as are smart elevators, utility monitoring, and networked LED lighting or smart lighting systems.

With many government buildings running with multiple systems for separate functions and using different types of connectivity, security can be a challenge. Governments should consider the following areas as essential to improving the security of smart buildings:

1. Employ a strategic approach to security. Organizations deploying smart building technologies should take a security-first approach. This requires an organizational approach and strategic deployment of devices aligned with a security-first posture.

2. Take a smart building technology inventory. This requires a plan for tracking and recording devices, sensors, and networks as well as the back-end systems to which they are connected. It's important to know the location and functionality of devices as well as how data flows throughout the building.

3. Conduct a comprehensive vulnerability and risk assessment. An ever-increasing number of endpoints are being connected to legacy systems, which do not have updated security. A risk assessment identifies and prioritizes potential security vulnerabilities and reviews areas such as the security update status for each application and associated devices, password strength, and the level of integration between the smart building solutions and other operational technology/information technology (OT/IT) systems.

Once IT security professionals understand the magnitude of the security risks, they should develop a plan that prioritizes and funds efforts to mitigate the risk of a security breach.

Page 3: IDC Analyst Connection - The Critical Importance of ......The Critical Importance of Securing Government Smart Buildings What are the top considerations for smart building technology

Page 3 #US45598219

IDC ANALYST CONNECTION The Critical Importance of Securing Government Smart Buildings

Ensuring the security of citizens, data, and systems is essential for all levels of government. What key technologies are government organizations deploying to protect citizens, visitors, staff, and critical systems?

The next generation of tools, such as video surveillance, will change things dramatically. Video is a tried-and-true solution to building security issues, but its usefulness is being increased exponentially through high-powered analytics and artificial intelligence (AI). Facial recognition built into systems, coupled with capabilities that can cross-index with other data sources, enables government organizations to quickly identify potential threats and deploy the correct response, keeping citizens and facilities safer.

The ability to quickly identify both authorized people and threats and implement the right response will be critical for any system installed. This will require building security to be part of the overall IT ecosystem. AI-enabled systems, whether IoT or the network itself, will be able to act faster and set off a sequence of events and notifications that will enhance safety without the need to wholly depend on slower human reaction times. Given the data generated by these systems, analytics will play an important role as well because of its ability to optimize systems and find patterns that may indicate a threat or other security weakness that can then be addressed.

With all of the new technology and tools being installed in smart buildings, the cyber side of security is as critical as the physical side. IoT sensors, sensitive data, video, and identity management will depend on a secure and robust network infrastructure that is protected from attack and resilient enough to recover if an incident does occur. Network hardware and datacenters will need to be secured and quarantined quickly in such cases. This is where forward-thinking governments will be in a strong position; having planned out their ecosystem with security being a main priority, they will have tested and addressed vulnerabilities before those vulnerabilities can be used against them. IT and security staff will then be ready and have clear processes and tools at their disposal to protect the buildings and vital systems they contain, reducing downtime, breaches, and other potential risks.

Lack of security talent is a major challenge faced by government organizations and is projected to become more severe over time. How can government organizations overcome this talent crunch as they deploy secure smart buildings?

The scarcity of highly skilled security talent is a factor for government organizations even more than it is for private enterprises. A struggle to keep up with security needs will keep pushing government organizations to consider more innovative solutions, such as increased development of the latest automation and analytics tools for smart buildings. Responding to the shortage of talent, vendors will design more AI-native systems that evolve to take the heavy lifting out of security. This trend will impact government organizations favorably, providing much-needed capacity without adding costly head count and lessening the impact of talent shortages and skills gaps.

Page 4: IDC Analyst Connection - The Critical Importance of ......The Critical Importance of Securing Government Smart Buildings What are the top considerations for smart building technology

Page 4 #US45598219

IDC ANALYST CONNECTION The Critical Importance of Securing Government Smart Buildings

Video surveillance, facial recognition, powerful analytics platforms, biometrics, and AI-enabled security protocols will help government organizations secure more buildings in a far more comprehensive way while increasing their ability to respond rapidly when a critical event occurs. IoT sensors, video, physical and digital security, network infrastructure, workflow automation, and other valuable data sources such as identity and access management need to be tied together to maximize effectiveness. Building security is now as important a function for IT staff members, who have received updated training on tools and security needs, as it is for traditional security personnel. Only by working together and using technology properly will they be in a strong position to address any incidents.

To take advantage of these innovations, governments need to be forward thinking; they must not only consider the use cases and threats of today but also position themselves to tackle the emerging issues of tomorrow. Waiting until they can hire more security talent will leave too many vulnerabilities open to malicious actors. Training current staff on the threats and mitigation techniques that are coming to market will be important. Outdated information and skills will be a critical vulnerability. To that end, using outside expertise and leveraging strong partnerships, training internal staff to keep pace with the current technology landscape and where it's going, and obtaining strong executive support and investment will help mitigate risks.

What are key takeaways or lessons learned for government organizations as they work to secure smart buildings?

The key lessons government organizations are learning as they deploy more smart building technologies center around a "security first" posture that is an organizationwide effort and applies to all buildings. Similar to what the General Services Administration did in the U.S. federal government or the Installations of the Future initiative in the U.S. Army, an organization, or a state or a city, must view security across all buildings within its scope. This is also regarded as a security fabric — an integrated approach for advanced threat protection across disparate solutions in a network environment. This fabric uses multiple security tools for monitoring and mitigating issues.

Another key lesson learned is the importance of automation in monitoring and addressing issues on the network, cloud systems, web applications, and endpoint devices. Artificial intelligence and machine learning are part of this automation and identify vulnerable points, bring awareness to hacking attempts (or even unusual employee behavior or error), and help mitigate threats.

A few key actions have also proved highly effective in making smart buildings more secure and ensuring there are responses in place to maintain the confidence and trust of the public:

» Conduct regular security audits. The interconnectedness of modern government systems necessitates regular audits, especially with regard to the assessment of dependencies between various systems. Organizations should diligently map these dependencies to minimize spillover effects of a successful attack on one of the systems.

» Create detailed guidance for officials on how to proceed in the case of a successful attack (e.g., the city of Houston tested the effects of two simultaneous incidents — a cyberattack and a natural disaster) and conduct training exercises on new security skills.

Page 5: IDC Analyst Connection - The Critical Importance of ......The Critical Importance of Securing Government Smart Buildings What are the top considerations for smart building technology

Page 5 #US45598219

IDC ANALYST CONNECTION The Critical Importance of Securing Government Smart Buildings

» Set up a robust public relations and communications plan to deal with a successful cyberattack. To prevent panic and confusion, government organizations must use a wide range of channels to inform the public about what is happening and what is being done to restore the functions of affected services.

About the Analyst

Ruthbea Yesner, Vice President, IDC Government Insights Ruthbea Yesner is the Vice President of IDC Government Insights. In this practice, Ms. Yesner manages the U.S. Federal Government and the Worldwide Smart Cities and Communities global practices. Ms. Yesner's research discusses the strategies and execution of relevant technologies and best practice areas, such as governance, innovation, partnerships and business models, essential for Smart City and Community development.

https://www.idc.com/getdoc.jsp?containerId=PRF003306
Page 6: IDC Analyst Connection - The Critical Importance of ......The Critical Importance of Securing Government Smart Buildings What are the top considerations for smart building technology

Page 6 #US45598219

IDC ANALYST CONNECTION The Critical Importance of Securing Government Smart Buildings

MESSAGE FROM THE SPONSOR

Fortinet is a worldwide provider of network security appliances and a market leader in network security. Our products and subscription services provide broad, integrated, and high-performance protection against advanced threats while simplifying the IT security infrastructure. NASDAQ: FTNT. Learn more about Fortinet solutions at https://www.fortinet.com/solutions/

IDC Corporate USA

5 Speen Street Framingham, MA 01701, USA

T 508.872.8200

F 508.935.4015

Twitter @IDC

idc-insights-community.com

www.idc.com

This publication was produced by IDC Custom Solutions. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Custom Solutions makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee.

External Publication of IDC Information and Data — Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason.

Copyright 2019 IDC. Reproduction without written permission is completely forbidden.

https://www.fortinet.com/solutions/
https://www.idc.com/prodserv/custom_solutions/index.jsp

The importance of critical literacy

The importance of critical literacy

Documents
The Importance of Critical Thinking and Introduction to Logical Fallacies

The Importance of Critical Thinking and Introduction to Logical Fallacies

Education
The Smart Grid: The Complexities and Importance of Data

The Smart Grid: The Complexities and Importance of Data

Documents
20201007 1220 - Critical and Growing Importance of Equity · 2020. 10. 7. · The Critical and Growing Importance of Equity in Clinical Trials Sandy Amaro Diversity in Clinical Trials

20201007 1220 - Critical and Growing Importance of Equity · 2020. 10. 7. · The Critical and Growing Importance of Equity in Clinical Trials Sandy Amaro Diversity in Clinical Trials

Documents
The critical importance of effective private company ... · the critical importance of effective private company governance / 5 The critical importance of effective private company

The critical importance of effective private company ... · the critical importance of effective private company governance / 5 The critical importance of effective private company

Documents
The Critical Importance of Voluntary Benefits to

The Critical Importance of Voluntary Benefits to

Documents
Humanware – The Critical Importance of People in ... - HARC

Humanware – The Critical Importance of People in ... - HARC

Documents
Critical Factors Influencing the Adoption of Smart Home

Critical Factors Influencing the Adoption of Smart Home

Documents
Recommendations on the importance of critical energy

Recommendations on the importance of critical energy

Documents
The Critical Importance of CIIP to Cybersecurity

The Critical Importance of CIIP to Cybersecurity

Documents
Critical analysis of smart city from an NGO’s

Critical analysis of smart city from an NGO’s

Documents
Weather Critical Operations - Smart environmental sensors

Weather Critical Operations - Smart environmental sensors

Documents
A Critical Assessment of the Role/Importance of Non-Formal ...ijsre.com/assets/vol.,-5_2_-ololube---egbezor.pdf · A Critical Assessment of the Role/Importance of Non-Formal Education

A Critical Assessment of the Role/Importance of Non-Formal ...ijsre.com/assets/vol.,-5_2_-ololube---egbezor.pdf · A Critical Assessment of the Role/Importance of Non-Formal Education

Documents
Broadband Comes of Age…! And with it, come great benefits: Smart Communities, Smart Infrastructure, Business-Critical Applications, Mission-Critical Applications

Broadband Comes of Age…! And with it, come great benefits: Smart Communities, Smart Infrastructure, Business-Critical Applications, Mission-Critical Applications

Documents
Importance of carbon dioxide in the critical patient

Importance of carbon dioxide in the critical patient

Documents
Critical Evaluation of Relative Importance of Stress and

Critical Evaluation of Relative Importance of Stress and

Documents
A Critical Evaluation of ITSO Smart Ticketing,

A Critical Evaluation of ITSO Smart Ticketing,

Documents
6 Critical Trends in Smart Healthcare Technology

6 Critical Trends in Smart Healthcare Technology

Technology
Be a Smart Netizen – The Importance of Security Awareness

Be a Smart Netizen – The Importance of Security Awareness

Documents
THE CRITICAL IMPORTANCE OF VOCATIONAL … CRITICAL IMPORTANCE OF VOCATIONAL EDUCATION IN THE COMMONWEALTH • JANUARY 2016 1 Preface 2 Section I: Introduction 4 Research …

THE CRITICAL IMPORTANCE OF VOCATIONAL … CRITICAL IMPORTANCE OF VOCATIONAL EDUCATION IN THE COMMONWEALTH • JANUARY 2016 1 Preface 2 Section I: Introduction 4 Research …

Documents
A Critical Assessment of the Importance of Seedling Age in

A Critical Assessment of the Importance of Seedling Age in

Documents
Enhancing Smart Device Security: Protecting Critical

Enhancing Smart Device Security: Protecting Critical

Documents
Smart grid in the Critical National Infrastructure

Smart grid in the Critical National Infrastructure

Technology
Smart Cards a(s) Safety Critical Systems

Smart Cards a(s) Safety Critical Systems

Documents
The critical importance of access to the sea to the

The critical importance of access to the sea to the

Documents
Implementing the Smart Grid’s most critical technology

Implementing the Smart Grid’s most critical technology

Documents
Critical Importance of Well-Maintained Facilities - Thurnau

Critical Importance of Well-Maintained Facilities - Thurnau

Education
The Importance of Smart Charging · 2020-04-02 · The Importance of Smart Charging Smart Energy Demand Coalition (SEDC) | 2 • Business models for innovative services • Vehicle

The Importance of Smart Charging · 2020-04-02 · The Importance of Smart Charging Smart Energy Demand Coalition (SEDC) | 2 • Business models for innovative services • Vehicle

Documents
Critical Care: The Importance of Stronger Authentication in Health Care

Critical Care: The Importance of Stronger Authentication in Health Care

Technology
Importance of Critical Thinking.pptx

Importance of Critical Thinking.pptx

Documents