15 July 2015: Resilience and Cybersecurity
We were pleased to welcome many regular HCNW supporters, including several Members in CIBSE-FM and Amy Longo, Chair of IET Surrey. We were were treated to an excellent double-header which ran until 21:30.
Peter Armstrong of insurer Willis gave an absorbing presentation about cybersecurity. The mass rollout of smart devices that interconnect systems, the connections between vendors and subcontracted vendors, and the human factor presents some major cybersecurity challenges and as Peter explained, attract very real threats.
We trust these smart systems - and in an ever-increasing range of devices. Perhaps because of “normalcy bias” – failing to assess the likelihood of something that hasn’t happened before – many organisations are not taking these risks seriously enough, Peter asserted. For example, OEM software updates are frequently installed on trust - and that's precisely how some of these breaches occurred: the OEM updates weren't checked by anyone, just accepted as bone-fide.
Peter provided credible examples of how security had been breached. Invariably the host organisations hadn’t realized they'd been breached, and the breach was very often enabled by a third party – such as contractors.
The seminar raised some very significant building services (and utility and national) issues: the BIM rollout, Smart Meters, the ever-increasing use of personal mobile devices (with one dominant operating system) to replace isolated, segmented networks in a modern fully-digital world. With increasing demands for advancing mobile device technology to meet consumer needs, Peter gave examples of how interfaces can allow attacks on lower-security consumer-utility systems to access more critical systems. The automotive examples have now reached the news and again revolve around hacking less critical systems like entertainment in a network serving door locking, accessing interfaces to much more critical functions - like the brakes and transmission. We heard that common operating platforms in our mobile devices and the normality of using wireless connections in public places can only increase the risks of compromising "ownership" - perhaps not obvious at the time.
While hacking attacks are in the news - and some say are the "New Normal" - many organisations may be at risk by not understanding their relative importance and vulnerabilities (especially those from sub-suppliers, consider the collaboration needs of BIM); by not understanding the degree of organisation, the source and motives of the threat (invariably money); by not segmenting and layering their networks, by failing to rationally limit administrative access levels, and by failing to assign non-conflicted responsibility for cybersecurity to one particular individual. Peter recommended that organisations should develop an incident response plan (and not presume that with massive effort, all vulnerabilities would be fixed). There was urgency in Peter's message that as data handling expands, it's already late to start controlling vital assets in legitimate parts of the digital world.
Fascinating and salutory - our thanks to Peter for sharing some really important concerns and giving us an idea of scale and gravity.
HCNW Committee Member Kevin Barrett then widely illustrated with real-life examples how design had not fulfilled clients' actual requirements and how services had failed often at critical times. Kevin's presentation highlighted the need for detailed collaboration between FM technical staff and designers, and illustrated some of the benefits. Increasing complexity, the removal of human override, and the need to integrate systems - often prototypically - which had never been designed to be interconnected. This was a common cause of failure.
Kevin reeled off a list of practical design solutions that can make buildings more resilient to utilities failures, component failures, unproven integration, and even malicious interference.
Rounding off this great ending to a very interesting evening, HCNW was able to recognise some of our strongest supporters in our community of practice with the Region tie and Region pin badges.
Our evening has also attracted interest from CIBSE Journal; lined up, HCNW has a seminar on Big Data in November 2015.