Every year we learn more and more painfully that the use of information technology requires a very special new security discipline: cyber security. "Classic" security looks primarily at risks from technology failure, human error or force majeure events. The focus of cyber security planning and implementation, on the other hand, is on considering and combating threats from malicious acts by third parties. Cybersecurity also considers risks from nature and technology, but focuses on targeted and untargeted attacks from any network, from so-called cyberspace.
For years, cyber security has also been an issue in the digitalisation of production, the so-called Industry 4.0. It was recognised early on that with all the progress that can be achieved through digitalisation of construction and production, there is a threat of a bundle of new dangers that must be given great attention in the development of such systems.
The risk situation is underestimated and often not given sufficient attention. Modern buildings resemble advanced production plants in their complexity and in their penetration with information technology.
An office building built in 2021 can only be used if the "building IT", which controls and monitors the functionality and security of the building, functions as it should. From ventilation and heating to access control, video technology and communication, a lot of classic technology and information technology is absolutely necessary to operate the building.
This mixture of building technology and information technology - operational technology (OT) - requires just as high a level of cyber security as classic information technology or Industry 4.0. To get an idea of how this OT can be protected, one may be inspired by Industry 4.0. Here, as there, the model architecture for a mixture of active technology and information technology for controlling and monitoring this active technology is described by the so-called Purdue model. In the author's experience, it is not so much the architecture of the OT that is the problem, but rather the operation of this building OT.
For years, VZM has been working with building owners and operators to survey the new problem area of cyber security and to avoid typical mistakes. VZM has identified 12 measures that are indispensable to implement during construction and operation in order to create cyber security for a modern building.