APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac

  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • IT Service Management
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    Editor's Pick (1 - 4 of 8)
    left
    How do we create an Effective IT Service Management Strategy?

    Sami Yalavac, Chief Information Officer, Bupa A&NZ

    The Road Towards the Intelligent Enterprise

    Florian Roth, CIO and Head, IT Services, SAP SE(FWB: SAP)

    IT Service Management in the Digital Era

    Unal Altay, CIO, V/line

    Strengthening IT by Streamlining Business Processes

    Ken Soh, CIO & Director, e-Strategies, BH Global Corporation

    Designing the IT Organization for Service Management

    Michael Reagin, Corporate VP & CIO, Sentara Healthcare

    Virtual Cloud Computing Platform (VCCP) for A*STAR

    Dr. John Kan, CIO, A*STAR - Agency for Science, Technology & Research

    The Challenge within the IT Department

    Dr. David Asirvatham, Chief Technical Officer, University of Malaya

    Real IT Leaders are Story Tellers

    Jenny Levy, CIO, Primary Health Care

    right

    Cybersecurity of HVAC Systems in the Era of Connected Devices

    MATTHEW T. GOSS, PE, PMP, CEM, CEA, CDSM, LEED® AP(BD+C), MEP/ENERGY PRACTICE LEADER, CDM SMITH

    Tweet
    content-image

    MATTHEW T. GOSS, PE, PMP, CEM, CEA, CDSM, LEED® AP(BD+C), MEP/ENERGY PRACTICE LEADER, CDM SMITH

    When I work on HVAC-related projects, I often predominantly focus on identifying solutions that best meet client needs and objectives. Over the last several years, much of this work has been driven by implementing energy efficiency, sustainability, or resiliency-related measures. Although it’s always considered, I rarely specifically focus on cybersecurity-related to HVAC systems; however, I have developed a new appreciation for the practice.

    I recently served on the Technical Planning Team for the U.S. Department of Energy’s “Energy Exchange” virtual training event, where I supported a technical training track focused on cybersecurity by developing two technical discussions. One discussion described the importance of implementing cybersecurity for microgrids and distributed energy resources, and the other covered how cybersecurity can be applied to operational technology systems. Operational technology is the hardware and software that detects or causes a change through the direct monitoring and/or control of industrial equipment, assets, processes, and events(Source: Gartner Inc. “Definition of Operational Technology (OT) - Gartner Information Technology Glossary.” Gartner, https://www.gartner.com/en/information-technology/glossary/operational-technology-ot ). HVAC control systems, building management systems, and systems serving similar functions are considered operational technology.
    Engineers, owners, and operators of these systems need to understand how technologies at their facilities are connected as equipment controls become more advanced to provide additional functionality, more devices become internet-enabled, and everything becomes more “connected” in general.

    I’ve had the opportunity to interact with several thought-leaders in the cybersecurity industry, and there are several suggestions I’d like to pass along to engineers, designers, and owners/ operators of connected systems.

    - Don’t connect external devices such as hard drives or USB flash drives to your systems.

    - Immediately change default usernames/passwords as soon as the equipment is put online.

    - Do not share configuration files.

    - Continually train all equipment users.

    - Disconnect remote access.

    - Don’t use these systems to search and access the internet.

    In retrospect, all of these seem easily achievable, pragmatic, and commonsense. However, the challenge appears to be implementing and enforcing these guidelines. The question is no longer “if” we are hacked but “when.” Therefore, a plan must be in place as a proactive approach to security. I recommend conducting regular check-ins and reviews to ensure that all equipment users are following the rules.

    Individuals need to recognize this is a continuous and ever-changing process – it’s not static. Additionally, owners and operators need to prepare for the worst-case – the “what if” scenario. Again, while it may appear to be commonsense, owners and operators should also plan for disaster recovery. They should be prepared with a backup in case of an emergency like data breaches, malware attacks, or data loss. This is especially important as information provided by peers and colleagues indicates that most facilities not only don’t have a disaster recovery plan but don’t even change their systems’ default access information.

    As technology and connectivity advance, and as we use technology to make more informed decisions, we as designers and engineers need to broaden our knowledge and ensure we’re appropriately educating our clients, owners, and operators. It’s our job to give them the knowledge they need to appropriately Matthew T. Goss and securely monitor their environment.

    tag

    Information Technology

    Energy Efficiency

    Weekly Brief

    loading
    Top 10 IT Service Management Solution Companies – 2021
    ON THE DECK

    IT Service Management 2021

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://it-service-management.apacciooutlook.com/views/cybersecurity-of-hvac-systems-in-the-era-of-connected-devices-nwid-8031.html