Evaluating the Maturity of Cybersecurity Programs for Building Control Systems

Glantz, Clifford S.; Somasundaram, Sriram; Mylrea, Michael E.; Underhill, Ronald M.; Nicholls, Andrew K.

Title: Evaluating the Maturity of Cybersecurity Programs for Building Control Systems

Conference · Mon Aug 29 00:00:00 EDT 2016

OSTI ID:1345458

Glantz, Clifford S.; Somasundaram, Sriram; Mylrea, Michael E.; Underhill, Ronald M.; Nicholls, Andrew K.

The cyber-physical security threat to buildings is complex, non-linear, and rapidly evolving as operational and information technologies converge and connect buildings to cyberspace. Cyberattacks on buildings can exploit smart building controls and breach corporate networks, causing financial and reputational damage. This may result in the loss of sensitive building information or the disruption of, or damage to, the systems necessary for the safe and efficient operation of buildings. For the buildings and facility infrastructure, there is a need for a robust national cybersecurity strategy for buildings, guidance on the selection and implementation of appropriate cybersecurity controls for buildings, an approach to evaluate the maturity and adequacy of the cybersecurity programs. To provide an approach for evaluating the maturity of the cybersecurity programs for building control systems, the US Department of Energy’s widely used Cybersecurity Capability and Maturity Model (C2M2) has been adapted into a building control systems version. The revised model, the Buildings-C2M2 (B-C2M2) provides maturity level indicators for cybersecurity programmatic domains. A “B-C2M2 Lite” version allows facility managers and building control system engineers, or information technology personnel to perform rapid self-assessments of their cybersecurity program. Both tools have been pilot tested on several facilities. This paper outlines the concept of a maturity model, describes the B-C2M2 tools, presents results and observations from the pilot assessments, and lays out plans for future work.

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Cite

Export

Save

Research Organization:: Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-76RL01830

OSTI ID:: 1345458

Report Number(s):: PNNL-SA-116581; EL1703010

Resource Relation:: Conference: ACEEE Summer study on Energy Efficiency in Buildings, August 21-26, 2016, Pacific Grove, California, 12-1 - 12-12

Country of Publication:: United States

Language:: English

Similar Records

APPLICATION OF MATURITY MODELS FOR EVALUATING CYBERSECURITY PROGRAMS AT NUCLEAR AND RADIOLOGICAL FACILITIES

Conference · Wed Mar 11 00:00:00 EDT 2020 · OSTI ID:1345458

Glantz, Clifford S.; Clements, Samuel L.; Pederson, Perry A.; +5 more

Facility Cybersecurity Framework Best Practices

Technical Report · Sun Aug 30 00:00:00 EDT 2020 · OSTI ID:1345458

Gourisetti, Sri Nikhil G.; Reeve, Hayden; Rotondo, Julia A.; +1 more

The CYBER security – Competency Health and Maturity Progression (CYBER-CHAMP) model: Extending the National Initiative for Cybersecurity Education (NICE) Framework Across Organizational Security

Journal Article · Mon Nov 16 00:00:00 EST 2020 · Cybersecurity Skills Journal: Practice and Research · OSTI ID:1345458

Hott, Jade A.; Stailey, Shane D.; Haderlie, Donaven M.; +1 more

Title: Evaluating the Maturity of Cybersecurity Programs for Building Control Systems

Citation Formats

Similar Records

Related Subjects