Traditionally, there are four methods to approaching risk. Acceptance, transfer, mitigation, and avoidance are well-known in the industry. The first treatment is to simply accept the risk. However, before the risk is accepted it needs to be quantified to understand the extent of the risk. The entire building stake- holder team will need to be involved in estimating the potential costs and consequences of the unmitigated risk. Therefore, the inability to perform the exercise can allow the risk to be accepted by the team without fully understanding the consequences of their decision. Furthermore, the risk could potentially be accepted by someone on behalf of the team without the knowledge or authority to accept the risk. Some of the key considerations for areas of risk to assess should include, at a minimum: • Security • Safety • Quality • Usability • Mission • Public image The concepts of security and safety are straight- forward and—recalling the definition of an intelligent building—align perfectly with the expectations and skillsets of the traditional design team. The con- siderations of mission and public image will require the broader team to account for the potential implications. The public image of an intelligent building has associated risks that need to be quantified. If the building is a little hotter than usual with service personnel working on systems, the occupants might be inconvenienced, but it is generally understood that sometimes things break down and require repair. If this situation is discovered to be the result of a cyber incident on the operational technology (OT) it could make the local evening news or go viral on social media. Depending on the severity of the event or even the volume of articles in the media, the story may be publicized beyond regional or national news. To understand quantifying the risk of tarnished public image requires talented team members with intimate business expertise to be involved in the process.
CONSEQUENCE FOCUSED DESIGN A deliberate exercise must be conducted to define what critical functions the systems must perform to fully understand the consequences that must be avoided. 4 Such an exercise must move past the basic functions of the system(s) and make a concerted effort to under- stand the safety and business functions performed. Designing an intelligent building is truly a team sport as one single person cannot know all of the answers to the items under consideration. This team should involve players outside of the traditional design team, such as some of the personnel exhibited in Figure 3 at a minimum. Each of these team members brings a unique per- spective and experience to the team. The risk experts and business representatives can articulate the mission and can help examine how to accomplish that mission even in a diminished capacity. These important team members will have concrete knowledge of the risk appetite of the organization. Naturally, the cost required to completely eliminate risk could grow infinitely. As money is always a limit- ing factor, understanding acceptable risk is important. The team will have to choose among competing priorities to arrive at the most complete solution set. FIGURE 3 : ICT designer, business representative, IT and OT, engineering risk expert.
All projects live in an environment with finite resources. Laws and regulations may require specific actions. Risk treatments associated with these aspects will need members of the team with business and legal expertise. There are numerous frameworks to choose from when ranking choices. Outside of corporate guidance, the team needs to arrive at a decision that allows “racking and stacking” of competing interests. Benefit-cost analyses will allow the team to arrive at a ratio by dividing the net present value of benefits by the net present value of costs to arrive at the benefit-cost ratio (BCR). 4 ENGINEERING CONTROLS The concept of engineering control has to be con- sidered very early in design to have the maximum positive impact. It is best practice now to identify engineering design changes that can “eliminate or mitigate cyber risk,” thereby reducing the need to bolt on “additive IT security controls”. 5 These are not the controls covered by National Institute of Standards and Technology (NIST) or further flushed out by control correlation identifiers (CCIs). An example could be if your home water heater
had a digital controller that was hacked. The hacker would not be able to overheat the vessel and cause a major explosion because of a design decision that was later codified requiring a temperature and pressure relief (T&P) valve—or what is commonly referred to as a pop-off valve on pressure vessels. Thoughtful consideration early on can have an outsized impact on security posture. The ICT designer plays an important role in contributing to resilient communication pathways while assisting
with eliminating unnecessary protocols. While the move to non-digital controls
is an unrealistic requirement in today’s connected environment, calculated decisions can mitigate the risks. Deploying sufficient manual controls can allow a system to keep the mission alive while fighting through a breach with needed resiliency. DESIGN SIMPLIFICATION Simplifying design involves removing features that are unnecessary to accomplishing the goals of the system. This can prove to be a tricky process for the design team in an era of intelligent buildings. The Association for Smarter Homes & Buildings (ASHB) states they
I
14
ICT TODAY
April/May/June 2025
I
15
Made with FlippingBook - Online catalogs