In our December 2024 Lunch & Learn webinar, hosted by KMC Controls, industry leaders came together to discuss the crucial subject of monitoring and hardening government facilities to decrease vulnerabilities in operational technology (OT). This session offered attendees insights into developing resilient infrastructures that protect against cyber threats while maintaining facility operations.

Understanding Hardening in Facility Management

Ari Reubin, leader at KMC Consulting, began the discussion by introducing the concept of “hardening” facilities. He emphasized the importance of securing both systems and environments against potential cyber threats. As Reubin put it, the title of the webinar itself reflects the goal: “Decreasing OT vulnerabilities and minimizing impact on building systems, personnel, and the environment.”

Daryl Haegley’s Perspective

Daryl Haegley, Technical Director at the Pentagon, provided a seasoned viewpoint on the state of OT cybersecurity. He remarked, “We have a long way to go because these systems were built a long time ago without security in mind.” Haegley shared his experience, highlighting the ongoing efforts to integrate cyber resilience into old and new infrastructures. He underlined the idea that “air gapping” – completely disconnecting systems from external networks – might not always be the safest route due to potential internal threats and lack of monitoring.

Scott Lanigan’s Viewpoint

Scott Lanigan, VP of Operations for Intelligent Buildings, brought in a perspective from the private sector. He stated, “We’ve seen it required…that this is something non-negotiable for our government clients.” Lanigan noted the trend toward integrating OT technology securely in government facilities, identifying it as a fundamental necessity for maintaining operational integrity.

Tim Vogel’s Insights

Tim Vogel, VP of Connected Solutions at KMC Controls, discussed the broader implications of hardening initiatives. He explained, “Hardening means ensuring only the right people have access to essential systems.” Vogel also highlighted KMC’s efforts in developing cybersecurity solutions tailored to protecting network integrity within building automation systems.

The Critical Role of Zero Trust

The panelists emphasized the importance of employing “Zero Trust” principles – a cybersecurity approach that involves verifying every request as though it originates from an open network, never implicitly trusting any user or system. As described by Daryl Haegley, Zero Trust requires “assuming that the adversary is already in the network.”

Strategies for Enhanced Resiliency

Throughout the webinar, our experts shared critical strategies for increasing the resilience of government and infrastructure facilities:

1. Conduct Comprehensive Assessments: Scott Lanigan emphasized the importance of understanding current vulnerabilities by performing detailed assessments of existing systems.
2. Engage with the Right Partners: Tim Vogel encouraged participants to find partners who can guide them through the complex landscape of modern cybersecurity practices.
3. Develop a Strong Narrative: Daryl Haegley stressed the need for facility managers to effectively communicate the significance of investing in cybersecurity measures to leadership, using relatable stories that align with business missions.

Moving Forward with Facility Management

As industries increasingly rely on interconnected technology, the stakes are higher than ever to ensure robust and secure facility operations. Scott Lanigan pointed out a practical aspect, noting, “When decision makers understand the risk, they begin to prioritize their policies accordingly.”

The webinar left attendees with actionable insights, as Tim Vogel advised starting small: “Plan big, start small, and scale fast.” This approach enables organizations to gradually build their cybersecurity frameworks while learning and adapting to emerging challenges.

In conclusion, the December Lunch & Learn reinforced KMC’s dedication and passion for the industries of building automation and cybersecurity. By fostering these discussions and sharing innovative strategies, KMC helps guide industry professionals toward a more secure and resilient future in facility management. We consider this is a most fitting end to our 2024 Lunch & Learn Highlights series. We hope you have enjoyed the refresher (or introduction) to these topics and that you will join us for our next series which will into the practical details of AFMS—you won’t want to miss it!

Watch the full episode: