ASHRAE Journal - May 2023 - 24
FEATURE
the internet for a wide variety of reasons. One question
the designer should ask is if this is absolutely necessary
for the facility to operate. Certain facilities can operate
without any outside network connection, thereby significantly
reducing/removing external threats.
An example of a significant external threat is the use
of back-door networks. These are the cellular or open
Wi-Fi connections put in by contractors, integrators or
equipment suppliers unbeknownst to the owner or used
for " temporary " setup and commissioning prior to the
full IT network being in place. However, the temporary
access becomes permanent when the contractor forgets
to remove the interfaces.
One best practice for helping secure building systems
is to build in continuous monitoring of the various
threat vectors in the base system design. Simple
monitoring of communication systems for anomalies
can provide a rapid response mechanism for facility
managers. Often systems are not designed with any
network traffic monitoring. When a breach occurs, it
may be hours, days or weeks before anyone realizes it,
and the damage is done.
Facility Cybersecurity Assessment
Part of any good risk assessment is starting with a good
understanding of the owner's risks and paranoia. " What
could happen? How concerned am I if it does? And what
would be the impact? " The answers vary depending
upon what kind of facility is involved. A model for risk
assessment based on facility type and use is provided in
ASHRAE Guideline 13-2023. The owner should take the
lead when doing the initial cybersecurity assessment
and bring together the right team members and experts.
The outcome is a set of guiding principles, procedures
and requirements that are handed to the design team
to implement.
There are three levels of facility types (Basic, Moderate
and Advanced) based on potential risk and negative
impacts of a cybersecurity breach (Table 1).
Basic Building Type
Basic buildings may have minimal occupant levels per
square foot and minimal information data (such as BAS
access credentials, key cards), health risk or negative
effects if a BAS breach did occur. There may be limited
or no major assets, and the building may only have some
basic HVAC equipment. These buildings often have very
24
ASHRAE JOURNAL ashrae.o rg M AY 2023
TABLE 1 Building types.
BASIC
Small Office Building
Restaurant
Supermarket
Convenience Store
Gas Station
Small Apartment Complex
MODERATE
Schools
ADVANCED
Shopping Center or Mall
Medical Outpatient
Facility
Regional/Local
Government Office
Medium-Sized Leased
Space Office Building
Hospital
University
Manufacturing Facility
Large Office Building
Corporate HQ
Research Lab
Operations Center
Data Center
Government Campus
Military Facility
Broadcast Media Facilities
Emergency Services Facility
transient occupants, such as a store where a person has
a limited amount of time within the facility and minimal
interaction with the BAS system, or where there is
a smaller core group of occupants with a higher level of
transient occupants that arrive for services (shopping,
eating), and then leave. It also may not have many on-site
assets of note. This type of facility typically does not have
any dedicated IT staff or IT resources available locally.
Moderate Building Type
This type of facility has more risk to the occupants and
moderate levels of potential disruption in the event of
a breach. Moderate occupant density and type may put
this facility in a moderate category of risk. There may be
some critical assets like computer systems or products
that are at risk. More specialty systems are found in
these types of buildings, including access to controlled
substances, more personal data and more complex BAS
systems (i.e., air quality monitoring, advanced physical
security screening and risk and more critical workforce
task risk).
Additionally, these types of facilities will often have
some IT expertise available either as part of the local
staff or from an on-demand service supporting the
facility or the organization. The IT staff will typically be
involved in some level of securing the building through
setup of the IP network.
Advanced Building Type
Buildings that could pose a very high risk either to
personnel, information, assets or the facility's process if
compromised cybersecurity-wise fall into the advanced
building type category. These types of facilities require
http://www.ashrae.org
ASHRAE Journal - May 2023
Table of Contents for the Digital Edition of ASHRAE Journal - May 2023
Contents
ASHRAE Journal - May 2023 - Intro
ASHRAE Journal - May 2023 - Cover1
ASHRAE Journal - May 2023 - Cover2
ASHRAE Journal - May 2023 - 1
ASHRAE Journal - May 2023 - Contents
ASHRAE Journal - May 2023 - 3
ASHRAE Journal - May 2023 - 4
ASHRAE Journal - May 2023 - 5
ASHRAE Journal - May 2023 - 6
ASHRAE Journal - May 2023 - 7
ASHRAE Journal - May 2023 - 8
ASHRAE Journal - May 2023 - 9
ASHRAE Journal - May 2023 - 10
ASHRAE Journal - May 2023 - 11
ASHRAE Journal - May 2023 - 12
ASHRAE Journal - May 2023 - 13
ASHRAE Journal - May 2023 - 14
ASHRAE Journal - May 2023 - 15
ASHRAE Journal - May 2023 - 16
ASHRAE Journal - May 2023 - 17
ASHRAE Journal - May 2023 - 18
ASHRAE Journal - May 2023 - 19
ASHRAE Journal - May 2023 - 20
ASHRAE Journal - May 2023 - 21
ASHRAE Journal - May 2023 - 22
ASHRAE Journal - May 2023 - 23
ASHRAE Journal - May 2023 - 24
ASHRAE Journal - May 2023 - 25
ASHRAE Journal - May 2023 - 26
ASHRAE Journal - May 2023 - 27
ASHRAE Journal - May 2023 - 28
ASHRAE Journal - May 2023 - 29
ASHRAE Journal - May 2023 - 30
ASHRAE Journal - May 2023 - 31
ASHRAE Journal - May 2023 - 32
ASHRAE Journal - May 2023 - 33
ASHRAE Journal - May 2023 - 34
ASHRAE Journal - May 2023 - 35
ASHRAE Journal - May 2023 - 36
ASHRAE Journal - May 2023 - 37
ASHRAE Journal - May 2023 - 38
ASHRAE Journal - May 2023 - 39
ASHRAE Journal - May 2023 - 40
ASHRAE Journal - May 2023 - 41
ASHRAE Journal - May 2023 - 42
ASHRAE Journal - May 2023 - 43
ASHRAE Journal - May 2023 - 44
ASHRAE Journal - May 2023 - 45
ASHRAE Journal - May 2023 - 46
ASHRAE Journal - May 2023 - 47
ASHRAE Journal - May 2023 - 48
ASHRAE Journal - May 2023 - 49
ASHRAE Journal - May 2023 - 50
ASHRAE Journal - May 2023 - 51
ASHRAE Journal - May 2023 - 52
ASHRAE Journal - May 2023 - 53
ASHRAE Journal - May 2023 - 54
ASHRAE Journal - May 2023 - 55
ASHRAE Journal - May 2023 - 56
ASHRAE Journal - May 2023 - 57
ASHRAE Journal - May 2023 - 58
ASHRAE Journal - May 2023 - 59
ASHRAE Journal - May 2023 - 60
ASHRAE Journal - May 2023 - 61
ASHRAE Journal - May 2023 - 62
ASHRAE Journal - May 2023 - 63
ASHRAE Journal - May 2023 - 64
ASHRAE Journal - May 2023 - 65
ASHRAE Journal - May 2023 - 66
ASHRAE Journal - May 2023 - 67
ASHRAE Journal - May 2023 - 68
ASHRAE Journal - May 2023 - 69
ASHRAE Journal - May 2023 - 70
ASHRAE Journal - May 2023 - 71
ASHRAE Journal - May 2023 - 72
ASHRAE Journal - May 2023 - 73
ASHRAE Journal - May 2023 - 74
ASHRAE Journal - May 2023 - 75
ASHRAE Journal - May 2023 - 76
ASHRAE Journal - May 2023 - 77
ASHRAE Journal - May 2023 - 78
ASHRAE Journal - May 2023 - 79
ASHRAE Journal - May 2023 - 80
ASHRAE Journal - May 2023 - Cover3
ASHRAE Journal - May 2023 - Cover4
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_FYONLJ
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2024november_v2
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2024november
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_BDMHLG
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_WJDGRY
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_ATMAHK
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_VHQRAW
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_XGMDXI
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_YELQLJ
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_QJLWMC
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_MCDEBX
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_WNYSQY
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_XATVOD
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_FJSHSS
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_CCBZDS
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_XDEFVG
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2023november_v2
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2023november
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_VHGNBL
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_WPKBNJ
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_UUVCDE
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_RTGDEW
https://www.nxtbook.com/nxtbooks/ashrae/ashraemexico_2023
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_LKRFXS
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_AZSOFG
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_ERCDBH
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_QWDFRV
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_JHGVDF
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_OPUYHG
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_SREIBM
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_LRTGLK
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_OKRFGH
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2022november_v2
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2022november
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_TZSERA
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_LVRUIX
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_RPTVYZ
https://www.nxtbook.com/nxtbooks/ashrae/mini_pub_catalog
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_XIYTGD
https://www.nxtbook.com/nxtbooks/ashrae/ashraemexico_2022
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_RFGDOB
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_PABXNU
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_REMKLS
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_PICVBT
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_AOYTVW
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_JQOPLS
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_IOYTBC
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_SGAJJF
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_IGHYER
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_PDRKLS
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2021november
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2021november_v2
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_XCODFR
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_QSLFGO
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_ILKVNM
https://www.nxtbook.com/nxtbooks/ashrae/ashraemexico_2021
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_OPDJKD
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_VJKSRY
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_SDHUTC
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_JPPKRR
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_SDLTTH
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_CKLLES
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_SLDOX
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_HJETUK
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_OLUHGE
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2020october
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2020october_v2
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_ZERDGH
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_QVMNEO
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_RTPOKE
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_BBATRE
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_STUBMW
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_TPEMPE
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_JNMKDS
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_FBTTPA
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_WQMMNE
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_TVBRYN
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_showguide2020
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_KTUZMA
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_ABEDGD
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201910
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201909
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2019septmeber_v2
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2019september
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201908
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201907
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201906
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201905
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201904
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_2019april
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201903
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_2019march
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201902
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201901
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_showguide2019
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_2018december
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_2018november
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2018fall_v2
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2018fall
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_2018october
https://www.nxtbook.com/nxtbooks/ashrae/ashraemexico_2018
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201810
https://www.nxtbook.com/nxtbooks/ashrae/ashraeinsights_201806
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201805
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201804
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201803
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201712
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201711
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201710
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2017fall_v2
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2017fall
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201709
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201705
https://www.nxtbook.com/nxtbooks/ashrae/ashrae_meetinginsert_201610
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2016fall_v2
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2016fall
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_acrexindia
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2015summer_v2
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_amca_2015summer
https://www.nxtbook.com/nxtbooks/amca/2014summer2
https://www.nxtbook.com/nxtbooks/amca/2014summer
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_acma_2014summer
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201311
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201309
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_acmasupp_2013fall
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201305
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201303
https://www.nxtbook.com/nxtbooks/ashrae/pubcatalog_2013winter
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201211
https://www.nxtbook.com/nxtbooks/ashrae/achr_expo_mexico2012
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201209
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201208_v3
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201208_v2
https://www.nxtbook.com/nxtbooks/ashrae/pubcatalog_2012summer
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201205
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201203
https://www.nxtbook.com/nxtbooks/ashrae/pubcatalog_2012winter
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201111_v2
https://www.nxtbook.com/nxtbooks/ashrae/ashraejournal_201109_v2
https://www.nxtbook.com/nxtbooks/ashrae/pubcatalog_2011summer
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201105
https://www.nxtbook.com/nxtbooks/ashrae/meetingplanner_201103
https://www.nxtbookmedia.com