User Manual

Cybersecurity Basics

System Security

A6V11646120_enUS_b_40

15 | 85

changed during the engineering phase, the system is at high risk, because the hacker

can use it to install malicious software with administrator privileges.

A control or countermeasure is put in place to mitigate the risk and can include HW

or SW procedures, for example, a system with default passwords can be isolated from

the rest of the system to reduce the likelihood of being accessed by an attacker.

Figure 1: Threat and Risk Terminology

1.3 System Security

As explained in the introduction, every modern building automation system must

ensure an adequate level of Cybersecurity protection. It is, however, impossible to

reach a complete level of security, so that there is always a residual risk. The cost of a

counter measure must not exceed the potential damage it can provide. In any case,

the system owner must understand the residual risk and decide if it is acceptable for

the business.

It is important to adopt a systematic view of the security requirements, so that the

effectiveness of the controls is evaluated as a whole, rather than addressing every

component separately. In particular, compensatory counter measures can be

employed to mitigate the vulnerabilities of given subsystems so that the overall

desired security level is achieved.

It is also important that the different players involved contribute to the system

(manufacturers, system integrators and operators) according to their specific roles.

The responsibility of the manufacturers is to deliver security-capable products, up to

the level specified in their product documentation. The integrators are responsible to

design and deploy the solution according to the security specifications of the operator

and to respect the intended operational environments of used products. Finally, the

system operators are responsible for ensuring that the security is kept up to date

within the lifetime of the solution.

Maintaining the security of the solution requires establishing a continuous security

program framework that periodically assesses the desired target security level, the

risks of the system, the status and effectiveness of deployed controls and implements

corrective measures.