Page 3 of 4

Conversely, facilities systems can introduce new vulnerabilities to a network. A BAS can become a point of entry for threats if it is not secure and routinely updated. That is why many companies are turning to Web-based support tools — similar to those used in the IT realm — that provide automatic-control-system updates and security patches, among other things. These tools help ensure building systems are not susceptible to cyber attacks.

Organizations must determine the steps required to avoid and remedy network problems while considering physical and logical factors that can lead to breakdowns in security. When starting the planning process, important questions include:

• What systems are being added to the enterprise?

• How do product vendors provide critical support and necessary patch management?

• How do product vendors support dependency vendors, such as Microsoft, with critical updates?

• What is the current response plan for identified threats from the converged vendors?

• How will maintenance outages on the network impact security, life-safety, and other building systems?

DEVELOPING A SECURITY PLAN

Monitoring and network management are crucial factors for security and reliability; when facility, security, and business systems are sharing a common network, these activities become especially important. Although network management falls within the IT realm, it is essential that all of the parties involved — from network support to facility management — be made aware of outages and other problems immediately. Depending on the resources available, implementing a monitoring system for all critical network components can ensure fast notification and problem resolution when issues, such as viruses or unauthorized access, occur.

Besides monitoring, an option for improving security, response, and notification time is integrating functions that exist in silos. Organizations have benefited from integrating IT and building security not only for operational savings, such as a common 24-hr monitoring center, but to ensure that intellectual property is as secure as material assets by using common tools to determine who gets access to physical and IT resources. For example, business systems managed by IT, such as human-resources applications, have key data on employees' roles and status that, when integrated with access-control and IT-security systems, can eliminate manual-entry and management tasks while greatly improving information quality. If a systems engineer requires access to specific areas of a building, such as perimeter doors, an engineering lab, and a manufacturing floor, a single smart card could be used to grant not only physical access, but logical access to the business network if the employee needs to log in to a laptop or desktop station biometrically in one of the areas.

Event linking is another key benefit of integrating physical and logical security functions. Physical security alerts, such as an intrusion detected within a data center, can alert an IT center instantly to harden the network, preventing unauthorized access. Or, if a fire is detected within a facility, IT staff members can be alerted to take the necessary steps to protect the data center and network.

Several other common security strategies falling exclusively in an IT department's domain (e.g., data recovery and policy management) also apply to BAS integration.