Accession Number : AD1009306


Title :   Building Automation System Cyber Networks: An Unmitigated Risk to Federal Facilities


Descriptive Note : Technical Report


Corporate Author : Naval Postgraduate School Monterey United States


Personal Author(s) : Tupper,Shawn P


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1009306.pdf


Report Date : 01 Dec 2015


Pagination or Media Count : 131


Abstract : The General Services Administration accesses building-automation system technology that runs federal facility processes such as HVAC, lighting, elevators, and access control via active Internet connections. Currently, these networks are not secure, despite legislation requiring them to be. This thesis investigated whether the Department of Homeland Security (DHS) could leverage existing federal laws, presidential directives, executive orders, government frameworks, and its current cyber and investigative capabilities to establish a strategy to secure federal facility building-automation system cyber networks, or if additional resources are needed The research uncovered significant vulnerabilities and threats to federal facility building-automation system networks, which, if exploited, could cause a significant impact on the American people, who are dependent on services offered by federal agencies such as the Department of Veterans Affairs and the Social Security Administration. A qualitative research method was used to interpret and analyze government and nongovernment institutional studies and reports, existing cyber security frameworks, and scholarly journals to determine which of the policy options offered would provide the best strategy for the DHS moving forward. The thesis concluded that utilizing a combination of private contractors and existing DHS assets would provide the best option.


Descriptors :   COMPUTER NETWORKS , FACILITIES , control systems , computer network security


Distribution Statement : APPROVED FOR PUBLIC RELEASE