Accession Number:



Building Automation System Cyber Networks: An Unmitigated Risk to Federal Facilities

Descriptive Note:

Technical Report

Corporate Author:

Naval Postgraduate School Monterey United States

Personal Author(s):

Report Date:


Pagination or Media Count:



The General Services Administration accesses building-automation system technology that runs federal facility processes such as HVAC, lighting, elevators, and access control via active Internet connections. Currently, these networks are not secure, despite legislation requiring them to be. This thesis investigated whether the Department of Homeland Security DHS could leverage existing federal laws, presidential directives, executive orders, government frameworks, and its current cyber and investigative capabilities to establish a strategy to secure federal facility building-automation system cyber networks, or if additional resources are needed The research uncovered significant vulnerabilities and threats to federal facility building-automation system networks, which, if exploited, could cause a significant impact on the American people, who are dependent on services offered by federal agencies such as the Department of Veterans Affairs and the Social Security Administration. A qualitative research method was used to interpret and analyze government and nongovernment institutional studies and reports, existing cyber security frameworks, and scholarly journals to determine which of the policy options offered would provide the best strategy for the DHS moving forward. The thesis concluded that utilizing a combination of private contractors and existing DHS assets would provide the best option.

Subject Categories:

Distribution Statement: