Schneider and Claroty secure building management

  • June 27, 2022
  • Steve Rogerson

Schneider Electric and Claroty have developed a cyber-security offering to reduce cyber and asset risks for smart buildings.

French company Schneider Electric believes this will help all building users secure their building management systems (BMS) to protect their people, assets and operations. Jointly developed with New York-based security company Claroty, it combines technology with industry expertise and services to identify all facility-wide assets, deliver risk and vulnerability management capabilities, and provide continuous threat monitoring to protect enterprise investments.

Half of today’s buildings are likely to be still in use by 2050. This is driving commercial buildings to digitise their assets, including modernising their BMS. In fact, IoT technology for buildings is expected to grow from an existing 1.7 billion connected devices at the end of 2020 to over three billion by 2025. As these commercial buildings evolve into smart buildings of the future, they share at least one common trait: heightened exposure to risks.

The sector must address the security challenges presented by smart buildings. Studies have shown that 57 per cent of IoT devices are vulnerable to medium or high-severity attacks. Cyber attacks have already harmed several businesses, including critical infrastructure such as hospitals, data centres and hotels. The commercial building sector must find ways to safeguard both its access to the company’s IT systems as well as its mission-critical infrastructure.

“The integration of IoT in buildings is sparking an exciting shift across the sector but, like with any innovation, it also presents new risks,” said Annick Villeneuve, vice president at Schneider Electric. “For threat actors looking to disrupt operations, benefit financially and/or achieve other objectives, and in so doing to put individuals at risk, buildings can appear to be the perfect target. It is with this in mind that we are partnering with Claroty to bring our customers a comprehensive, industry-leading solution that meets the unique security and operational risks facing buildings of today and of the future.”

As more IoT devices are deployed within the buildings space and increased connectivity between previously isolated operational technology, BMS and their IT counterparts have made them attractive targets and vulnerable to cyber attacks. Additionally, facility managers oversee hundreds of vendors, service contractors and technicians in a fragmented manner, increasing complexity and risk.

“When it comes to securing cyber-physical systems, including BMS, the number one priority is to keep physical processes operational and safe,” said Keith Carter, vice president of Claroty. “By fusing Claroty’s deep domain expertise and purpose-built technology with Schneider Electric’s renowned services and commitment to driving digital transformation globally, we are empowering our customers to reap the benefits of smart building technologies without increasing their exposure to cyber risk, thereby taking a profound step towards creating a more efficient, sustainable future for the world.”

The offering includes asset discovery, risk assessment, remote access control, threat detection and response. It will give building owners, facility operators and security teams a simple way, without adding further workload, to identify baseline risks, continually reduce cyber and asset risks, and identify and remediate threats in their environment before services are interrupted.

It equips facility managers with a vendor agnostic product with which they can fulfil secure remote access, asset inventory, efficiency and other related requirements from building owners and asset managers. It provides automated asset discovery and network mapping that identifies and catalogues all system assets such as BMS, IoT, UPS, and other power systems.

Continuous threat detection constantly monitors buildings networks to identify, assess and alert at the earliest indicators of network and asset level anomalies. Vendors of smart building assets and systems can create external, secure tunnels to connect to and maintain specific resources and assets in the building network easily and without introducing additional risk.

Dashboards and reporting capabilities help management and security teams understand situations, receive tailored recommendations, and drive the proper actions to reduce a building’s exposure to safety, operational, financial and reputational risks.

The secure remote access (SRA) is purpose-built for buildings and OT environments to increase building security when vendors, contractors and technicians are performing remote maintenance activities.

Additionally, the visibility and intelligence gained on the building OT and asset environment through the deployment of Schneider Electric’s cyber-security for buildings offering can also bring additional benefits to the building owners and operators to enhance their building operational efficiency and productivity with actionable insights.