New profile created by smart-building industry experts who understand which vulnerabilities are biggest threats and which test cases should be included to mitigate them
The ioXt Alliance announced the expansion of its IoT security certification program to include building network controllers (BNCs).
The BNC security certification profile was developed by a profile working group of smart-building industry experts and ioXt team members. The group consists of industry experts from companies such as Acuity Brands, Alerton, CBRE, Delta Controls, and Regulvar, to name a few, representing BNC product manufacturers, ecosystem integrators and protocol security companies.
“Our industry-led workgroups are able to create security profiles for specific device categories because they have the knowledge and expertise in their fields to identify vulnerabilities and create test cases to mitigate them. The BNC profile best evaluates the security of these smart building devices and enables BNC manufacturers to provide optimal security to their customers,” said Grace Burkard, director of operations, ioXt Alliance.
“It was a pleasure to participate with the ioXt Alliance and the others on the BNC profile task group. The combined experience of customers, installers and other manufacturers sparked numerous educational conversations, and everyone walked away having a broader perspective of security and what it means to be secure. We are anxious to see the benefits to the industry as the profile is reviewed and adopted by consumers,” said Jesse Collier, manager of product market, Acuity Brands.
The working group defined the scope of the profile, the threat models, and a gap analysis with the associated ioXt test case library to create a profile that will mitigate the specific vulnerabilities to building network controllers. The BNC profile used the Network Lighting Controller (NLC) profile as the baseline, however, there are many BNC product attributes that required unique profile features in support of the testing and certification of BNC products.
“My interest in ioXt and participating in the creation of a cybersecurity profile for building network controllers stems from the advancements in building management systems and the fact that operational technology (OT) networks are becoming more sophisticated. Building owners and facility engineers are becoming more aware of the need to be diligent in securing their OT networks. I am often asked to complete cybersecurity evaluation questionnaires on our OT network connected devices. These questionnaires are never the same and can take a considerable amount of time to complete. Having products that have been tested against an ioXt profile and carry ioXt certification will make my life much easier in communicating the cybersecurity qualifications of our controllers and systems,” said Kevin Callahan, senior sales engineer and evangelist, Alerton.
“CBRE recognized an opportunity to contribute a customer perspective to IoXt related to IoT standards in the building industry. Our aim was to collaborate and help raise the tide on common standards in IoT security as well as set the tone for industry confidence across the vendor portfolio. We hope our service in this vision aids the building industry as a whole,” said Ron Vissers, IT, Director, CBRE.
BNCs play a key role in smart-building infrastructure. They provide a centralized, programmable point of automation that can manage, configure, monitor, and troubleshoot virtual network infrastructure instead of performing manual configuration of network devices and services. They provide an interface between the business and the network infrastructure.
“Working with the ioXt committee on the BNC profile has been a delight and an enriching experience. Our collaboration as a group of experts in our respective fields was fruitful and I think it really paved the way to a better and more secure world in the connected building industry. I am glad I had the opportunity to contribute and hope that the profile serves other professionals making informed decisions in their respective fields,” said Gabriel Verreault, software developer, Regulvar.
BNC manufacturers have two options to certify: third-party testing and self-accreditation. If they prefer to work with an authorized lab for third-party testing, If they prefer to self-certify, they can fill out the certification wizard in the member portal and upload the proper documentation. The ioXt technical team will thoroughly review the information provided from both methods and provide feedback before approval. In either case, once approved, the product will receive the ioXt SmartCert label and be visible on the Certified Products page of the ioXt website.
The ioXt Alliance is the global standard for IoT security. Founded by leading technology and product manufacturing firms, ioXt is the only industry-led, global IoT product security and certification program in the world. Products with the ioXt SmartCert label give consumers and retailers greater confidence in a highly connected world. visit: ioxtalliance.org.ioxtalliance.org