Building automation system cyber networks: an unmitigated risk to federal facilities

Abstract

The General Services Administration accesses building-automation system technology that runsfederal facility processes such as HVAC, lighting, elevators, and access control via active Internet connections. Currently, these networks are not secure, despite legislation requiring them to be. This thesis investigated whether the Department of Homeland Security (DHS) could leverage existing federal laws, presidential directives, executive orders, government frameworks, and its current cyber and investigative capabilities to establish a strategy to secure federal facility building-automation system cyber networks, or if additional resources are needed The research uncovered significant vulnerabilities and threats to federal facility building-automation system networks, which, if exploited, could cause a significant impact on the American people, who are dependent on services offered by federal agencies such as the Department of Veterans Affairs and the Social Security Administration. A qualitative research method was used to interpret and analyze government and nongovernment institutional studies and reports, existing cybersecurity frameworks, and scholarly journals to determine which of the policy options offered would provide the best strategy for the DHS moving forward. The thesis concluded that utilizing a combination of private contractors and existing DHS assets would provide the best option.