Building automation system cyber networks: an unmitigated risk to federal facilities

Download
Author
Tupper, Shawn P.
Date
2015-12Advisor
Kiernan, Kathleen
Rollins, John
Metadata
Show full item recordAbstract
The General Services Administration accesses building-automation system technology that runsfederal facility processes such as HVAC, lighting, elevators, and access control via active Internet connections. Currently, these networks are not secure, despite legislation requiring them to be. This thesis investigated whether the Department of Homeland Security (DHS) could leverage existing federal laws, presidential directives, executive orders, government frameworks, and its current cyber and investigative capabilities to establish a strategy to secure federal facility building-automation system cyber networks, or if additional resources are needed The research uncovered significant vulnerabilities and threats to federal facility building-automation system networks, which, if exploited, could cause a significant impact on the American people, who are dependent on services offered by federal agencies such as the Department of Veterans Affairs and the Social Security Administration. A qualitative research method was used to interpret and analyze government and nongovernment institutional studies and reports, existing cybersecurity frameworks, and scholarly journals to determine which of the policy options offered would provide the best strategy for the DHS moving forward. The thesis concluded that utilizing a combination of private contractors and existing DHS assets would provide the best option.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Mitigating risk to DOD information networks by improving network security in third-party information networks
Kansteiner, Michael J. (Monterey, California: Naval Postgraduate School, 2016-06);Poorly defended third-party information networks can act as an attack vector for cyber attackers to successfully breach larger and more robustly defended information networks. Therefore, third-party networks connecting to ... -
Homeland Security Affairs Journal, Volume IV - 2008: Issue 2, June
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2008-06);June 2008. How do we define “homeland security?” Is it best addressed at a local, state, or national level? These are the underlying questions posed by our authors in this issue of Homeland Security Affairs. In “What is ... -
Cyber System Assurance through Improved Network Anomaly Modeling and Detection
Bollmann, Chad A. (Monterey, California: Naval Postgraduate SchoolMonterey, California. Naval Postgraduate School, 2019-12); NPS-19-N039-AThe objectives of this work were to investigate the source of the dual natures of network traffic (i.e., Gaussian and alpha-stable) in order prove the merit of further development, improvement, and application of non-parametric ...