Without the right plan, integrating smart technologies into a new or existing building can be a major challenge. At its core, a building’s consolidated IT/OT network serves as the foundation on which all smart technologies are layered. Because of this, resiliency must be designed and managed from the network up. David Cahoon, chief technology officer of Red Bison, a Mercer Island, Wash.–based managed technology service provider for the commercial real estate market, on how he approaches network resiliency from a commercial property perspective.
What is network resiliency?
To build redundancy into a network, we first must understand what it means. “Resiliency is the ability to maintain a prescribed and acceptable level of service,” Cahoon says. “In an intelligent building, the way a network is built and managed dictates how services can continue operating in the event of various faults and failures. This includes not only hardware and network path redundancy, but also the ability to take advantage of end-to-end visibility, cybersecurity, auditing, and reporting features.”
Examples of network resiliency architectures, processes, and systems can include:
- Fully redundant internet connectivity with path diversity.
- Core network and network security hardware deployed in active/active or active/standby pairs.
- Network monitoring that delivers end-to-end visibility on the device-level.
- The formation of secure logical segments to restrict unauthorized lateral movement.
“At the end of the day,” Cahoon says, “resiliency boils down to the level of reliability a connectivity platform needs to have to support in-building technologies.” He offers several questions that his team asks its commercial property clients to gauge their level of risk adversity:
- Can your network withstand a network link or equipment outage?
- What happens if the building network gets hit with a denial of service (DoS) attack?
- If malware were to reach connected smart building devices, will the network design prevent it from spreading laterally within the network and replicating across other IT and OT systems?
Compliance and governance considerations
A second factor that will affect the level of resiliency required in a building revolves around government compliance and regulations that must be met. “In many cases, if an in-building IP network is used to support the various fire and safety controls, including fire alarms, wet pipe systems, elevators and door controllers, then they are required by law to meet a specified level of resiliency,” Cahoon says. “This includes network redundancy with automatic path failover and the ability to monitor and report on the health of the network in real-time. Doing so ensures that the network platform and associated smart building technologies are performing as expected, and that they meet existing compliance requirements based on the state and municipality in which the building resides.”
IT and OT network unification
Many existing buildings with intelligent technologies consist of multiple air-gapped networks that support distinct technologies. One network may have been built to support in-building IT systems, while others were designed and deployed to support and monitor various operational technology systems.
“Instead of having to manage and secure multiple networks within a single building or campus, modern network architectures and technologies can be deployed to better secure and manage IT and OT using a unified network infrastructure,” Cahoon states. “This creates a single network from which all visibility, reporting, and auditing can be conducted. It also reduces the number of remote access entry points to one—which is easier to uniformly apply remote access policy to. Finally, a unified network is more cost-effective, both from an implementation and ongoing management perspective. Thus, from a budget perspective, it’s the lowest-cost option available.”
Network resiliency is an absolute must for smart building endeavors
One ultimate goal of smart building projects is to combine digitized processes with artificial intelligence so that building processes can be fully automated to create efficiencies and deliver modern conveniences, such as occupancy counts and real-time air-quality readings.
For any of these IT and OT systems to work, however, the network must be highly resilient. Building owners and operators seeking to integrate intelligent IT and OT into their buildings would be wise to bolster resiliency within building networks. While this process might not be the most thrilling part of the digital transformation process, it is an absolute must.
