Cybersecurity for Building Systems | NIST
Cybersecurity for Building Systems | NIST
https://www.nist.gov/programs-projects/cybersecurity-building-systems
Publish Date: 2026-02-19 03:00:00
Source Domain: www.nist.gov
Using an unordered list, summarize the following article with between 4 and 8 key points.
ObjectiveDevelop the building services cybersecurity application profiles and guidance needed by building owners, designers, manufacturers and others involved in the lifecycle of the building, to understand threats, risks, countermeasures and governance approach and to ensure cyber-secure facilities.Technical IdeaNIST will work with industry stakeholders within the Coalition for Smarter Buildings (C4SB) to establish the Digital Buildings Profile effort and within that to establish a new Cybersecurity Working Group. The Cyber WG will develop a set of application profiles to help building owners and other stakeholders to apply existing cybersecurity frameworks and tools to secure different building types with different cybersecurity requirements. Work inside C4SB is housed in the Linux Foundation, which is dedicated to open-source projects. The Cyber WG will make use of existing frameworks including: NIST Cybersecurity Framework, NIST Risk Management Framework, the DOE Cybersecurity Capability Maturity Model, the FEMP Facility Cybersecurity Framework and ISA/IEC 62443. This project will collaborate with other efforts under the Digital Building Profile effort and within NIST to advance digital twin technology and building semantics standards. The project will advance the Digital Building Profile—a concept for helping to drive industry toward more modern and connected buildings that are safe, cyber-secure, efficient, optimized, and working together with the grid and community.Research PlanNIST will initially work with industry thought leaders to develop the Digital Building Profile concept and establish a working group (the DBP-WG) under C4SB and publish a high-level introduction to the mission of this effort. NIST will host an ASHRAE Workshop session at the February 2026 winter conference and use this session to present the DBP WG plans and invite industry stakeholders to engage with a new Cybersecurity WG that will be part of the DBP effort. NIST will lead the Cyber-WG to agree on approach for cybersecurity for the modern digital building and then work with industry to develop application profiles based on existing standards and tools (per above). Industry stakeholders include facility owners (government, commercial and institutional) and operators, service providers (building management and analytics, aggregators, system vendors, etc.), building services staff, architects, engineers and construction.The Cyber WG will use an iterative and staged development plan for a set of application profiles, using Linux Foundation tools for publication and public review and open development.Work inside NIST will include collaboration with the Networked Control Systems Group in the Communications Technology Laboratory. That group is developing a Digital Twin for Operation Technology community profile, as well as updating the NIST SP 800-82 Guide to Industrial Control System Security. Both of these work efforts have some overlap with this project.NIST efforts in this project will be a multi-year effort to identify needed cybersecurity controls at different security levels for different building types. NIST will work with the Cyber WG to identify needed user guidance or tools for different stakeholders.
Credit:
NIST
