PNNL

Abstract

The purpose of this paper is to demonstrate the cybersecurity and software capabilities of Buildings Cybersecurity Framework (BCF) webtool. The webtool is designed based on BCF document and existing NIST standards. It’s capabilities and features are depicted through a building usecase with four different investment scenarios geared towards improving the cybersecurity posture of the building. BCF webtool also facilitates implementation of the goals outlined in Presidential Executive Order (EO) on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (May 2017. In realization of the EO goals, BCF includes five core elements: Identify, Protect, Detect, Respond, and Recover, to help determine various policy and process level vulnerabilities and provide mitigation strategies. With the BCF webtool, an organization can perform a cybersecurity self-assessment; determine the current cybersecurity posture; define investment based goals to achieve a target state; connect the cybersecurity posture with business processes, functions, and continuity; and finally, develop plans to answer critical organizational cybersecurity questions. In this paper, the webtool and its core capabilities are depicted by performing an extensive comparative assessment over four different scenarios.