There’s an old story told in military circles that illustrates the problems of discussing security. Each of the three forces was told to secure a building. The army arranged for a platoon to set up a perimeter guard around the building. Troops surrounded the building, and let no one out. The Navy sent in the Marines, who took possession of the building, searched it room by room, and set up a guard at all of the entrances so no one could come in. The Air Force contacted a procurement officer, who negotiated a three year lease on the building.

That’s the problem with security. Everyone knows what they mean when they say it, and no one asks what anyone else means.

Proper security is an absolute requirement for modern building control systems. Modern systems have added IP communications, the standard protocol of the internet and sit on the corporate network. If we are going to allow enterprise programmers, and even tenants, to interact with embedded control systems, security is the key. Security is specified as a requirement in every new construction job.

When I ask for security, though, I never know what I am going to get. I am also pretty sure that I will never be asked. Will I get the Army, the Navy, or the Air Force?

Straining the analogy, I can pretty much assume I will get the Army version. Building systems put in perimeter security; nothing gets in or out. To my mind, perimeter security is the most expensive kind.

Perimeter security is too expensive. The control system costs what is costs. I get some minimum value for that cost. Perimeter security means that I will never get more than that minimal value because I cannot get to the systems and their information. Perimeter Security is too expensive because it is the hard way to accomplish results; if I want the system to talk to no one, it is far cheaper and more secure to cut a door into a wall than it is to lock that door carefully. Perimeter Security is insecure because it is not as secure as no access at all.

Until building systems define higher level functions for network access, any security beyond perimeter security indefinable. What does secure access to a temperature setting mean? How to I define the proper access for a C-Level executive, for her administrative assistant, and for a building tenant, if all I have is tags and sensor readings, never defined. IF those tag reading turn into the lobby thermostat, or the building security schedule, then perhaps we have some way to talk about security.

I want better security. I want to have serious discussions about what better security means. But first, we need to define what is being secured.