The verbiage below was written by the SAME organization.
The 2021 SAME Federal Small Business Conference wrapped up Friday afternoon with a networking lunch in the Exhibit Hall, following multiple blocks of education sessions and business opportunity briefings in the morning. While there was not a general session to close the event, a pair of discussions held during the week, the CEO Roundtable on Wednesday, and a session Friday morning on small business size standards, underscore how the ideas, connections, and takeaways are not a moment in time that ends when attendees head home.
Building Better Cyber Security. First, the CEO Roundtable dived into a topic that is highly critical for the federal government and military installations, and which SAME is working on in collaboration with a number of subject matter experts and other stakeholders through an industry-government engagement project that passed a critical test during the week.
The subject of cybersecurity in the built environment and the interconnection between the advances created by smart technologies and the corollary risks to critical infrastructure that can arise unintentionally as a result has become a growing problem, seen most recently on a public level with the Colonial pipeline hacking earlier in 2021. But it also is a problem that is not well understood, is not well communicated, and is not well measured against in the commercial sector or in the federal space either.
SAME’s CEO Roundtables serve as a forum for bringing senior government and industry decision-makers together and address emerging or ongoing challenges facing the joint engineering community. Importantly, the discussions can validate efforts underway by gaining commitment from senior leaders to provide support, allocate resources or focus attention on a collaborative scale. This iteration served as a “vector check” for an SAME industry-government engagement project that is aiming to raise awareness of current and emerging cyber threats to smart operational technologies, and to help develop effective policy and standards for enhancing cybersecurity resiliency for federal facilities and infrastructure.
Leading the IGE project is Lucian Niemeyer, F.SAME, formerly the Assistant Secretary of Defense (Installations, Energy & Environment), and who earlier this year founded a nonprofit, Building Cyber Security, that is focused on this challenge as it impacts national security. Niemeyer, as well as Col. Brian May, USAF (Ret.), with Michael Baker International, led a discussion with industry and government leaders including the Engineering Service Chiefs, several senior civilians, and information security and cyber security experts from the private sector.
Niemeyer opened the discussion by relaying a story of serving in the Pentagon when senior military leadership asked what, ultimately, are the risks that the Defense Department, its missions and its people, face through cyber security vulnerabilities on physical assets. While the problem has found some progress, the greatest issues are a lack of formidable standards to design against, consistency in application across asset types, and reticence to fund the price tag of what it could cost to reduce risks. These issues, however, seem to be a challenge that is driven by a general lack of maturity around the entire process. It’s all still new, and without a roadmap to follow.
The path forward may be similar to how LEED generated interest, and investment, in sustainability. While building cyber security must be measured in real time, and not just when the facility or structure is completed, a straightforward tier of certifications can drive adoption. It also can better align which types of assets need the highest levels (and therefore the highest investment) and which can accept lower levels of certification, or even not pursue it at all because the return on investment is not practical.
Currently, the building cyber security methodology is being evaluated within the commercial sector and the insurance industry. The plan through the IGE project is to bring on government and industry representatives and determine interest and potential application for the federal/defense sector. Additional events within SAME will be held in the coming months to track progress, with JETC in May the next big checkpoint for its impact.