Keeping the Lights On and the Hackers Out: A Security Risk Assessment Process for Utilities and Building Automation Systems

Thursday, May 08 | 9:00AM–10:00AM | Grand Ballroom Salon B
Session Type: Professional Development

The Cornell IT Security Office performed a risk assessment of campus utility and building control systems, including its electric generating plant, steam plant, chilled water plant, and drinking water system, and increased a number of "smart" building automation systems. The ITSO developed a new process for assessing these complex and diverse campus utilities environments. We will present the methodology of this new process, compare it to our previous process, and offer lessons learned from the project. We will also show how this sort of assessment process can be incorporated into the larger institutional risk management program.


Understand the unique challenges involved with assessing risks for utilities and building control systems * Learn from our knowledge gained from attempting to create a customized assessment process for utilities and building control systems * Understand the value of performing this sort of risk assessment


  • Dan Adinolfi

    Senior Security Engineer, Cornell University
  • Joe Homza

    Sr Security Engineer, Cornell University

Resources & Downloads