Working Group

#667 Cybersecurity Working Group

F Gordy Thu 24 Jan 2019

The intent of this post is to request the formation of the Working Group CySecWG (Cybersecurity Working Group) and invite other Project Haystack members to join. I am somewhat new to Project Haystack and welcome guidance on the format and process of the creation and maintenance of a Working Group.


SmartBuilding Cybersecurity awareness is growing. However, building control systems standards are as varied as the number of integrators installing these systems. Project Haystack is the leader in standardization for the building control space and it is only natural that cybersecurity should be a part.

The Building Blocks

The NIST Cybersecurity Framework Core are activities to achieve specific cybersecurity outcomes and reference examples of guidance to achieve those outcomes. The Core is comprised of four core elements to help manage risk which are Function, Categories, Subcategories, and Informative References. At a high-level, Function is organized into five basic cybersecurity activities which are Identify, Protect, Detect, Respond, Recover. Underneath Functions are 21 Categories which are the identified outcomes of each Function. The categories are broken down further into Subcategories that are outcomes of technical and/or management activities. The Subcategories are followed by Informative References that are illustrative and not exhaustive of standards, guidelines, and practices.


With Project Haystack and the NIST Cybersecurity Framework, the building blocks for creating standard identification and classification of control system components are already available. The purpose of this Working Group is to establish a tagging schema that enables the control system to enable key data gathering that applies to the Functions and Categories of the NIST Cybersecurity Framework. In doing so, the data will be available to monitor for & identify threats, provide data for forensics, monitor & notify of configuration changes, and allow for a more automated approach to measure compliance.

The initial objectives will be: • Identify the low hanging fruit • Construct the foundational attributes • Categorization & classification.


All are welcome that have an interest in cybersecurity for control systems. Members need not be cybersecurity experts. Input from those who have not been involved in cybersecurity in the past will aid in the development and eventual socialization by establishing an easily understandable product.

Matthew Giannini Thu 24 Jan 2019

Hi Fred - I have promoted this topic to a working group and you are the Champion!

F Gordy Thu 24 Jan 2019

Thank you Matthew!

F Gordy Fri 25 Jan 2019

Discovery Call

For those interested, I would like to propose a CySecWG members discovery call to begin to lay down the framework of cybersecurity tagging and use cases. If you are interested please indicate what dates and times work in the Doodle Calendar.

Doodle Calendar Link -

F Gordy Tue 5 Feb 2019

Good Morning,

I checked Doodle this morning and it looks like the majority (one is tentative) can meet Monday, 2/11 @ 4 PM ET. If you haven't marked your preference and would like to attend the first call of this working group, go to and select your preferences.

I look forward to "meeting" you soon and get this group going!

Fred Gordy

F Gordy Wed 6 Feb 2019

Good Morning,

I am scheduling the first meeting for Monday, 2/11 @ 4 PM ET. The meeting info is below. If you want an Outlook please let me know and I will send it to you.

The agenda is going to be somewhat loose for this first meeting. We discuss goals and objectives as well as how we want to convey and store information.

I look forward to speaking with you on Monday and getting this group going!

Fred Gordy is inviting you to a scheduled Zoom meeting.

Join Zoom Meeting

One tap mobile +16465588656,,933838987# US (New York) +16699006833,,933838987# US (San Jose)

Dial by your location

+1 646 558 8656 US (New York)
+1 669 900 6833 US (San Jose)
+1 877 853 5247  US Toll-free
+1 877 369 0926 US Toll-free

Meeting ID: 933 838 987 Find your local number:

Kevin Smith Wed 6 Feb 2019

This is a great idea. Thanks for setting this up!

F Gordy Thu 30 May 2019

Time to get back to work!

A few months ago we had a kick-off call for this working group. I would like to establish a cadence to begin calls to work on laying the foundation for cybersecurity tagging. We will start with a simple framework.

Along this line...

During this year's Haystack Connect, Rob Murchison, co-founder of Intelligent Building, presented "Cybersecurity Framework, Categorization & Classification". The link below is to the presentation he did.

Steve Eynon Sat 1 Jun 2019

I did enjoy Rob Murchison's talk at Haystack Connect for he introduced me to an on-going debate I wasn't aware of:

Operations Technology (OT) vs. Information Technology (IT)

I looked, without success, for the whitepaper he mentioned - but there seems to be a fair bit already written on the topic. Here are a couple of links that aren't too bad:

Ross Schwalm Mon 3 Jun 2019

Are there any notes or a summary of the first meeting posted somewhere?

F Gordy Fri 7 Jun 2019

Hi Steve,

Thank for sharing those. Here is the whitepaper that Rob spoke of.

Hi Ross,

No, the first call was introductory. When we start the meeting series they will be recorded and posted to the group here.

Thank you,


Login or Signup to reply.