As former, Director of the National Counterintelligence and Security Center (NCSC), William Evanina lived with the myriad dimensions of the threat posed by the Chinese government and its surrogates on a daily basis. From the theft of government, corporate and private information to ultra-sophisticated hacks to electronic components and equipment that is installed throughout our country and its products, Mr. Evanina is one of the few people who truly understands the magnitude and scope of the peril. In his address, he will illuminate this threat with his knowledge and experiences. Further, he will offer guidance specific to our audience on measures we should all be taking to reduce the impact of the Chinese mal intent. Finally, he will share some optimistic notes that the United States is not powerless in this situation.

As buildings become more intelligent Division 25 (Integrated Automation) is emerging as a key specification area that security systems designers should be familiar with. Specifically, CSI MasterFormat specifically includes security under the following numbers:
- 25 38 00: Integrated Automation Instrumentation and Terminal Devices for Electronic Safety and Security Systems
- 25 58 00: Integrated Automation Control of Electronic Safety and Security Systems
- 25 98 00: Integrated Automation Control Sequences for Electronic Safety and Security Systems
This lack of familiarity can lead to confusion in the areas of design and installation responsibility, coordination, and effective integration and supervision of disparate systems. Also, Division 25 is an appropriate place to outline expectations for service as part of a “day 2” strategy in these smart building projects. The moderator of this panel works for a company heavily involved in Division 25 projects and will lead a discussion among experts from different stakeholder areas to bring added clarity, awareness of issues, and recommendations for working within Division 25.

If your firm is providing, or considering providing managed security services, then you SHOULD attend this session. If your firm is NOT considering managed services, then you MUST attend this session. Hear perspectives on managed services from John O’Connor at Harvard Business School, Dan O’Neill and Matt Isgur from ADRM and Jim Muncey from Pavion. Learn how designs are impacted, how services are offered and delivered, the value of building a cohesive team and the benefits to customers of the systems. ADRM was the recipient of the 2022 Elliot A. Boxerbaum Design Award. Elliot helped Dan O’Neill grow his business and he is “paying it forward” and wants to share Managed Services lessons learned that will help you grow and sustain your consulting practice.

Many projects, including the majority of Government contracts, are based on a sealed bid. While appearing to provide the lowest price, experience shows that the Bid process can lead to sub-standard workmanship, incomplete work, rampant change orders, schedule delays, and aggravated clients. Further, qualified integrators may be disinclined to bid or maintain a policy of not participating in bid work. The Request for Proposal (RFP) is a mechanism for qualified respondents to propose design alternatives and product options which may represent better solutions. These projects often require a high degree of technical expertise. As a result, experience and approach are considered in addition to the price. Evaluation may be based on overall responsiveness to proposal and criteria provided in RFP for evaluation. Each method has its strengths and weaknesses. The ease of evaluating bids on price alone needs to be balanced against the risk that price alone may not be all that distinguishes one product or service from another. Hear from a panel whose industry experiences cover both types of procurement over a wide range of projects.

Ports and port equipment have become more reliant upon network technology and foreign suppliers to maintain their efficient operations. Worldwide shipping and the processing of seaborne cargo represents a major vulnerability to supply chain and the free flow of goods and material. In 2017, one of the most widespread and devastating cyberattacks was perpetrated against worldwide shipping giant Maersk. a global shipping titan, responsible for 76 ports around the globe, more than 800 vessels carrying all manner of goods and about one-fifth of global trade. This entire enterprise was brought to its knees by a mystery malware that had spread to every Maersk location across the globe. More recently, it has come to light that the Pentagon sees giant cargo cranes as possible Chinese spying tools. The cranes in question are made by Shanghai Zhenhua Heavy Industries (ZPMC), which became a major player in the US market by offering high-quality cranes at cheaper prices than Western suppliers. ZPMC has worked with Microsoft and other companies to offer automated systems that can analyze data in real time. However, the US Defense Intelligence Agency has reportedly said that China could potentially disrupt port traffic or gather data on military equipment being shipped.
Moderated by our Keynote speaker, William Evanina, this panel of port security experts will discuss threats, vulnerabilities, and potential countermeasures to address this critical part of our infrastructure.

Threats to the “supply chain” come from several vectors. The infamous Target hack was the result of cyber loopholes traced back to an HVAC supplier. Suppliers of various types, knowingly or unwittingly, pose an ongoing threat to any operation. A critical vector is that of physical components and sub-systems employed in the manufacture of a product. This concern can be extended to embedded or system software. A special concern arises out of acquired companies as the acquiring company is assuming added vulnerabilities, known and unknown. Hear from a moderator and several speakers who are intimately familiar with these threat sources and past and ongoing exploit attempts. They will illuminate the threat and what their companies are doing to mitigate them and to keep their products and operations secure.

There is perhaps no more dangerous cyber vulnerability than the insider threat. Motivations and reasons can be various – including disgruntlement, revenge, money, alternative loyalties, and psychiatric. Standard vulnerability assessment tools are not equipped to identify malicious insiders. Efforts to mitigate the insider risk include data and traffic monitoring, access control exception monitoring, partitioning responsibilities, maintaining robust least privilege policies, training, and regular employee communication. The presenters in this session have extensive experience in both the commercial and government environments and will provide valuable insight into this silent threat.

In this session, participants will work through a specific set of exercises to show device weaknesses and actions to secure a network, given some criteria that should be in a Division 28 specification.
The goals of this session are:
• Relate recommended network policy to specified actions
• Observe cyber-sourced event telemetry
• Relate the observed telemetry configuration to system behavior
• “Stress test” an IIOT target device
• Put all these into context of a specification
Work through these exercises with Rodney to get a first-hand feeling for what is involved in discovery the weakness of a device and its configuration.

Collaboration is the key to success in the construction industry, but it can be difficult to manage when working with complex documents like PDFs. Bluebeam Studio Sessions allow multiple users to collaborate on a single PDF document in real-time. Think of it as a virtual meeting room, where users can join a session to discuss a particular document or topic. All users have access to the same document simultaneously and can make edits, annotations, or comments all at the same time, from anywhere in the world, 24/7/365. Users can save their changes, export the document to their local device, and keep track of when, where, why, how each person made a change or comment on the construction documents.

Bluebeam Revu offers a suite of powerful, highly customizable document management, markup and automation tools. For example, it has a powerful array of tools to help designers handle QTO/Estimating that many probably unaware of. In this 90 min. class, ZenTek Consultants, will let attendees follow along with a live instructor, using common demo PDFs to gain a fuller understanding of how to:
• Scale and Calibrate PDFs
• Use Linear Measurement Tools
• Use Area and Volume Tools
• Use Item Counts and Search Tools
• Create Re-Usable QTO Tools

Artificial Intelligence (AI) has barreled its way from a nifty acronym into the world of research, document creation, audio, and video in ways that both astound and frighten. On the positive side, tools like ChatGPT can jumpstart brainstorming, get a head start on a written piece, and provide research on sources of information. Conversely, over-reliance on these tools can lead down false paths and arrival at false conclusions. Maliciously, they can be used to fake identity, create spear phishing attacks, and spoof audio and video content. Participants in this lab will gain first-hand experience with ChatGPT in a series of instructor-led exercise. See how other consultants have used it in their own work. Discuss some of the implications for security and security consulting.