.png)
At 270 Park Ave, JPMorgan Chase Built a Construction-Phase OT Discovery Process to Inventory ~8,000 Devices Before Occupancy.
270 Park Avenue, the new headquarters of JPMorgan Chase, is a 2-million-square-foot, 1,400-foot-tall, fully electric skyscraper. It is the largest all-electric commercial office building in New York City. The scale and complexity of the project forced the bank’s engineering team to build an OT device-discovery process capable of tracking thousands of devices before they touched the network.
That discovery process started with requiring all trades to disclose exactly which devices they planned to connect to the building network before those systems were installed.
Mike Grinshpon, Global Real Estate Engineer at JPMorgan Chase, said his team scoured construction submittals to push vendors to identify every device that would connect to the OT network.
Once the device types were identified, the IT team required detailed metadata for each one: make, model, firmware version, operating system, and the services running on the device.
All of that information was centralized in a shared Microsoft 365 spreadsheet accessible to both internal teams and vendors. Each stakeholder had permission to edit only their portion of the document, creating a single source of truth for the device inventory.
The JPMC team validated device inventory as systems came online. Engineers captured digital fingerprints from sample devices and monitored OT network traffic through Armis's span-port monitoring platform to detect devices as they appeared.
BACnet discovery scans were also run weekly through the building management system to track which devices were coming online and report progress to leadership.
The building’s operational technology footprint would ultimately reach roughly 8,000 devices across more than 10 systems and about 80 device models. The process revealed a reality many IT teams underestimate. The sheer volume of OT devices to track was well beyond what an IT team typically sees.
Holistic OT device management starts well before the occupancy of a modern building. If devices are not inventoried before they hit the network, asset management and cybersecurity start behind from day one.
Register for the next Nexus Labs event
Sign up for the Nexus Labs newsletter to receive 5 stories like this each week:
270 Park Avenue, the new headquarters of JPMorgan Chase, is a 2-million-square-foot, 1,400-foot-tall, fully electric skyscraper. It is the largest all-electric commercial office building in New York City. The scale and complexity of the project forced the bank’s engineering team to build an OT device-discovery process capable of tracking thousands of devices before they touched the network.
That discovery process started with requiring all trades to disclose exactly which devices they planned to connect to the building network before those systems were installed.
Mike Grinshpon, Global Real Estate Engineer at JPMorgan Chase, said his team scoured construction submittals to push vendors to identify every device that would connect to the OT network.
Once the device types were identified, the IT team required detailed metadata for each one: make, model, firmware version, operating system, and the services running on the device.
All of that information was centralized in a shared Microsoft 365 spreadsheet accessible to both internal teams and vendors. Each stakeholder had permission to edit only their portion of the document, creating a single source of truth for the device inventory.
The JPMC team validated device inventory as systems came online. Engineers captured digital fingerprints from sample devices and monitored OT network traffic through Armis's span-port monitoring platform to detect devices as they appeared.
BACnet discovery scans were also run weekly through the building management system to track which devices were coming online and report progress to leadership.
The building’s operational technology footprint would ultimately reach roughly 8,000 devices across more than 10 systems and about 80 device models. The process revealed a reality many IT teams underestimate. The sheer volume of OT devices to track was well beyond what an IT team typically sees.
Holistic OT device management starts well before the occupancy of a modern building. If devices are not inventoried before they hit the network, asset management and cybersecurity start behind from day one.
Register for the next Nexus Labs event
Sign up for the Nexus Labs newsletter to receive 5 stories like this each week:
This is a great piece!
I agree.