Mar

30

2017

Cyber Security: Is Your Building Control System Safe?

Hacking. Corporate espionage. Buildings on lockdown. No, this is isn’t the latest spy movie. Unfortunately, they are very real threats that can affect building owners and their facilities.

As new technology empowers the world to work in a faster, more connected way, it also enables those with nefarious motives to target a potentially vulnerable building automation system. While each hacker has their reasons – activism, fame, and yes, even boredom – facility managers and business owners need to protect one of their greatest assets: their building automation system.

2017-03-29_cybersecurity.jpg

Your employees’ well-being, inventory, and business operations are at stake when your facility goes down.  If your building automation system is linked to your IT system, then your private records or proprietary information could end up in the hands of a hacker. Building automation system security isn’t a luxury. And small companies are not the only ones at risk. Safeguarding against hacking should be a priority for all businesses, because it has happened to well-known, large firms – and surprisingly -- including ones that operate in in the high tech industry.

Just ask Google Australia. Wired reported on a team of well-intended researchers that hacked the building management system of the Google Australia corporate office. Their goal was to prove that a high-tech controls system like Tridium Niagara AX can be a backdoor to hacking if not correctly updated. At the time, Tridium had already released a security patch for their platform, but the Google Australia system did not have it installed. The researchers were able to determine the controls system’s administrative password, and from there, they gained access to floorplans of the building and roof, blueprints of the building’s plumbing systems, usernames and passwords for the controls system, and even the location of a leak in the building’s kitchen. The researchers merely observed the level of access without disrupting the systems. But, a typical hacker would not stop there. A spokesperson for Google Australia said, “We’re grateful when researchers report their findings to us. We took appropriate action to resolve this issue.” Those actions included disconnecting their building automation system from the Internet.

According to the site Hackmageddon, which tracks statistics on information security, cybercrime through malware, account hijacking, and targeted attacks were the top three identified “attack vectors” in January 2017. They accounted for approximately 54% of Hackmageddon’s documented cybercrime from that month. Truly frightening is that about 25% of cyber criminals’ methods of attack were unknown, meaning that there is no definitive method identified. Hackmaggeddon noted that usually, “unknown” is the leading cause.

What is known is that hacking a building automation system can be devastating to a business. Not only can hacks interrupt business operations, but they can also decrease the lifespan of your equipment and leave your business vulnerable to cyber-ransom. Since many businesses have their IT systems intertwined with their building automation system network, the entire business and its operations may be vulnerable. Not to mention, the tedious labor of repairing unstable or inoperable systems can be very costly.

The best way to address the problem is before the systems are corrupted. Ask your building automation service technician about cyber security. The old adage is right: better safe than sorry. Or in this case, better safe than out of business.

###

Heidrich,-Randy.png

About the expert: Randy Heidrich manages TD’s Automation and Controls business. He has more than 35 years of experience in the building performance, controls, integration, fire and life safety industries, working with international firms and local community businesses to help them with their facility needs. Connect with Randy on LinkedIn.

Related: 

Categories: