Home of Building Operating Management & Facility Maintenance Decisions
Insider Reports

Professional Notices

Alerts and timely updates on education and technologies to help facilities management professionals




Building Operating Management

Cybersecurity Must Be a Priority for Building Owners



No longer just the purview of the IT department, facility managers and building owners must take steps to secure their networks. Here's what you need to know.


Modern business requires internet, WiFi, and cloud connections for everything from banking operations to controlling temperature setpoints. Once totally separate entities, the building automation system (BAS) and the enterprise’s IT system now are converging data to improve occupant experiences, conserve energy, and optimize building operations. While that convergence is essential to remaining competitive in today’s global marketplace, it also makes the BAS a possible target for cyberattack.

Most BAS have weaknesses that can be targeted by hackers. The weaknesses have been exploited for some time but now are so frequent and blatant they frequently make the national news. Building control experts suggest the weaknesses were there as soon as the first BAS had access to the internet, but were not as publicly visible. Today, hackers are using information publicly available on the internet to gain access to BAS with increasing frequency. 

To prove the vulnerability of modern smart buildings, IBM’s X-Force in 2016 did a penetration test against a modern smart building’s automation system that controlled sensors and thermostats. X-Force did not use social media or online data-gathering. Instead, they attacked old-school, by finding flaws in the firewall and capitalizing on them to gain access into the building’s network. 

Then X-Force drove over to that building and connected to its wireless gateway where they got the address they needed to connect to the central building management system, controlling 20 buildings across the United States, as well as a central server. 

Fortunately for the property management company, this was simply a test. But that exercise offered a graphic demonstration of what could happen. In today’s high-threat environment, it’s crucial for building owners to know why BAS are vulnerable and to understand measures owners can take to reduce their risks. “The building owner should be aware of the risks and potential damages that may occur from potential cyberattacks,” says Chris Kwong, chief technical officer at Delta Controls.




Contact FacilitiesNet Editorial Staff »

  posted on 9/5/2019   Article Use Policy

Comments