5 keys to creating a positive workplace
The head groundskeeper of the Reno Aces uses social media to recruit Gen Z into the field
Modern business requires internet, WiFi, and cloud connections for everything from banking operations to controlling temperature setpoints. Once totally separate entities, the building automation system (BAS) and the enterprise’s IT system now are converging data to improve occupant experiences, conserve energy, and optimize building operations. While that convergence is essential to remaining competitive in today’s global marketplace, it also makes the BAS a possible target for cyberattack.
Most BAS have weaknesses that can be targeted by hackers. The weaknesses have been exploited for some time but now are so frequent and blatant they frequently make the national news. Building control experts suggest the weaknesses were there as soon as the first BAS had access to the internet, but were not as publicly visible. Today, hackers are using information publicly available on the internet to gain access to BAS with increasing frequency.
To prove the vulnerability of modern smart buildings, IBM’s X-Force in 2016 did a penetration test against a modern smart building’s automation system that controlled sensors and thermostats. X-Force did not use social media or online data-gathering. Instead, they attacked old-school, by finding flaws in the firewall and capitalizing on them to gain access into the building’s network.
Then X-Force drove over to that building and connected to its wireless gateway where they got the address they needed to connect to the central building management system, controlling 20 buildings across the United States, as well as a central server.
Fortunately for the property management company, this was simply a test. But that exercise offered a graphic demonstration of what could happen. In today’s high-threat environment, it’s crucial for building owners to know why BAS are vulnerable and to understand measures owners can take to reduce their risks. “The building owner should be aware of the risks and potential damages that may occur from potential cyberattacks,” says Chris Kwong, chief technical officer at Delta Controls.
Cybersecurity Must Be a Priority for Building Owners
Understanding Common Cybersecurity Weaknesses in Buildings
As Cybercrime Increases, More Resources Arrive to Fight It
What Is The Building Owner's Role in Cybersecurity?