Survey Suggests Many BAS Could Be Vulnerable To Hackers

OTHER PARTS OF THIS ARTICLEPt. 1: Hackers Pose Threat To Building Automation SystemsPt. 2: Why Building Management Systems Are At Risk Of CyberattackPt. 3: Cybersecurity Measures To Protect The BAS/BMSPt. 4: BAS Cybersecurity Steps: Firewalls, Isolation, PatchesPt. 5: This Page

A survey of facility managers suggests that many haven’t taken basic cybersecurity measures to protects their BAS, leaving many BAS vulnerable to hackers. Survey is based on responses from 224 Building Operating Management subscribers who indicated that at least one of the buildings they are responsible for has a building automation system (BAS).

Are any of the building automation systems in your buildings connected to the internet? R=224

Yes 84%    
No 16%    

What is the primary type of space you are responsible for? R=186

Commercial Office 32% Hospitality 3%
Data Centers 4% Industrial 4%
Educational (K-12 Schools)  18% Medical/Healthcare 16%
Government 10% Retail 1%
Higher Education (Colleges/Universities) 8% Other*
(*Auto finance center, CCRC, Museum  (2), real estate offices, retirement)

How many square feet of space are you responsible for? R=181

Less than 250,000 square feet 19%    
250,000 to 499,999 square feet 23%    
500,000 to 999,999 square feet 24%    
1 million to 4,999,999 square feet 27%    
5 million square feet or more 7%    

Are your building automation system(s) on any of the following types of networks? R=162

Dedicated building automation network
(i.e., isolated, closed loop network)
Enterprise IT network 43%    
Attached to an independent DSL or cable network 31%    

If the building automation system(s) is (are) on a dedicated building automation network, is it bridged to the corporate/enterprise network? R=173

Yes 35%    
No 29%    
Not sure 27%    
Not applicable 9%    

Has a budget been established for security countermeasures for building automation systems? R=172

Yes 41%    
No 59%    

Is your organization’s IT staff primarily in-house or contracted? R=173

In-house 79%    
Contracted 21%    

Is your in-house or contracted IT staff generally involved in planning for building automation systems? R=171

Yes 52%    
No 48%    

How would you describe your awareness of cybersecurity issues for building automation systems? R=173

Not at all knowledgeable about the issue 20%    
Somewhat knowledgeable about the issue 58%    
Knowledgeable about the issue 15%    
Very knowledgeable about the issue 7%    

Based on what you know, how much harm do you think a cyberattack on a building automation system could do to an organization? R=167

1 – Not much harm 17%    
2 14%    
3 18%    
4 27%    
5 – Very significant harm 31%    
Not sure 3%    

Which of the following best describes the actions you are currently taking with regard to cybersecurity of building automation systems? R=164

Not currently taking any action 35%    
Gathering information about cybersecurity 15%    
Evaluating building automation system(s) for cybersecurity 14%    
Planning actions to improve cybersecurity for building automation systems  7%    
Currently implementing or have completed actions
to improve cybersecurity for building automation systems

Has your FM department had any discussions with your in-house or contracted IT department about cybersecurity measures? R=164

Yes 55%    
No 45%    

Has your FM department had any discussions with outside parties about cybersecurity measures? R=161

Yes 31%    
No 69%    

Are most or all of your building automation systems protected by firewalls? R=162

Yes, all systems 77%    
Yes, most systems 12%    
No 2%    
Not sure 9%    

Have you changed the default passwords on most or all of your building automation systems? R=164

Yes, on all systems 52%    
Yes, on most systems 15%    
No 14%    
Not sure 19%    

Do you regularly change the passwords on most or all of your building automation systems? R=157

Yes, on all systems 37%    
Yes, on most systems 15%    
No 36%    
Not sure 12%    

Do any of your supervisory servers reside on a public IP address? R=157

Yes 12%    
No 61%    
Not sure 27%    

Do you commonly use consumer grade, configurable IP routers for your building automation system network infrastructure? R=157

Yes 28%    
No 30%    
Not sure 42%    

Have you conducted a threat assessment of your network and physical security measures for cyberattacks on your building automation systems? R=157

Yes 42%    
No 58%    

Has your building automation system monitored for cyberattacks? R=155

Yes 54%    
No 46%    

Have you developed a plan for responding in the event of a cyberattack on your building automation system? R=156

Yes 37%    
No 63%    

Contact FacilitiesNet Editorial Staff »

  posted on 1/13/2015   Article Use Policy

Related Topics: