Understanding the Cybersecurity Risks to HVAC and Building Automation Systems
The world of digitized data and automated products is dynamic and constantly advancing. Due to this fact, it is important to be diligent about protecting your business against unauthorized access to your computers and networks. The commercial HVAC industry is no different when you consider Building Automation Systems (BAS). In the last decade, a myriad of large corporations have had their networks hacked and clients’ credit card information compromised. Unfortunately, in some cases, an unsecured connection opened by their mechanical services company left their entire network vulnerable and ultimately hacked.
Although a company’s HVAC data is not normally thought of as highly sensitive data, an unsecured remote connection leaves your network vulnerable to attack. Some clients may use a dedicated network for the BAS connection, but without proper security, this remote connection could still be used in a distributed denial of service (DDoS) attack. A DDoS attack is the intentional paralyzing of a computer network by flooding it with data sent simultaneously from many individual computers or devices. A recent report written by Level 3 Threat Research Labs predict these attacks will become more and more common with the ever-increasing numbers of connected devices. “While compromised hosts and home routers continue to be targeted, bot herders will follow the path of least resistance. Before spending more energy on traditional bot hosts, they’ll take advantage of the abundance of insecure IoT devices.” The time is now to start taking these threats seriously.
In the past, BAS security has been handled by obscurity, allowing clients to put devices online and only giving access to key users. According to the 2015 Compass Intelligence’s Intelligent Building and Cybersecurity, Landmark Research Study, 70% of building owners are growing in popularity with 73% of building owners saying remote access to their buildings is critical. The lines between IT and operations are becoming very blurred with the converging of cybersecurity, connected equipment, and intelligent buildings.
Call Hunton Services to find out how we can help you ensure your system’s security.