• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • RCR Wireless News
  • Enterprise IoT
  • Editorial Calendar
  • Advertise
  • Webinars
  • Reports
  • White Papers
  • Subscribe

In-Building Tech

Connecting CRE building technology buyers with CRE tech sellers

720×90

  • Industry
    • Office & Commercial
    • Data Center, Network Hotels
    • Government
    • Healthcare
    • Higher Ed
    • Hospitality
    • K-12
    • Laboratory & Scientific
    • Manufacturing
    • Multi-Family
    • Transportation: Airports, Rail, Ports
    • Smart City
    • Stadiums, Arenas, Venues
  • Tech
    • Drones
    • AI-Machine-Learning
    • Wi-Fi
    • Augmented Reality
    • IoT (platform, gateway)
    • Networks
    • 5G Resources
    • Microcontrollers
    • Microprocessors
    • Data Analytics
    • Wired Networks, Fiber
    • Wireless (Cell, DAS, BDA, Repeaters, Boosters)
    • Positioning, GPS, Navigation
    • Security
    • Sensors
  • Systems
    • Energy
    • Lighting
    • HVAC
    • Security
  • Functions
    • Automation
    • Building Management
    • Construction
    • Asset Management (EAM)
    • Materials
    • Maintenace (MRO)
  • Smart Buildings
  • News & Event Coverage
  • In-Building Wireless
  • About In-Building Tech
  • Qualcomm 5G Insights

Smart building automation systems vulnerable to cyber attack

     
CRE

The plethora of IoT devices used to monitor building systems and operations are making smart buildings more vulnerable to cyber attack,?according to research by cybersecurity firm ForeScout Technologies Inc. ?

ForeScout found that building automation systems in hospitals and schools are particularly vulnerable to cyber attack from malicious actors. ?

“The number of identified vulnerabilities in building automation systems has been increasing over the past two years, illustrating the urgency for BAS owners to harden their systems against internal or external cyber threats,? stated Elisa Costante, senior director of Industrial OT Technology at ForeScout.?

The company says that a strong likelihood exists that malicious actors will leverage building automation systems (BAS) in a major public ransomware attack in 2019.

While IoT devices such as smart meters, HVAC units and even vending machines are not designed for web browsing, they often connect to the internet for control and analytics purposes and pose serious security threats and?obscurity from direct internet access often makes them prime targets as areas of entry by hackers.

?In recent years, hackers have become increasingly sophisticated in their attacks, and are nowadays well-equipped to identify and target vulnerabilities across most business and consumer technologies,? said Costante at Secura’s annual security conference.

According to ForeScout, IoT devices within smart buildings – including those which automate heating and ventilation – are regularly unsecured from hackers. ?

ForeScout discovered that thousands of vulnerable IoT devices in heating, ventilation, and air conditioning (HVAC) systems are vulnerable to cyber attack.

The researchers found nearly 8,000 devices that were highly vulnerable to cyber attack mostly in hospitals and schools and unauthorized access could enable hackers full control of the devices and carry out malicious actions against patients and children.

Lower sensitivity vulnerabilities such as access to sensitive data, distribution of malware, file deletion and authentication bypass, were also found among 76% of the device instances.

The company says that manipulation of HVAC systems can enable attackers to access private financial information and potentially harm people in facilities by gaining unauthorized offline data stored and processed in data centers by large companies. ?

One of the characteristics making smart building increasingly susceptible to cyber attack is the increased integration of building sub-systems.?

As more smart buildings start functioning autonomously to predict and automatically set room temperature, lighting controls and other systems to meet occupant comfort- they require integration across building systems- this integration, if not secured correctly, can make the entire system more vulnerable to attacks, says Costante.

Preventing cyber attack in smart building automation systems

The key to identifying vulnerabilities and attacks is creating a completely visible BAS systems says Costante.

?Adding enhanced security with network monitoring can give organizations a thorough understanding of the BAS environment and its connections. This makes it easier to design effective security architectures, identify attack vectors, and locate blind spots, among other things? Costante said.

Improved BAS visibility also enables security managers to resolve unknown and unchecked operational security issues, misconfigurations, policy violations, faulty design and unplanned or unauthorized changes which serve as an alert that something may be wrong.

One way to increase BAS visibility is to adopt an advanced network monitoring and situational awareness platforms, designed for building automation. ?

These tools provide much-needed visibility into the BAS and raise immediate alerts if a new node appears on the network or a communication pattern becomes abnormal or dangerous or if non-compliance with internal network and maintenance policies such as unauthorized credentials or logs in at unusual and unauthorized hours.

 

 

Related

Primary Sidebar

Sponsors

Search

300×350

300×100

CommScope forsees CBRS taking shape

Categories

Top Posts & Pages

  • In-Building Tech: Technology Insights for Commercial Real Estate Professionals
    In-Building Tech: Technology Insights for Commercial Real Estate Professionals
  • What is a distributed energy system?
    What is a distributed energy system?
  • How Honeywell helped the Burj Khalifa become a smart building
    How Honeywell helped the Burj Khalifa become a smart building

RSS Enterprise IoT Insights

  • Vodafone installs 5G private network at Skoda Auto manufacturing plant
  • Vodafone rigs-up 1.5 million Wimbledon strawberries with IoT monitoring, tracking
  • Libelium buys Spanish smart cities firm HOPU, sets sights on future IPO

Recent Posts

  • Honeywell invests in RapidSOS emergency response data platform
  • ‘Buildings have to be programmable,? says Cisco?s smart building lead
  • View to install smart windows at Skanska office project in Seattle

Archives

Tweets by InBuildingTech
  • RCR Wireless News
  • Enterprise IoT
  • Editorial Calendar
  • Advertise
  • Webinars
  • Reports
  • White Papers
  • Subscribe

Copyright © 2022 —In-Building Tech • All rights reserved.

Genesis Framework • WordPress • Log in

 

Loading Comments...
 

    This site uses cookies to improve and personalize your experience and to display advertisements. This site may also include cookies from third parties. By using this site you consent to the use of cookies.AcceptPrivacy Policy