Smart Buildings May Be An Easy Target For Hackers

In an article in Facility Executives February 2023, many commercial building automation systems (BAS) are integrated and efficient, operating the HVAC,  elevators, building security, parking garages, and all the other building elements   but “these systems typically have subpar cybersecurity controls and a large number of vulnerable IoT (Internet of Things) that make them ‘highly vulnerable…and remarkable easy for an outsider to access…A growing number of cybercriminals and even nation-state actors are now exploiting unprotected systems to stage botnets and establish persistent backdoors which they can se to re-enter the BAS at will, as well as to move deeper inside the buildings’ network or infiltrate the IT systems of its corporate tenants.” The article reviews a number of methods to protect your systems that run our office, industrial and other commercial buildings, and concludes “At the end of the day the only way to keep the BAS secure from malicious attacks is to know where all these devices are, what they are, and what condition they’re in. A full inventory of all the BAS components is vital, along with security updates, hardening, and regular monitoring.” This article was written by Brian Contos, Chief Security Officer of Phosphorus in Nashville.