The Smarter the Building, The More Vulnerable to a Cyber Attack

SHARE THIS ARTICLE

Smart buildings — particularly hospitals and schools — are more vulnerable to a cyber attack due to the IoT devices used to monitor building systems and operations, according to research by cybersecurity firm ForeScout Technologies Inc.

The company says a strong likelihood exists that malicious actors will leverage building automation systems (BAS) in a major public ransomware attack in 2019, reported In-Building Tech. According to Elisa Costante, senior director of Industrial OT Technology at ForeScout, “The number of identified vulnerabilities in building automation systems has been increasing over the past two years, illustrating the urgency for BAS owners to harden their systems against internal or external cyber threats.” 

“In recent years, hackers have become increasingly sophisticated in their attacks, and are nowadays well-equipped to identify and target vulnerabilities across most business and consumer technologies,“ Costante added. These include IoT devices like smart meters, HVAC units and even vending machines, which due to their obscurity can be a prime target for hackers.  

One of the characteristics making smart buildings increasingly susceptible to cyber attack, is the increased integration of building sub-systems, reported In-Building Tech. According to Costante, if integrated systems are not secured correctly, entire systems can be more vulnerable to attacks, like smart buildings that function autonomously to predict and automatically set room temperature, lighting controls, and other systems.

The key to identifying vulnerabilities and attacks is creating a completely visible BAS systems says Costante, including adopting an advanced network monitoring and situational awareness platforms, designed for building automation.

“Adding enhanced security with network monitoring can give organizations a thorough understanding of the BAS environment and its connections. This makes it easier to design effective security architectures, identify attack vectors, and locate blind spots, among other things,” Costante said.  Comments? Email Us

January 18, 2019

Reader Interactions

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.