Editor's Letter

08/01/2014 | By Chris Olson

How Prepared Must You Be for Cyber Attacks on Your Facility?

Chris Olson
Chief Content Director

Like 70 million other people, I was affected by the Target data breach over the holidays. I was reminded this week of the reach and duration of cyber attacks when I discovered that I had failed to update an online account with the new credit card issued to me last March as a precaution.

An HVAC contractor working for Target was the unwitting means of the breach. Initial reports indicated that the company was compromised through the contractor’s access to building systems for monitoring HVAC systems and energy consumption. Although later reports implicated Target’s payment network rather than its building controls, the possibility of a cyber attack via building systems is clear. Many service contractors utilize back doors in software to monitor the condition of equipment.

For years, building automation has been moving away from relatively secure, hardwired systems to networked platforms. Common protocols like BACnet are both open and able to control all building systems. Smart grids and demand response programs also connect buildings to outsiders. Mesh control networks for lighting, the topic of this month’s feature on lighting controls (page 28), could be another back door.
                 
It’s easy to shrug off the possibility of cyber threats. After all, if you don’t have highly sensitive data in your building, why should you be alarmed? Why would an attacker single you out? Who would want to hack into your building controls?
Some hackers do it just for the thrill. Jonathan James, the hacker imprisoned at age 16 for breaking into a Department of Defense network, said in an interview, “I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off.” For someone like him, wouldn’t it be a thrill to disable the air conditioning on a sweltering summer day and turn on the heat?

Collateral damage is also a possibility. The infamous Stuxnet virus used to attack the Iranian nuclear program is an example. But, you say, you don’t have any centrifuges in your facility for making weapons-grade uranium. Probably true. But your building systems may have programmable logic controllers, the same device attacked by Stuxnet. And the Stuxnet virus traveled to other facilities and countries that were not the intended targets – 40% of the systems and computers infected were outside of Iran. Iran reportedly launched retaliatory attacks on some U.S. banks. Could building systems be an avenue for such threats?

Given worldwide networks and interoperability, it is inevitable that FMs and building owners will need to make reasonable attempts to secure their systems. Formally assigning someone the task and routinely asking vendors about security defenses are good starting points.  

Connectrac® wireways are the new standard for bringing power & communications cable management to all interior applications. Free yourself from core drilling!

Surpass State Energy Requirements with Dual-Cooling Data Center CRAC Technology

See how professionals like you are taking advantage of the highest performing precision cooling system for their computer rooms and data centers, and why Data Aire is fast-becoming the number one choice for facility managers and building owners looking to decrease their energy consumption. 

Data Aire understands how digital technology and data gravity is rapidly impacting and transforming businesses. That’s why they developed ultra-efficient cooling technology to support the most modern (and not-so-modern) data centers.  Learn how One Wilshire in Los Angeles, one of the most advanced carrier hotels today, is surpassing California's strict energy efficiency requirements with Data Aire’s purpose-built system, which provide full-economization for 260 days – almost 72% of the year. That’s a measurable savings! Furthermore, the projected PUE on an annual basis for a full load is at or below 1.2.

Connectrac® wireways are the new standard for bringing power & communications cable management to all interior applications. Free yourself from core drilling!

Surpass State Energy Requirements with Dual-Cooling Data Center CRAC Technology

See how professionals like you are taking advantage of the highest performing precision cooling system for their computer rooms and data centers, and why Data Aire is fast-becoming the number one choice for facility managers and building owners looking to decrease their energy consumption. 

Data Aire understands how digital technology and data gravity is rapidly impacting and transforming businesses. That’s why they developed ultra-efficient cooling technology to support the most modern (and not-so-modern) data centers.  Learn how One Wilshire in Los Angeles, one of the most advanced carrier hotels today, is surpassing California's strict energy efficiency requirements with Data Aire’s purpose-built system, which provide full-economization for 260 days – almost 72% of the year. That’s a measurable savings! Furthermore, the projected PUE on an annual basis for a full load is at or below 1.2.


Related Coverage