Is Your HVAC System Safe From Contamination and Cybercrime?
There are a variety of security leaks that can occur through your HVAC system design. It is important that today’s HVAC design engineers be diligent and stay current with what is happening in cyberspace, especially in terms of the potential hazards that can occur within a building.
The Department of Homeland Security has deemed a number of construction-related sectors at risk for cyber-attacks. The construction industry, In an effort to stay in line with technology, and reap the benefits of (being more efficient,) while increasing its bottom line, has adopted many shared resource technologies like integrated project delivery and building information modeling (BIM). These “shared” resources with vendors and subcontractors increase the risk that a cyber incident involving one company opens the door to vulnerability for other companies working together on the project.
Hackers today have the capability to gain access to company information through the building control systems. The Target department store breach originated with an HVAC vendor that managed “smart” thermostats at Target facilities. Hackers were able to get inside the network and gain access to Target’s information databases, including their financial information. It happens. With the advances in technology, developed to help users, we’ve unfortunately opened ourselves to those who are able to cause harm. The Target scenario is proof that attackers will find a way.
Trends point to smart HVAC controls as the future of the HVAC industry. With that comes the increased vulnerability of commercial buildings to Internet-based attacks. It is important that building automation systems (BAS) are designed with the right level of security so risks from attacks are lower, keeping clients and buildings safe. Hackers are becoming more sophisticated and effective in their efforts to steal and sabotage.
Designers, engineers, facility owners and managers of building automation systems need to include building control systems security as a key part of their initial design. Start projects with a discussion of the cyber security plan. Build security into the budget, and recognize the need for personnel training. The plan should not only include the steps for prevention, but also a plan for responding to a hack — who will respond and what will that message say. Better to be prepared now in the event of a worst-case scenario.
As an industry, we need to stay current with the latest technology advancements, and monitor and test the safety systems we put in place. Loss of revenue, mitigation costs, downtime, reputation — cyberattacks cost money.