Posts Tagged ‘BMS cybersecurity’
The Hidden Cyber Risks Inside HVAC, Lighting, and Access Control Systems
Quick Summary HVAC, lighting, and access control systems may appear harmless but can be exploited to cause serious operational, financial, and safety issues. These “hidden” risks arise from insecure protocols, lack of authentication, and poor segmentation. By adopting Zero Trust principles and device-level protection, facility managers and building operators can turn vulnerable systems into secure…
Read MoreZero Trust Security for Building Management Systems in Data Centers
Key Points Cooling and Power Risks: While power failures are the top cause of serious data center outages, 13–19% result from cooling issues, with notable incidents caused by extreme heat. Cyber Threats to Environmental Systems: Attackers can overheat servers via workload manipulation, compromise HVAC controls through DCIM systems, or sabotage power systems—causing performance loss, hardware…
Read MoreEU NIS2 Directive and Implications for BAS-BMS Cybersecurity
The EU NIS2 Directive (Network and Information Security 2 Directive), which replaces and expands on the original NIS Directive, aims to strengthen cybersecurity requirements across critical sectors, including energy, healthcare, transportation, and digital infrastructure. While not explicitly focused on building automation systems (BAS), its implications for such systems are significant, particularly for facilities considered critical…
Read MoreCybersecurity Insurance for Buildings, BAS, BMS
Building owners should have cybersecurity insurance for their building automation systems (BAS) due to the increasing risk of cyberattacks on connected infrastructure. Key Reasons for BAS/BMS Cybersecurity Insurance Protection Against Financial Loss: A cyberattack on BAS can result in significant financial losses from system downtime, operational disruptions, or damaged equipment. Cybersecurity insurance can cover the…
Read MoreBuilding Automation Endpoint Protection Is Critical for Cybersecurity
Building automation systems (BAS), now highly-connected to the internet, have transformed how the infrastructure of residential, commercial, and industrial properties is managed and optimized. From heating, ventilation, and air conditioning (HVAC) systems to lighting, security, life safety, and power distribution, these systems are now smart, centralized, and increasingly automated. While this level of convenience and…
Read MoreImproving BACnet Secure Connect (BACnet/SC) Deployment with Automated Certificate Management
Managing BACnet Secure Connect (BACnet/SC) certificates can be a challenging task, especially for large buildings. Just recently at the AHR Expo 2024, we learned of a project that had over 300 devices and the decision was made to use 10-year certificates due to the multiple days (3-4) of labor needed to deploy BACnet/SC certificates. The…
Read MoreCybersecurity threats to hospitals and healthcare facility building management systems
A recent cyberattack forced a healthcare organization to cancel non-emergency surgeries and send some emergency patients to other facilities. In another attack, a hospital took it’s critical systems offline, impacting patient safety, requiring less efficient care methods, which also increased labor demands. It’s still impacted two years later. Cyberattacks on hospital and healthcare facilities increased…
Read MoreApplying Zero Trust to OT Networks For Smart Buildings
How to apply Zero Trust to OT networks for Smart Buildings? In December 2021, a ransomware attack locked a BAS firm and its building client out of the system, taking out 75% of smart building OT. Using device-level SaaS security in a NIST-compliant Zero Trust framework, BAS vendors can prevent smart building breaches. SaaS security for…
Read MoreCybersecurity to the Edge for Smart Building Infrastructure
This video is part of a webinar presented by KMC Controls, Veridify Security, and Arrow Intelligent Solutions regarding cybersecurity for smart buildings. A fundamental challenge to securing smart buildings, or any building large enough to have a building automation system, is how to protect devices so that they reject cyber attacks in real-time. Rejecting a…
Read MoreAccess Control Systems Vulnerable to Cyber Attacks
At the recent Black Hat security conference some researchers presented vulnerabilities to access control systems that enabled them to remotely lock and unlock doors just like you see in the movies, and even blocked the access from being logged. Separately, as part of a wider cyber attack on RuTube, Russia’s competitor to YouTube, employee access…
Read More