Modern equipment is becoming more and more connected to the internet, making cybersecurity a priority for all kinds of businesses and facilities, from commercial office buildings to public schools to government complexes to hospitals. In today’s world, protecting your network means protecting your building automation system (BAS).
Because hackers exploit the smallest vulnerabilities, without the proper BAS security in place, any building system can be an open door for a hacker. The security for older building automation systems is especially vulnerable to hacking, as outdated protocols may no longer support updates or allow modern data encryption.
Let’s learn more about what can happen during a BAS cyber-attack, the security risks of BAS systems, and what you can do to keep your BAS secure.
What a Hacker Can Do with Your BAS
It might not seem like a big deal for an outsider to gain control of a building automation system, but the consequences can be severe for both occupants and the facility.
Set off fire alarms – The noise of the alarm and the subsequent evacuation are frustrating for tenants, and even a false alarm prompts an unnecessary visit from emergency services.
Open doors – Rooms with restricted access are off-limits for a reason. They may house confidential documents or dangerous substances; any unauthorized entry could cause a great deal of harm.
Turn on and off HVAC controls – During HVAC fluctuations, tenants may become uncomfortable and may choose to leave their place of work, which creates an opportunity for crime.
Access security surveillance cameras – A system that detects suspicious activity can also hand criminals the knowledge they need to infiltrate a facility undetected.
Turn off the lights – Lights turning off could cause people to abandon their workstations, leaving them vulnerable. Lack of lighting is also a safety risk in dark areas such as stairwells, basements, and underground parking areas.
Access a corporate network – This is by far the most damaging consequence of a cyber-attack. Once a hacker has infiltrated a network, it is possible to steal money or data, demand a ransom to restore control, or disrupt essential business operations.
Security Vulnerabilities of Older BAS Systems
Several security-related factors can make an older BAS a tempting target.
No path for upgrade
For many older systems, it is not possible to enhance BAS security. This may be because the manufacturer discontinued a particular software or because the legacy system is too outdated to modernize.
Weak security protocols
Older, legacy systems may have been designed before cyber crime was prevalent, meaning they simply weren’t planned with network security in mind and lack the necessary protective features.
Outdated encryption methods
A BAS may have encryption capabilities, but using obsolete encryption methods leaves data vulnerable as hackers will easily crack well-known historical codes.
Legacy “back doors”
Hackers can easily exploit the “back door” (intended for the manufacturer or controls contractor) of an older BAS system.
Trust issues
To fool an older BAS into trusting an incursion, a hacker can sometimes use a previously trusted version of BAS software, or a fake auto-update, to gain access to a system.
Security Solutions for BAS Systems
There’s no need to throw your hands up in defeat if you’re the owner of a legacy BAS system. The path to better security starts by understanding your system’s vulnerabilities, then focusing on strategies to mitigate the risks.
- Ensure you have the most up-to-date version of your BAS software installed. Security updates contain features to protect your system against the latest cyber threats.
- Check that all Wi-Fi networks are secure. Wireless devices are becoming more and more common, and it’s important to keep wireless networks password protected.
- Train staff in good security habits, such as always logging off a workstation, maintaining strong passwords, and how to spot internet scams.
- Have an expert audit your building automation system for security risks. An audit can find gaps and reveal weaknesses you didn’t know existed.
Upgrading your system is one of the most effective solutions for improving the security of an older BAS. However, legacy BAS upgrades aren’t straightforward. It’s a task that requires an expert controls contractor to ensure devices are connected properly and programming is maintained.
Upgrade Your BAS with MACC
At MACC, we have extensive experience upgrading legacy BAS systems. We work together to update your facility’s BAS security, finding the level that fits your needs and provides maximum peace of mind.
Systems we upgrade include:
Upgrading to a modern platform, such as Tridium’s Niagara, tightens security and gives access to a suite of advanced BAS management tools, such as analytics, advanced programming, and energy management. It’s a move that makes your BAS easier to use while eliminating security risks at the same time.
