Smart buildings, cyber opportunities

The light fixture may be hacking your iPad.

The growth of smart building systems has created vast new platforms for cyberattacks. When contractors install smart lighting systems, smart thermometers and other HVAC, electrical, security and telecommunications systems that link to the internet, “they create thousands of cyber backdoors into the infrastructure of that building and all the people who use that building,” said Stephen Scarbrough, Senior Technical Lead for IntelliGenesis, LLC.

If those systems are not well protected, hackers can infiltrate them and use those incursions to do any number of things – tamper with building operations, gain entry to the installer’s or building owner’s computer systems, or monitor and hack the steady stream of mobile phones, tablets and laptops that pass through that building every day.

Hackers can also turn a poorly secured system into a proving ground for an attack on a critical facility. Scarbrough, who follows the work of the Department of Homeland Security’s Industrial Control Working Group, gives the example of two identical HVAC master controls with identical configurations installed in a museum and a high-value target.

“As a cyber threat, I could practice all of my techniques and attacks against [the museum] device which has less protection,” he said. After learning the system and refining a cyberattack, “I could switch to the critical target, and I would know what to do.” Consequently, contractors need to regularly update their knowledge of how to securely install smart building systems and collaborate with project partners and owners to ensure that everyone fully identifies and addresses cyber risks.