In the BAS Hacking series I am diving deep into the bowels of building automation networks and systems! I am going to take you through the full process of exploiting a system so that you can better understand the thought process of your attackers. The series consists of 4 articles:
I'm gonna tell it to you straight, BAS controls are changing! Multiple technology systems have gotten away from the proprietary controller model and if buildings are ever going to be truly intelligent than BAS systems need to do the same. In this article I will discuss what I see as the BAS of the Future and how I see it impacting our industry.
In my new role I have the privilege of leading my company's partnerships and alliances with the world's top technology companies . One of the buzzwords that keeps coming up especially with the recent announcement from Cisco is the "Internet of Things" or the IoT.
In the BAS Hacking series I am diving deep into the bowels of building automation networks and systems! I am going to take you through the full process of exploiting a system so that you can better understand the thought process of your attackers.
So it never fails, I hung up all our x-mas lights yesterday and a strand in the middle of the icicle lights died. Off I went to run errands and to purchase some new lights. Normally I do my shopping at Lowe's but since I was closer to Home Depot I decided to go there instead. As I was checking out the credit card machine prompted me and asked if I would like to have my receipt e-mailed to me.
Back when I was in grade school we would pick teams for pickup games of dodge ball and kick ball. It never failed that the smaller kids were always left for last. Now, the funny thing was that the team captains judged the talent on size and it never failed that a kid named John was left out. However, this day we happened to play a pickup game of baseball and the team that finally picked John found out real quick that John for his small size was an amazing pitcher.
I've thought a lot lately about the convergence of IT and BAS and the rapidity at which new products and offerings are proliferating the market. I said to myself, if I was an owner, what would be the top 5 questions I would want my BAS consultant to be able to answer. The list that I created was not created in any particular order, but rather it is a semi-legible consolidation of my ramblings as those of you who have read my blogs in the past seem to enjoy (why else do I keep getting readership :-D ).
BACnet, LON, Obix, M-Bus and P-Bus... There is a veritable alphabet soup of controls protocols and systems within the market place and although the industry is moving towards an open framework, we still have a ways to go.
Wow! What an eventful week I have had. I read through the Cylance Google Hack article again and after fully digesting the information around the hack I had an epiphany.
Most facility owners are just a few clicks away from a multi-million dollar due care/due diligence lawsuit.
I will get into the how in a second but let's first describe what due care and due diligence means.
Do a quick search on building and energy websites and what comes up within the first page? You have some stuff from the DOE (Department of Energy) and other government entities but chances are you will only find one of the top 5 building and energy websites during your search. This means that decision makers, consultants, and designers are missing out on key information that directly impact the efficiency and effectiveness of their building management and energy programs.
