<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2854636358152850&amp;ev=PageView&amp;noscript=1">
3 min read

Guess who Just Hacked a Building Automation System?

By Phil Zito on Feb 17, 2016 12:31:04 PM

Woke up to news early this week, IBM X-Force hacked a Building Automation System using a combination of common vulnerabilities. Based on the report IBM produced, here is what happened.

Topics: Security building automation systems Building Controls cybersecurity
13 min read

The Hows, Whys, and Whats of Remote Access to Your BAS

By Phil Zito on Aug 26, 2014 2:51:11 PM

I recently received an e-mail question via the Contact Phil Section of my blog. I enjoy writing articles for my blog but I enjoy even more when I get interaction from my readers.

The question posed by my subscriber is pertinent to so many people that I felt it deserved to be posted in its entirety.

Topics: VPN building automation systems Building Controls cybersecurity
8 min read

BAS Hacking 101: Scan and Enumerate

By Phil Zito on May 16, 2014 12:30:24 PM

BAS Hacking 101: Scanning and Enumeration

In the BAS Hacking series I am diving deep into the bowels of building automation networks and systems! I am going to take you through the full process of exploiting a system so that you can better understand the thought process of your attackers. The series consists of 4 articles:

Topics: building automation systems Building Controls cybersecurity
8 min read

BAS Hacking 101: Target Selection

By Phil Zito on Dec 19, 2013 12:57:08 PM

In the BAS Hacking series I am diving deep into the bowels of building automation networks and systems! I am going to take you through the full process of exploiting a system so that you can better understand the thought process of your attackers.

Topics: building automation systems Building Controls cybersecurity
2 min read

BAS Hacking 101 Overview

By Phil Zito on Dec 7, 2013 12:17:17 PM

My article How to Hack a Building Automation System is one of my most read articles. However, one of the criticism's I received was that it didn't go into how to actually hack a BAS. Being that December is Data Security Month, I am going to walk you through the a BAS Hack on a system I have here in my house.

Topics: Security building automation systems cybersecurity
5 min read

How a BAS Hacker Can Create a Multi-Million Dollar Law Suit in a Few Clicks

By Phil Zito on Aug 20, 2013 8:54:24 PM

Wow! What an eventful week I have had. I read through the Cylance Google Hack article again and after fully digesting the information around the hack I had an epiphany.

Most facility owners are just a few clicks away from a multi-million dollar due care/due diligence lawsuit.

I will get into the how in a second but let's first describe what due care and due diligence means.

Topics: building automation systems Building Controls cybersecurity
3 min read

Who gives a $^&$ about BAS security?

By Phil Zito on Jun 9, 2013 2:35:41 PM

In this article I am responding to a great question from a fellow LinkedIn group member.

She asked, and I paraphrase, "Do you have any articles about why someone should even care about IT Security for their BAS?"

Topics: building automation systems Building Controls cybersecurity
9 min read

The Fundamentals of Building Automation Security

By Phil Zito on Jun 8, 2013 1:32:27 PM

Prior to reading this article I HIGHLY RECOMMEND you view the video below. This video will give you foundational knowledge of the building automation security topics I will discuss below.

Topics: building automation systems Building Controls cybersecurity