Hey folks, Phil Zito here and welcome back. In the past two posts, we've been diving very deep into how to secure your building automation system. In this post, we are going to kind of take what we've covered so far, and we're going to add a little bit of color to it. However, we're mainly going to focus in on BAS attack methods.
19 min read
How to Secure Your BAS - Part 3
By Phil Zito on Jul 19, 2022 5:00:00 AM
Topics: Building Automation System cyber security smartbuildings cybersecurity service bas projects services
14 min read
How to Secure Your BAS - Part 2
By Phil Zito on Jul 14, 2022 5:00:00 AM
Hey folks, Phil Zito here and welcome back. In this post, we're going to continue discussing how to secure your building automation system and we are going to be looking at a couple different things. In the previous post, we went through fundamentals, cybersecurity, talked about a couple things related to cybersecurity risks, risk assessments, controls, etc. Now we're going to look at cybersecurity capabilities of a BAS, we are going to look at and discuss the limitations of cybersecurity controls, and we're going to look at the human aspects of cybersecurity.
Topics: Building Automation System cyber security smartbuildings cybersecurity service bas projects services
15 min read
How to Secure Your BAS - Part 1
By Phil Zito on Jul 12, 2022 5:00:00 AM
Hey folks, Phil Zito here and welcome back. In this post, we are going to start a 3-part series on how to secure your building automation system. So, in this post, we are going to explore potential threats to building automation systems, how to assess risk, and common cybersecurity controls. This is mainly going to be a conceptual post and then the next two posts, we're going to get a little bit more hands-on, with the third post being very hands on. Be sure to read all 3 posts because if you skip this post, you won't understand most of the concepts. So, definitely don't skip this post.
Topics: Building Automation System cyber security smartbuildings cybersecurity service bas projects services PI Loops
15 min read
How to Sell More Services to Avoid Pipeline Dips
By Phil Zito on Jun 9, 2022 5:00:00 AM
Hey folks, Phil Zito here and welcome back. In today's post, we are going to be continuing our trend of looking at selling building automation systems. We are going to be talking about how to sell more services to avoid pipeline dips. This is something that everyone should be considering, but folks tend to struggle with doing.
Topics: Building Automation System analytics smartbuildings cybersecurity graphics BAS Training bas projects questions retrofit remote monitoring pipeline selling services
3 min read
Guess who Just Hacked a Building Automation System?
By Phil Zito on Feb 17, 2016 12:31:04 PM
Woke up to news early this week, IBM X-Force hacked a Building Automation System using a combination of common vulnerabilities. Based on the report IBM produced, here is what happened.
Topics: Security building automation systems Building Controls cybersecurity
13 min read
The Hows, Whys, and Whats of Remote Access to Your BAS
By Phil Zito on Aug 26, 2014 2:51:11 PM
I recently received an e-mail question via the Contact Phil Section of my blog. I enjoy writing articles for my blog but I enjoy even more when I get interaction from my readers.
The question posed by my subscriber is pertinent to so many people that I felt it deserved to be posted in its entirety.
Topics: VPN building automation systems Building Controls cybersecurity
8 min read
BAS Hacking 101: Scan and Enumerate
By Phil Zito on May 16, 2014 12:30:24 PM
BAS Hacking 101: Scanning and Enumeration
In the BAS Hacking series I am diving deep into the bowels of building automation networks and systems! I am going to take you through the full process of exploiting a system so that you can better understand the thought process of your attackers. The series consists of 4 articles:
Topics: building automation systems Building Controls cybersecurity
8 min read
BAS Hacking 101: Target Selection
By Phil Zito on Dec 19, 2013 12:57:08 PM
In the BAS Hacking series I am diving deep into the bowels of building automation networks and systems! I am going to take you through the full process of exploiting a system so that you can better understand the thought process of your attackers.
Topics: building automation systems Building Controls cybersecurity
2 min read
BAS Hacking 101 Overview
By Phil Zito on Dec 7, 2013 12:17:17 PM
My article How to Hack a Building Automation System is one of my most read articles. However, one of the criticism's I received was that it didn't go into how to actually hack a BAS. Being that December is Data Security Month, I am going to walk you through the a BAS Hack on a system I have here in my house.
Topics: Security building automation systems cybersecurity
5 min read
How a BAS Hacker Can Create a Multi-Million Dollar Law Suit in a Few Clicks
By Phil Zito on Aug 20, 2013 8:54:24 PM
Wow! What an eventful week I have had. I read through the Cylance Google Hack article again and after fully digesting the information around the hack I had an epiphany.
Most facility owners are just a few clicks away from a multi-million dollar due care/due diligence lawsuit.
I will get into the how in a second but let's first describe what due care and due diligence means.