Thank you to all who attended the "I Can Hack Into Your Building. Stop Me." webinar. We had a great turnout with some very interesting questions and comments. During the webinar we learned exactly how easy it is to hack into the thousands of unprotected buildings around the world. We then discussed the 4 ways that we can protect ourselves, as follows.
1. Know what you have
Asset management. It's important to know how many systems you have online and how many connections they have. Is there a chiller in the backyard that is barely fenced and not watched - is there a device on it? This may be walking around with a clipboard or a more sophisticated process, but either way the first step to a secure system is knowing what is on the system.
Set up a firewall to keep people out of your system. As a second line of defence, make sure your building control system is locked up. It shouldn't be on the engineer's desk where people can use it for email or facebook — this makes you vulnerable to accessing information or files that may punch a whole in your system from the inside. Finally, disable network switch ports that are not being used for your building controls system. Ensure that they can't be used to plug in a malicious device, giving access to the entire system.
3. Human Management
It has been shown that almost all building control system breaches happen with known usernames and passwords. Ensure they are not shared. Don't click links in phishing emails. Change usernames and passwords regularly. Just as we teach "safety awareness" in the workplace, it is important to have "cybersecurity awareness."
4. Regular reviews
Regularly review your system. It is very common for integrators to have a service port into the system - this is not a bad thing, but it's important to know who the administrator is. Review it with the IT department so they know how it is set up and the guidelines to follow. Stay up-to-date on who has access to the system so you can catch potential problems before they arrive.
Listen to Fred and Ping discuss these and much more by watching the webinar replay.