As commercial buildings get ‘smarter,’ concerns rise over cybercrime

As buildings become increasingly connected, opportunistic hackers have countless avenues into a building’s network. 

May 31, 2016 |
David Barista

Photo: Mass Communications Specialist 1st Class Corey Lewis , U.S. Navy, via Wikimedia Commons; photo filter via

November 15, 2013, was the day that put cybercrime on the map in the U.S. commercial real estate world. In one of the largest data breaches on record, a team of hackers nabbed payment card records and personal information of nearly 110 million Target store customers worldwide.

The retail giant took a massive hit to its reputation, as well as its pocketbook. (Target reported a gross financial loss of $252 million related to the cybercrime.)

A little-known fact about the Target data breach that came to light months after the crime was how exactly the hackers gained access to the retail giant’s network: through the building systems infrastructure. The perpetrators swiped network credentials from an HVAC contractor who had performed refrigeration and HVAC work at one of the store locations. While the details remain sketchy—especially how an HVAC contractor’s credentials for access to building systems data provided a backdoor into Target’s payment system network—the case highlights the vulnerability of commercial real estate owners.

After years of talking about cyber security, owners and developers are starting to take action, and they’re leaning on their AEC partners for guidance and support. At a recent BD+C-hosted AEC industry roundtable in Chicago, several architects mentioned that cyber security is now a top concern of more than one of their major clients.

As buildings become “smarter” and increasingly connected—through advanced systems controls, communications protocols, building automation platforms, networked tenant devices, and Internet of Things technology—opportunistic hackers have countless avenues into a building’s network, to gain access to critical data or even take control of a building’s systems.

The number of installed IP-enabled, management-level HVAC controllers is expected to grow by 26% to 1.1 million worldwide by 2018. The vast majority of these systems—as much as 95%, according to building cyber security firm Intelligent Buildings—have insecure connections to the Internet. Two-thirds of controls vendors have remote access to clients’ building systems, and 92% of building systems computers are running outdated, insecure, or un-patched software. Most alarming: 40% of building control and monitoring systems have a potential backdoor to the corporate network, according to Intelligent Buildings data.

After years of talking about cyber security, owners and developers are starting to take action, and they’re leaning on their AEC partners for guidance and support. At a recent BD+C-hosted AEC industry roundtable in Chicago, several architects mentioned that cyber security is now a top concern of more than one of their major clients.

To date, there have been several confirmed and unconfirmed attacks on building systems, according to Fred Gordy, Intelligent Buildings’ Director of Cyber Security. They range from relatively innocuous cases (“lights have mysteriously turned off during entertainment and sporting events”) to potentially deadly episodes (“a German steel mill control system was hacked, and the alarms and operator overrides were disabled, resulting in a meltdown that poured molten steel in the building”). One confirmed case involved a hacker breaking into a generator control system and programming the generator to destroy itself. (Gordy says generators are especially easy targets because they are externally exposed and rarely under surveillance.)

If your clients haven’t yet reached out to inquire about cyber security, chances are it will happen soon, so you need to be prepared. Deloitte’s 2015 white paper on the topic is a good place to start.

David Barista | BD+C Editors
Building Design+Construction
Editorial Director

David Barista is Editorial Director of Building Design+Construction and, properties that combined reach more than 100,000 commercial building professionals, including architects, engineers, contractors, and building owners. David has covered the U.S. construction industry for more than a decade, previously serving as Editor-in-Chief of BD+C, Professional Builder, Custom Builder, and He has won numerous editorial awards, including six Jesse H. Neal Awards and multiple honors from the Construction Writers Association and the American Society of Business Publication Editors.


Related Blogs

Suffolk Smart Lab in New York City, 2019 Giants 300 Report, 3 ‘Giant’ AEC market trends for 2019-2020  Photo: J. Michael Worthington, Jr., courtesy Suffolk Construction

The rise of data and data tools, like the Suffolk Smart Lab in New York City (pictured), is leading to more research projects among AEC firms. Photo: J. Michael Worthington, Jr., courtesy Suffolk Construction


August 15, 2019 | Giants 300 | BD+C Editors

We’re starting to see a shift toward custom research, thanks in part to the influx of data, data tools, and...

Amenities war no more? Research report explores multifamily market

The skylit 75-foot, three-lane lap pool at Hub, a 54-story rental tower of 750 apartments (150 affordable) in Brooklyn, N.Y., designed by Dattner Architects. Photo: Evan Joseph, courtesy Dattner Architects

July 31, 2019 | Multifamily Housing | BD+C Editors

Multifamily developers show no signs of pulling back on specialty spaces and unique offerings in an effort...

Annual mortgage payment plus property tax per average square foot of housing in US cities.

Source: World Business Chicago

April 30, 2018 | Multifamily Housing | BD+C EditorsRobert Cassidy

It's inaccurate to focus on property taxes as a percentage of home value without acknowledging the actual c...

MIT’s Simmons Hall, designed by Steven Holl

MIT’s Simmons Hall, designed by Steven Holl

January 05, 2018 | Big Data | BD+C EditorsDavid Barista, Editorial Director

At a time when research- and data-based methods are playing a larger role in architecture, there remains a...

Illustration: Pixabay

December 30, 2016 | Building Team | BD+C Editors

Women AEC professionals need you to take action. 

Lissette Méndez-Boyer (left) and Natalya Shimanovskaya work on their FABRICation project at Beyer Blinder Belle’s New York office. Photo courtesy BBB

September 06, 2016 | AEC Tech | BD+C Editors

AEC firms are taking a page from the tech industry, by infusing a deep commitment to innovation and disrupt...

Intel Co-founders (l. to r.): Andrew Grove, Robert Noyce, and Gordon Moore. Photo: Wikimedia Commons   

June 27, 2016 | AEC Tech | BD+C Editors

“Sooner or later, something fundamental in your business world will change.” The late Andrew Grove (1936-20...

Lexus RX 450h self-driving car. Photo: Wikimedia Commons

May 09, 2016 | AEC Tech | BD+C Editors

Despite popular belief, the country is not in a great age of technological and digital innovation, at least...

Deep Learning + AI: How machines are becoming master problem solvers

The world’s top Go player Lee Sedol puts the first stone against Google’s artificial intelligence program AlphaGo during the third match of the Google DeepMind Challenge match in Seoul, South Korea. Photo: Reuters/Google/Yonhap

March 31, 2016 | AEC Tech | BD+C Editors

Besides revolutionary changes to the world’s workforce, artificial intelligence could have a profound impac...

Yotel, New York City. Photo: JasonParis, flickr creative commons

March 09, 2016 | Hotel Facilities | BD+C EditorsRobert Cassidy, Executive Editor

Hotels are going for a new minimalist look to attract younger guests, but some older business travelers don...

Overlay Init