As commercial buildings get ‘smarter,’ concerns rise over cybercrime

As buildings become increasingly connected, opportunistic hackers have countless avenues into a building’s network. 

May 31, 2016 |
David Barista

Photo: Mass Communications Specialist 1st Class Corey Lewis , U.S. Navy, via Wikimedia Commons; photo filter via BeFunky.com

November 15, 2013, was the day that put cybercrime on the map in the U.S. commercial real estate world. In one of the largest data breaches on record, a team of hackers nabbed payment card records and personal information of nearly 110 million Target store customers worldwide.

The retail giant took a massive hit to its reputation, as well as its pocketbook. (Target reported a gross financial loss of $252 million related to the cybercrime.)

A little-known fact about the Target data breach that came to light months after the crime was how exactly the hackers gained access to the retail giant’s network: through the building systems infrastructure. The perpetrators swiped network credentials from an HVAC contractor who had performed refrigeration and HVAC work at one of the store locations. While the details remain sketchy—especially how an HVAC contractor’s credentials for access to building systems data provided a backdoor into Target’s payment system network—the case highlights the vulnerability of commercial real estate owners.

After years of talking about cyber security, owners and developers are starting to take action, and they’re leaning on their AEC partners for guidance and support. At a recent BD+C-hosted AEC industry roundtable in Chicago, several architects mentioned that cyber security is now a top concern of more than one of their major clients.

As buildings become “smarter” and increasingly connected—through advanced systems controls, communications protocols, building automation platforms, networked tenant devices, and Internet of Things technology—opportunistic hackers have countless avenues into a building’s network, to gain access to critical data or even take control of a building’s systems.

The number of installed IP-enabled, management-level HVAC controllers is expected to grow by 26% to 1.1 million worldwide by 2018. The vast majority of these systems—as much as 95%, according to building cyber security firm Intelligent Buildings—have insecure connections to the Internet. Two-thirds of controls vendors have remote access to clients’ building systems, and 92% of building systems computers are running outdated, insecure, or un-patched software. Most alarming: 40% of building control and monitoring systems have a potential backdoor to the corporate network, according to Intelligent Buildings data.

After years of talking about cyber security, owners and developers are starting to take action, and they’re leaning on their AEC partners for guidance and support. At a recent BD+C-hosted AEC industry roundtable in Chicago, several architects mentioned that cyber security is now a top concern of more than one of their major clients.

To date, there have been several confirmed and unconfirmed attacks on building systems, according to Fred Gordy, Intelligent Buildings’ Director of Cyber Security. They range from relatively innocuous cases (“lights have mysteriously turned off during entertainment and sporting events”) to potentially deadly episodes (“a German steel mill control system was hacked, and the alarms and operator overrides were disabled, resulting in a meltdown that poured molten steel in the building”). One confirmed case involved a hacker breaking into a generator control system and programming the generator to destroy itself. (Gordy says generators are especially easy targets because they are externally exposed and rarely under surveillance.)

If your clients haven’t yet reached out to inquire about cyber security, chances are it will happen soon, so you need to be prepared. Deloitte’s 2015 white paper on the topic is a good place to start.

David Barista | Building Team Blog
Building Design+Construction
Editorial Director

David Barista is Editorial Director of Building Design+Construction and BDCnetwork.com, properties that combined reach more than 100,000 commercial building professionals, including architects, engineers, contractors, and building owners. David has covered the U.S. construction industry for more than a decade, previously serving as Editor-in-Chief of BD+C, Professional Builder, Custom Builder, and HousingZone.com. He has won numerous editorial awards, including six Jesse H. Neal Awards and multiple honors from the Construction Writers Association and the American Society of Business Publication Editors.

Email: dbarista@sgcmail.com

Related Blogs

Illustration: Pixabay

December 30, 2016 | Building Team | Building Team Blog

Women AEC professionals need you to take action. 

Lissette Méndez-Boyer (left) and Natalya Shimanovskaya work on their FABRICation project at Beyer Blinder Belle’s New York office. Photo courtesy BBB

September 06, 2016 | AEC Tech | Building Team Blog

AEC firms are taking a page from the tech industry, by infusing a deep commitment to innovation and disrupt...

Intel Co-founders (l. to r.): Andrew Grove, Robert Noyce, and Gordon Moore. Photo: Wikimedia Commons   

June 27, 2016 | AEC Tech | Building Team Blog

“Sooner or later, something fundamental in your business world will change.” The late Andrew Grove (1936-20...

Lexus RX 450h self-driving car. Photo: Wikimedia Commons

May 09, 2016 | AEC Tech | Building Team Blog

Despite popular belief, the country is not in a great age of technological and digital innovation, at least...

Deep Learning + AI: How machines are becoming master problem solvers

The world’s top Go player Lee Sedol puts the first stone against Google’s artificial intelligence program AlphaGo during the third match of the Google DeepMind Challenge match in Seoul, South Korea. Photo: Reuters/Google/Yonhap

March 31, 2016 | AEC Tech | Building Team Blog

Besides revolutionary changes to the world’s workforce, artificial intelligence could have a profound impac...

Yotel, New York City. Photo: JasonParis, flickr creative commons

March 09, 2016 | Hotel Facilities | Building Team BlogRobert Cassidy, Executive Editor

Hotels are going for a new minimalist look to attract younger guests, but some older business travelers don...

Is the booming freelance economy a threat to AEC firms?

Photo: Pixabay

February 24, 2016 | Architects | Building Team Blog

By shifting the work (and revenue) to freelancers, “platform capitalism” startups have taken considerable m...

How the Fourth Industrial Revolution will alter the globe’s workforce

Photo: Pixabay

January 26, 2016 | BIM and Information Technology | Building Team Blog

The next great technological metamorphosis will be unlike anything humankind has experienced before, due to...

Potential vs. credential: How men and women differ in career progress

Courtesy Pixabay

January 05, 2016 | Architects | Building Team BlogDavid Barista, Editorial Director

Recent research suggests that women face yet another career impediment: the confidence gap.

Meet the world’s next great construction superpower

Photo: Wili Hybrid via Wikimedia Commons 

December 23, 2015 | Industry Research | Building Team Blog

There’s a new world construction hotbed coming down the pike (more specifically, the Mumbai Nashik Expressw...

Overlay Init