Building Automation Systems Face Cybersecurity Threats with Safety and Financial Implications

Building automation systems (BASs) have become a popular tool in recent decades to better coordinate the performance of building systems that otherwise would operate independently. However, these systems can also be a pathway for hackers to wreak cybersecurity mischief.

In an article for Facility Executive, William Hughes, principal research analyst with Guidehouse Insights, says that companies with a combined expertise in BAS, data networking, and cybersecurity are key to addressing the problem of building systems hackers.

“Unauthorized access to a BAS can be an annoyance, such as in cases where the hacker randomly changes temperature settings. At the other end of the spectrum, it can be a matter of life and death,” Hughes said. “For example, many BASs connect to the fire safety and security systems within a building. A hacker with access to the BAS could potentially disable these systems.”

There are several reasons why BASs, along with the data networks built to connect the various building systems, can fall through cybersecurity cracks. One common error is to assume that BASs are hard to find. Furthermore, the number of unprotected systems has exploded in the last eight years since 2013. Finally, facilities staff are not cybersecurity experts and IT staff are not BAS experts.

There is a growing field of companies that offers an alternative to the BAS manufacturers and IT cybersecurity specialists. These companies have combined expertise in BAS, data networking, and cybersecurity. Guidehouse Insights forecasts that the market for BASs will grow 19% in 2021 and 16% in 2022.

“With this kind of growth and the increasing likelihood of the BASs being connected to the internet, these types of companies will likely continue to be very busy,” Hughes said. 

Read the full article