In House - The FindLaw Corporate Counsel Blog

Are Smart Buildings Vulnerable to Hacking?

While smart tech may make life that much more convenient, convenience comes at a cost.

Whereas before, we only needed to worry about hackers locking down our computer systems or stealing data, now, if your business is located in a smart building, or you own a smart building, there's another big hacking risk you need to be prepared for: Siegeware.

Siegeware is basically the evolution of ransomware. Instead of locking down a business or individual's systems and demanding a bitcoin payment to unlock it, hackers are locking down whole buildings that are equipped with Building Automation Systems (BAS) and demanding payments to end the siege. What's worse is that the more automation and smart tech a building is equipped with, the more opportunities hackers will have to exert pressure.

Smart Building, Dumb Security

For building owners and tenants in buildings with integrated smart tech, it'd be wise to run cybersecurity checks regularly. 

As cybersecurity experts have explained, often times, smart tech is left completely exposed on a network that is reachable via the internet. And while it might seem innocuous to have smart heating and cooling systems exposed to the internet with only rudimentary password protection, if a hacker can lock a building owner out of those systems and manipulate a building's temperature, there could be serious consequences (especially if that building happens to be a hospital). The stakes can go even higher if door locks, lighting, and emergency systems, like sprinklers, alarms, and more, are accessible.

Surprisingly, one of the big vulnerabilities for smart buildings (apart from the cybersecurity door being left wide open) involves IT contractors creating remote access points to what should be closed networks in order to provide services off-site.

Pulling the Plug on Hackers

Given that most hacking exploits are crimes of opportunity, beefing up cybersecurity can greatly reduce the risk of getting hacked.

Along with maintaining industry standard cybersecurity, simple things like using a firewall, or ensuring that smart tech is connected to an offline intranet, can go a long way to ensuring your smart building doesn't get made a fool of by hackers. Additionally, due to the crapshoot that is device security these days, it might make sense to require certain technical requirements for any device to be allowed to connect to the same network as any building automation systems.

Related Resources: