Almost four in 10 (39%) buyers of smart building tech admit to not taking steps to safeguard installations against hackers, a survey has revealed.
Conducted by the Electrical Contractors’ Association (ECA) and Scottish electrical trade body SELECT, the survey also revealed that 49% believed the cyber threat to unsecured networks was a potential barrier to adoption of connected technologies.
“These figures are very concerning, particularly when you consider the inherent risks in the modern day of not securing your business from hackers,” said Steve Martin, head of specialist groups at the ELA.
“Clearly this is an area which clients urgently need to address, given the anticipated growth in smart installations over the coming years.”
‘Smart’ or ‘connected’ technology is characterised as products that enable devices to communicate with each other, be controlled remotely via an internet connection and undertake automated and reactive tasks. This covers installations such as lighting, audio visual, fire, security and HVAC.
At present, just 20% of the UK’s commercial buildings are considered smart’ in this sense, although global spending on connected products – which form the internet of things – was worth $348m in 2016 and is expected to grow to $547m by 2018.
The survey canvassed hundreds of ECA members’ clients, including consultants, engineers, end clients, local authorities and facilities managers.
Google offices hacked and other smart building breaches
In 2014, security consultant Jesus Molina told US cybersecurity conference Black Hat he had commandeered control of the lighting, HVAC and entertainment systems of 200 rooms at a hotel in Chinese city Shenzhen.
A year before that, the US Department of Homeland Security revealed hackers had broken into a “state government facility” and made it “unusually warm”.
Google’s Sydney office was hacked through its building management system in the same year. Two cyber security experts discovered the vulnerabilities via IoT search engine Shodan.
Speaking to the BBC, one of these ‘benign’ hackers, Billy Rios, claimed there are 50,000 buildings currently connected to the internet, 2,000 of which lack any kind of password protection.
In 2013, the theft of millions of customers’ credit card data from US retailer Target was traced back to the heating and ventilation system.
More alarming still, a Ukrainian power station was disabled immediately before Christmas in 2015 by a spear-phishing attack – where an employee is duped into downloading malware, usually via email – leaving around 80,000 Ukrainian citizens without power.
Listen to the IFSEC Insider podcast!
Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.
Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.
