Why Hackers Love Smart Buildings
Kanebridge News
BUY KANEBRIDGE
quarterly MAGAZINE
0 $ 0.00

No products in the cart.

Wishlist -
Futuristic Feng Shui-Designed Malibu Mansion Once Asking $57 Million Heads to Auction The generational investment divide for Australians The Power Move of Working the 5-to-9 Before the 9-to-5 Broken Chandeliers and Oven Fires: What Happens When a Real-Estate Pro Damages a Listing? What the experts say the Federal Government’s budget means for the Australian housing market Aston Martin’s Muscular Vantage Is a Combination of Sophistication and Aggression Two Former Military Forts Floating off the Coast of England Head to Auction as Lavishly Amenitised Properties The Art Market is Down. A Cyberattack at Christie’s May Make Things Worse. Quirky Architectural Mansion Asking $7.69 Million in Palm Springs Puts a Spin on Old Hollywood Glamour The top suburbs where population growth is driving up property values Suddenly There Aren’t Enough Babies. The Whole World Is Alarmed. A Car That Costs as Much as a House Is the Latest ‘Dream’ of America’s Upper Middle Class Five Things You Should Stop Doing Before Applying For a Home Loan Manila’s Bel-Air Neighbourhood Is as Posh as It Sounds Marriage Takes Work—Especially When Only One Spouse Retires Australian Government Walks Fine Budget Line With RBA Primed to Hike New York City Reigns as the World’s Hub for Millionaires The Australian cities where working from home is still out of favour The Pricey-Yet-Chill Resort Town of Sitges Is Luring American Buyers Questions Potential Business Partners Should Ask Themselves
Share Button

Why Hackers Love Smart Buildings

When all of a building’s systems are online, the cybersecurity risks become much greater.

By Suman Bhattacharyya
Fri, Sep 10, 2021 11:31amGrey Clock 4 min

Buildings are getting smarter, and that opens them up to a host of new cybersecurity risks.

In recent years, building managers increasingly have relied on internet connections and computer networks to manage pretty much any part of a building you can think of—including elevators and escalators; ventilation, heating and air conditioning systems; office machines like printers and conference-room audiovisual equipment; security and fire-safety systems; and appliances like refrigerators and coffee makers.

These smart technologies can make buildings more efficient and monitor maintenance and repair needs, allowing building operators to address problems proactively, rather than fixing malfunctions as they occur. During the pandemic, they have made it easier to monitor airflow and people’s movements within buildings.

Smart buildings “satisfy a lot of things that we’re trying to do in real estate,” says Jason Lund, a managing director at commercial real-estate services company Jones Lang LaSalle. He says, among other things, it allows building managers to create more-sustainable and greener buildings, deal with Covid risks more effectively, and maximize space more efficiently.

“All of those things being managed technologically is a good thing,” Mr. Lund says. “The backside of it is that all of them become hackable.”

The problem isn’t just that hackers can gain access to any one building-management system. The real danger is if they are able to gain access to a single system—say, lighting—and then find their way from there into many or all of the building’s other systems, whether those systems are linked to a common network or not.

“They can control lights, they can control air flow, they can control the elevators—anything that you can think that a building does can be exposed,” says Fred Gordy, director of cybersecurity at Intelligent Buildings, a smart-building consulting and advisory firm. “We had a particular case where it was a hospital group” whose systems were attacked for a ransom, he says, “and they were unable to do anything with the systems, so they had to cancel surgeries [and] send people away.”

Mr. Gordy says the number of ransomware attacks on the firm’s clients grew 600% in 2020. In 2019, he says, “our customers that were attacked represented 100 million square feet in commercial real estate. In 2020, our customers that were attacked represented 1.8 billion square feet of commercial real estate.”

What’s more, hackers who infiltrate building-management systems might also be able to work their way into a company’s corporate communications and databases, where they can loot the company’s proprietary information or hold it for ransom.

Getting in and around

So how does all this happen? One way hackers commonly gain initial access is to steal the login credentials—or obtain the stolen credentials from a third party—that a vendor uses to upload invoices to the building manager’s billing system, says Mr. Lund.

Once they’ve gained access to a billing system, or gotten into the building manager’s computer system through any other internet-connected point, hackers have many ways of broadening their access. One of the most common is to use whatever information they have found to create convincing phishing emails that prompt employees or other vendors to reveal login and password information for other systems.

One way to cut down on that risk is to link all the various building services to a single network that can be monitored and controlled by cybersecurity experts, says Adam Stark, senior technology consultant for smart buildings and smart workplaces at JLL.. But that network—and everything on it—remains vulnerable if it isn’t sufficiently protected.

Hackers can move around a network like this by taking advantage of weak safeguards in place for the various systems and devices connected to the network, says Ron Cirillo, vice president of cybersecurity and service excellence at Oxford Properties Group.

“There’s a lot of very lazy work that went into designing authentication methods and identity-management methods” at many buildings, he says, citing weak passwords as one example, particularly for what might be considered relatively unimportant devices whose vulnerability to hackers might be overlooked.

“It has been my experience that operators do not tend to think of these smart devices—your coffee maker, for example—in the same way that they would think of a server or desktop computer,” Mr. Cirillo says. “As such, they will often neglect to change a factory default password, or if they do change it, they will often assign poor passwords and/or assign all devices the same password to keep it simple.”

Systems that are clearly essential also often aren’t well protected, he says, and so are easy prey for a hacker who has broken into a network. For instance, a hacker using the guest Wi-Fi in a shopping mall could find a building-management system on the same network, and “if that building-management system is using a factory default password, you could Google the password and you could sit in a mall food court and take over the air conditioning or the lighting,” he says.

Setting up barriers

Cybersecurity experts cite what they call network segmentation as crucial to keeping hackers from running amok once they’ve gained access to a computer network. Segmentation simply means building barriers into a network so that someone who has access to one system can’t easily gain access to other systems on the network.

“We logically segment every system, so in other words that if you are the air-conditioning vendor you can log into the air conditioner using our privileged access-management system, but you’re not able to route to, say, the lighting system, or the overall building-management system,” says Mr. Cirillo.

“The challenge is that putting that kind of network segmentation in place requires hiring skilled network engineers, and it requires time and effort,” he says.

Requiring multifactor authentication for anyone to access any part of the network is another basic step that goes a long way toward thwarting attacks and keeping them from spreading, the experts say.

But, of course, even with the most conscientious controls in place, no system is invulnerable. A breach is always possible “because the human-being side of it is one of the hardest to monitor,” says Mr. Lund, pointing to the risks from phishing emails, stolen user credentials and uncancelled login access for departed employees.

Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide.


MOST POPULAR
11 ACRES ROAD, KELLYVILLE, NSW
Home in the Hamptons: A contemporary and comfortable residence in the heart of Kellyville

This stylish family home combines a classic palette and finishes with a flexible floorplan

35 North Street Windsor
A Touch of Magic at this Beautiful Period Cottage

Just 55 minutes from Sydney, make this your creative getaway located in the majestic Hawkesbury region.

Related Stories
Money
The Power Move of Working the 5-to-9 Before the 9-to-5
By CALLUM BORCHERS 17/05/2024
Lifestyle
Aston Martin’s Muscular Vantage Is a Combination of Sophistication and Aggression
By JOHN SCOTT LEWINSKI 16/05/2024
Money
The Art Market is Down. A Cyberattack at Christie’s May Make Things Worse.
By KELLY CROW 15/05/2024
The Power Move of Working the 5-to-9 Before the 9-to-5

Working a regular day, even into the evening, is for mere mortals. Those out to impress start well before dawn.

By CALLUM BORCHERS
Fri, May 17, 2024 4 min

As a competitive rower in my long-ago prime I sometimes used a racing strategy called fly and die. Sprinting to an early lead often yielded a fast overall time, even if I couldn’t hold my torrid pace through the finish line.

Some professionals take a similar approach to their desk jobs, starting their workdays with a 5 a.m. to 9 a.m. shift. They are up before the sun—and, more important, before their co-workers—to get a jump on the workday and impress the boss.

Nothing screams go-getter like a predawn email! Getting stuff done early allows them to clock out midafternoon and still look like stars, even if their routines require Ben Franklin-esque sleep schedules and vats of caffeine.

Melissa O’Blenis rises by 4:30 a.m. for prayer and Peloton time before starting her job at the digital consulting firm Argano.

“I just love checking things off my list,” she says. “I need that focus time away from Teams messages, email notifications and text alerts.”

A mother with two sets of twins, O’Blenis, 48, often breaks for her kids’ afternoon sports without feeling guilty or judged. Colleagues jokingly call her Granny because her 9 p.m. bedtime makes the early starts possible. But Granny got the last laugh when she was promoted to a director-level role in March.

More than 90% of knowledge workers want to flex their hours, according to surveys by Slack’s Future Forum . In the pandemic many of us got in the habit of handling personal commitments during standard business hours, then catching up on work tasks later .

Now that the office battle is largely over, fighting a return to rigid, 9 a.m. to 5 p.m. schedules might be workers’ last stand. But managers complain about afternoon dead zones when employees are out of pocket.

The solution for more workers is starting sooner instead of finishing later. Workflow software maker Asana reports that 21.4% of users are logging on between 5 a.m. and 9 a.m. this year, up from 19.8% in 2021. About 12% of work tasks are completed before 9 a.m., the company says, compared with 10% before the pandemic.

Early-bird bosses

Gibran Washington and his basketball teammates at Hofstra University used to run at 6 a.m. He maintained his early wakeups while climbing the ranks in food-and-beverage management.

By 9 a.m. meetings, he had already exercised, meditated and put in a couple of hours of work.

“I always found myself more prepared than my colleagues who hadn’t had their first cup of coffee yet,” says Washington, 40, who doesn’t drink coffee. Now he is chief executive of Ethos Cannabis, a chain of 12 dispensaries in three states, and rises as early as ever.

Waking and working ahead of the pack is a common CEO habit, from Apple ’s Tim Cook to General Motors ’ Mary Barra . Even if your ambitions are less grand than the corner office, starting early could help you stand out for one simple reason: The boss is probably up, too, and taking notice.

Matt Kiger says being the first one into the office helped him catch his manager’s eye and advance after changing careers from education to media sales. He would set his alarm for 5 a.m., hop a train from Connecticut to New York and be at his workstation before 7.

“I thought, ‘What is it going to take to break through?’” he recalls. “‘It’s going to take being there when my boss comes in, already at my desk making phone calls.’”

Now a senior vice president for digital sales at Townsquare Media , Kiger, 47, says much of the daily communication among company leaders happens by text and phone from 6 a.m. to 8 a.m. It’s possible to succeed as a night owl, he says, but people who sleep in risk missing a window when many executives are awake and accessible. While some working parents can’t swing early-morning meetings, others like Kiger say they are the key to being present at kids’ after-school activities.

Getting the worm

Matt Sunshine—whose surname surely predestined him to be a morning person—wakes at 5:30 a.m. to read the news. Then he cycles or takes a Pilates class and is on his computer by 7.

Sunshine is CEO of the Center for Sales Strategy in Tampa, Fla., which helps healthcare, media and professional-services companies generate leads. He doesn’t expect his 55 employees to follow his schedule but says it becomes progressively harder to get his attention as the day goes on and his calendar fills up with meetings. He also tries to log off by 5:30 p.m. for family time, so working after hours won’t necessarily make an impression.

“If you want to get my attention, a good time to get me is first thing in the morning,” Sunshine, 55, says. “Because people know I’m an early riser, I think that does influence other people to do the same.”

Elvi Caperonis’s morning routine is next-level organised. Her alarm rings at 6 a.m. She goes for a run at 6:30. At 7 she showers and eats breakfast. At 7:30 she opens her laptop and sets a timer for 25 minutes. That’s her first block to focus on the most important task of the day before a five-minute break. She repeats the on-off work pattern throughout the day.

Caperonis, a technical program manager at Amazon , makes a daily to-do list with nine items. She rates one critical, three medium-level and five lower-priority. This helps her work efficiently and in the right order.

The 41-year-old works from home in Florida and often picks her daughter up from school at 2:30 p.m., freedoms she has preserved partly by being highly productive early in the day, she says. Much of her job involves identifying potential risks to a project’s success, and when she sends an early-morning alert it arrives really early for company leaders in the Pacific time zone.

“They appreciate having that information first thing when they open their email,” she says. “In my experience, leaders are also early birds.”

MOST POPULAR
11 ACRES ROAD, KELLYVILLE, NSW
Home in the Hamptons: A contemporary and comfortable residence in the heart of Kellyville

This stylish family home combines a classic palette and finishes with a flexible floorplan

35 North Street Windsor
A Touch of Magic at this Beautiful Period Cottage

Just 55 minutes from Sydney, make this your creative getaway located in the majestic Hawkesbury region.

Related Stories
hybrid v electric
Lifestyle
Hybrid v Electric: what you need to know in 2024
By Josh Bozin 25/03/2024
Aerial: Perth city skyline Elizabeth Quay
Property
The Australian property investment market bounces back
By Bronwyn Allen 09/02/2024
Property
The top 7 ways COVID changed the Australian property market
By Bronwyn Allen 12/03/2024
Load More
Kanebridge MEDIA
Level 2/350 George St,
Sydney NSW 2000
CONNECT with us
0
    Your Cart
    Your cart is emptyReturn to Shop
    Continue Shopping