Why Hackers Love Smart Buildings
Kanebridge News
Share Button

Why Hackers Love Smart Buildings

When all of a building’s systems are online, the cybersecurity risks become much greater.

By Suman Bhattacharyya
Fri, Sep 10, 2021 11:31amGrey Clock 4 min

Buildings are getting smarter, and that opens them up to a host of new cybersecurity risks.

In recent years, building managers increasingly have relied on internet connections and computer networks to manage pretty much any part of a building you can think of—including elevators and escalators; ventilation, heating and air conditioning systems; office machines like printers and conference-room audiovisual equipment; security and fire-safety systems; and appliances like refrigerators and coffee makers.

These smart technologies can make buildings more efficient and monitor maintenance and repair needs, allowing building operators to address problems proactively, rather than fixing malfunctions as they occur. During the pandemic, they have made it easier to monitor airflow and people’s movements within buildings.

Smart buildings “satisfy a lot of things that we’re trying to do in real estate,” says Jason Lund, a managing director at commercial real-estate services company Jones Lang LaSalle. He says, among other things, it allows building managers to create more-sustainable and greener buildings, deal with Covid risks more effectively, and maximize space more efficiently.

“All of those things being managed technologically is a good thing,” Mr. Lund says. “The backside of it is that all of them become hackable.”

The problem isn’t just that hackers can gain access to any one building-management system. The real danger is if they are able to gain access to a single system—say, lighting—and then find their way from there into many or all of the building’s other systems, whether those systems are linked to a common network or not.

“They can control lights, they can control air flow, they can control the elevators—anything that you can think that a building does can be exposed,” says Fred Gordy, director of cybersecurity at Intelligent Buildings, a smart-building consulting and advisory firm. “We had a particular case where it was a hospital group” whose systems were attacked for a ransom, he says, “and they were unable to do anything with the systems, so they had to cancel surgeries [and] send people away.”

Mr. Gordy says the number of ransomware attacks on the firm’s clients grew 600% in 2020. In 2019, he says, “our customers that were attacked represented 100 million square feet in commercial real estate. In 2020, our customers that were attacked represented 1.8 billion square feet of commercial real estate.”

What’s more, hackers who infiltrate building-management systems might also be able to work their way into a company’s corporate communications and databases, where they can loot the company’s proprietary information or hold it for ransom.

Getting in and around

So how does all this happen? One way hackers commonly gain initial access is to steal the login credentials—or obtain the stolen credentials from a third party—that a vendor uses to upload invoices to the building manager’s billing system, says Mr. Lund.

Once they’ve gained access to a billing system, or gotten into the building manager’s computer system through any other internet-connected point, hackers have many ways of broadening their access. One of the most common is to use whatever information they have found to create convincing phishing emails that prompt employees or other vendors to reveal login and password information for other systems.

One way to cut down on that risk is to link all the various building services to a single network that can be monitored and controlled by cybersecurity experts, says Adam Stark, senior technology consultant for smart buildings and smart workplaces at JLL.. But that network—and everything on it—remains vulnerable if it isn’t sufficiently protected.

Hackers can move around a network like this by taking advantage of weak safeguards in place for the various systems and devices connected to the network, says Ron Cirillo, vice president of cybersecurity and service excellence at Oxford Properties Group.

“There’s a lot of very lazy work that went into designing authentication methods and identity-management methods” at many buildings, he says, citing weak passwords as one example, particularly for what might be considered relatively unimportant devices whose vulnerability to hackers might be overlooked.

“It has been my experience that operators do not tend to think of these smart devices—your coffee maker, for example—in the same way that they would think of a server or desktop computer,” Mr. Cirillo says. “As such, they will often neglect to change a factory default password, or if they do change it, they will often assign poor passwords and/or assign all devices the same password to keep it simple.”

Systems that are clearly essential also often aren’t well protected, he says, and so are easy prey for a hacker who has broken into a network. For instance, a hacker using the guest Wi-Fi in a shopping mall could find a building-management system on the same network, and “if that building-management system is using a factory default password, you could Google the password and you could sit in a mall food court and take over the air conditioning or the lighting,” he says.

Setting up barriers

Cybersecurity experts cite what they call network segmentation as crucial to keeping hackers from running amok once they’ve gained access to a computer network. Segmentation simply means building barriers into a network so that someone who has access to one system can’t easily gain access to other systems on the network.

“We logically segment every system, so in other words that if you are the air-conditioning vendor you can log into the air conditioner using our privileged access-management system, but you’re not able to route to, say, the lighting system, or the overall building-management system,” says Mr. Cirillo.

“The challenge is that putting that kind of network segmentation in place requires hiring skilled network engineers, and it requires time and effort,” he says.

Requiring multifactor authentication for anyone to access any part of the network is another basic step that goes a long way toward thwarting attacks and keeping them from spreading, the experts say.

But, of course, even with the most conscientious controls in place, no system is invulnerable. A breach is always possible “because the human-being side of it is one of the hardest to monitor,” says Mr. Lund, pointing to the risks from phishing emails, stolen user credentials and uncancelled login access for departed employees.



MOST POPULAR
11 ACRES ROAD, KELLYVILLE, NSW

This stylish family home combines a classic palette and finishes with a flexible floorplan

35 North Street Windsor

Just 55 minutes from Sydney, make this your creative getaway located in the majestic Hawkesbury region.

Related Stories
Lifestyle
High Gear—Luxury Bikes Are Making a Statement
By GEOFF NUDELMAN 30/10/2024
Money
Salma Hayek Pinault Redefined Hollywood. Now She’s Redefining Philanthropy.
By ELLEN GAMERMAN 30/10/2024
Lifestyle
Should You Hire a Chauffeur?
By JIM MOTAVALLI 29/10/2024
High Gear—Luxury Bikes Are Making a Statement
By GEOFF NUDELMAN
Wed, Oct 30, 2024 4 min

At the highest end of the spectrum, bikes are becoming a statement piece. Colourful, vibrant frames stand as pieces of art, made from the most efficient materials and using the latest in innovative technology and engineering.

These bikes, often produced in limited quantities, aren’t just for show. They’re built for long touring days, conquering exceptionally tough climbs, and traversing the nearest rock garden.

It’s also a corner of the market that’s seeing steady growth even as the overall bike market experiences some post-pandemic correction. Technavio estimates that the high-end bike segment will grow by another $5 billion by 2028, fuelled by a pack of affluent riders looking for the latest and greatest they can get on two wheels.

There are also more customization options available than ever before. Bike companies can go over every little detail of the build, from customizing a model in stock to creating a truly bespoke bicycle from scratch. Even the most discerning cyclist can find themselves satisfied by the endless choices in a bike made specifically for them.

Today’s cycling trends cater to two extremes. On one end, there are the racing enthusiasts who want aggressive geometry, the lightest-weight construction, and aerodynamics wherever possible. On the other, there are those who want a more comfortable ride, but still with the best possible components and durability.

These bikes represent some of the best the industry currently has to offer, from off-the-shelf to a weeks-long bespoke process.

1. Trek Top Fuel 9.9 Gen 4, $US10,500

The biggest names in the business are getting in on the high-end game. This option from Trek features the customisation options that mountain bikers need, while also having the support of a national brick-and-mortar network for service and maintenance. The Top Fuel is also an example of the growing trend of in-frame tool storage to keep things out of the way, with the bonus of maintaining the aerodynamic engineering that helps riders go fast and get up steep climbs. This bike also has enduring flexibility, with more room for a larger shock and broader suspension range.

2. Colnago C68 Gravel, $US13,200

The C68 Gravel is the rare handbuilt, Italian-made gravel bike and the burliest of the brand’s flagship “C Series.” Colnago

The Italians have a rich cycling history, and Colnago is no exception, with roots dating to 1954. Like most other bike brands, Colnago has adapted with the times and begun to build gravel-specific bikes meant to go off-road with ease, but maintain a step below full mountain biking. The C68 Gravel is the rare handbuilt, Italian-made gravel bike and the burliest of the brand’s flagship “C Series.” It is a full carbon fibre setup, with Colnago’s own handlebar layout, with two available colour options for the frame and three wheel choices.

3. Cannondale SuperSix EVO LAB71 Team, $US14,000

This bike is an exact replica of what EF Pro Cycling used throughout the 2024 Tour de France.
Cannondale

If you’ve ever wanted a chance to ride like the pros, this is it. Although several bike brands are offering a version of their Tour de France–competing models, there are few as striking as Cannondale’s offering. This bike is an exact replica of what EF Pro Cycling used throughout the 2024 Tour de France, securing the polka-dot jersey (best mountain climber) for one of its riders. LAB71 is part engineering experiment and part performance development for Cannondale, as the lineup has the brand’s lightest and most aggressive frames. As shown, the team edition features every possible upgrade, including a top-end drivetrain and a fully-integrated cockpit co-developed with MOMODesign.

4. No. 22 Bicycles 2024 Drifter X, Starting from $US14,800

New York-based No. 22 Bicycles launched the Drifter X as a racier version of the Drifter model, with more flexibility to go further and faster on choppier terrain.
No. 22 Bicycles

Titanium is more of an enthusiast’s choice for bike-frame construction as it offers a different ride quality compared to carbon fibre, but it also offers more options for total customisation. New York–based No. 22 Bicycles launched the Drifter X as a racier version of the Drifter model, with more flexibility to go further and faster on choppier terrain. Tire clearance between 28mm and 40mm puts this bike in a sweet spot for both pavement and gravel, with options to make cable routing semi- or fully integrated. Riders can also take advantage of several paint-finish options, including Cerakote, anodised, or keeping the frame finish “raw” in its purest state.No. 22 Bicycles also has a full bespoke program, where the company can tailor frames to the exact measurements of a specific rider.

This article originally appeared in the Fall Issue of Mansion Global Experience Luxury.

MOST POPULAR
11 ACRES ROAD, KELLYVILLE, NSW

This stylish family home combines a classic palette and finishes with a flexible floorplan

35 North Street Windsor

Just 55 minutes from Sydney, make this your creative getaway located in the majestic Hawkesbury region.

Related Stories
Money
Tariffs Are on the Table for U.S. Importers, Whatever the Election Outcome
By PAUL BERGER 23/08/2024
Lifestyle
Where Australians are moving to — and why they’re not coming back
By Robyn Willis 19/08/2024
Money
Revealing the tactics prestige brands use to keep buyers coming back for more
By Chelsea Spresser 14/10/2024
0
    Your Cart
    Your cart is emptyReturn to Shop