AutomatedBuildings.com Article - Cyber Security Unawareness

In 2012 I began talking about cyber security related to our building control and facility systems and how this was one of the most important issues facing our industry. Since then we have seen cyber security incidents and vulnerabilities continue to be common and pose a global threat – no region or company is immune.

News of a cyber incident is nearly an everyday occurrence, while the scope and long-term damage associated with cyber incidents are escalating and at times, appear to not end. Take Target for example, we all know about the cyber incident that took place at the end of last year, yet the company is still dealing with ramifications---paying $67 million to Visa; $19 million to Mastercard; several on-going lawsuits; still trying to recover from a major hit to its brand and a loss in customer confidence.

While cyber incidents that result in the theft of millions of pieces of personal data get big headlines, cyber incidents with operational technologies such as SCADA and building control systems is one of the biggest untold stories because such attacks are not reported as much or do not make main stream news as do the many cyber stories we all are familiar with. The fact is building automation and management systems are now firmly integrated within network infrastructures and while these systems provide significant benefits, they also expose companies to greater cyber security risks.

According to Marina Krotofil, a researcher at Hamburg University of Technology, hackers have been penetrating control systems since 2006. When it comes to control systems, a report by Dell Security, shows cyber-attacks on control systems doubled last year – increasing 600% since 2012.

A recent survey by the SANS Institute reveled that one-third of the respondents who actively maintain, operate or provide services to facilities maintaining control systems said their organization’s system had experienced a cyber incident. Of those, 17% acknowledged six or more breaches had occurred so far this year, up from 9% in all of 2014 with another 11% saying they had suffered between six and ten breaches. Even more chilling, 3.8 % thought they could have been breached up to 50 times.

And if you think cyber incidents just happen at large organizations, think again. A recent survey of small businesses by the Ponemon Institute, found that 55% of the respondents experienced a breach in 2013 with 53% of those experienced more than one breach in the same year.

Cyber security is hard, no one will deny that, but what is even harder is recovering from an incident. When it comes to cyber security, the fundamentals have changed. Threats and vulnerabilities to building systems can be entry points into the company’s network and become a pivot point that can bypass many existing network defenses.

From a business perspective, the negative consequences that cyber incidents can cause are disruptive and potentially catastrophic. The value of taking additional measures to increase the cyber security posture of our control systems, far outweigh the risk of not making them secure. Given the evolving landscape of cyber security incidents, we must be prepared if a cyber security breach occurs by setting forth strategies, plans and defenses to combat the operational, reputational and financial harm caused by an incident. It’s more important now than ever before to be aware, understand the principles of cyber security and take additional measures. There's probably no issue facing our control systems that has become more crucial, more rapidly than proactive cyber security vigilance. Cyber security has evolved into a strategic, business-critical priority. Cyber security unawareness is not an option.

Events	Want Ads
Our Sponsors	Resources