Combatting Vulnerabilities in Building Control Systems

A zero-day vulnerability in a popular building control system, Delta Controls, has been discovered by the security software firm McAfee. This flaw could allow cybercriminals, or hackers, to gain unwelcome access to a building’s control systems, such as boiler rooms, HVAC (i.e., heating, ventilation, and air conditioning) systems, and temperature controls, leaving the potential open for disastrous outcomes.

For example, a hacker who has gained access to the Delta Controls of a hospital could manipulate the pressure in an operating room, thereby increasing the chance of spreading airborne disease. Alarmingly, the threat is found across many industries, including telecom, education, health care, and government. The simplicity in design of most networks, i.e., having one central control unit, has its clear advantages, but the critical disadvantage is that with a single point of failure, the entire network can be compromised relatively easily. Thus, real estate firms are in a difficult position with regard to building control system hacking since so many of the systems inside the building are at risk for zero-day attacks.

Recommendations for preventing future building control system attacks are protecting network devices with a firewall, constantly monitoring network traffic for irregular activity, developing patches to the software in a timely manner, getting the word out to customers to install the patches immediately, and separating the affected devices from the rest of the network.