Latest from Building Automation

Modular Building Institute
Robert Churchill/iStock
Robert Churchill/iStock
Robert Churchill/iStock
Robert Churchill/iStock
Robert Churchill/iStock

IT Pros Advised on Preventing BAS Hacking

Jan. 7, 2015
Gordy explained that by looking for meta-characteristics, or patterns, that do not fit the normal routine, IT professionals can tell if their systems have been hacked.
Robert Churchill/iStock

During a Realcomm Real Estate CIO Forum in Atlanta Nov. 20, Fred Gordy, operational technology manager for McKenney’s Inc. and chairman of the InsideIQ Building Automation Alliance Cybersecurity Committee, explained simple but effective ways facility operators can guard against hackers.

“Social engineering is the process of engineering a situation to your advantage,” Gordy said. “For hackers, this means obtaining account information through spying, misrepresentation—such as by impersonating someone—or other means in order to gain access to a network. IT (information technology) managers need to be aware of this practice and understand that many networks are actually hacked using legitimate log-in information.”

Gordy explained that by looking for meta-characteristics, or patterns, that do not fit the normal routine, IT professionals can tell if their systems have been hacked. For example, a building may typically have 20 setpoint changes in a week during the summer, always between 2 p.m. and 4 p.m.

“If analytics reveal variations to a pattern—for example, 20 setpoint changes late on a Saturday night—then IT staff can look at these instances more closely and determine if a hack occurred,” Gordy said.