What happens when hackers springboard from your building automation system to your tenants’ networks
By: Zach Denning
I’d like to preface this article by stating that during our research we reached out to every building owner that had vulnerabilities with details of information we discovered – All without cost to them and without the expectation of future work.
At no time did we attempt to login or ‘hack’ a building automation system – We simply tested these networks for vulnerabilities easily exploited by hackers.
It’s our initiative to secure sites where our HVAC Partners implement our software platform while educating owners of vulnerabilities relating to building automation.
In the last article ‘Your building is the next Target for hackers’ we discussed how easy it is to penetrate building automation systems and even new ways to drop a virus payload to the network through open protocols like Bacnet IP.
We even found over +300 different buildings with the Bacnet IP port open to the Internet, screaming to get hacked.
Didn’t read it? No worries, this article is the one for you, as we explore what happens when your building becomes the target of a hacker!
Here are a few fun facts to peruse through if your building happens to become a hacker’s playground:
All of your files are now garbage: $80,000.00 in lost time/revenue per tenant
A virus spreads throughout a network like cancer through a body, injecting its code into every file. If somebody attempts to wipe the virus they would have to clean every file.
Virus removal is extremely time consuming and challenging as providers have to ensure complete removal or there’s a chance it will re-emerge at a later time.
You hire an IT security contractor to retrieve lost files: $30,000.00/month/tenant
Unfortunately, cleaning files typically on retrieves 30% of files on average – Meaning the remaining files must be recreated from old archives – Because you’ve been backing up files for years…
You get sued: +$2M
Every lease is different, but in some leases it’s the owner’s responsibility to maintain the building automation. When it becomes the spring-board for a major hack chances are you’re going to get sued.
To make matters worse, your Internet Security Insurance Policy won’t cover anything because your existing security didn’t meet minimum requirements – Sorry!
You lose tenants: $90,000/lost tenant
Unlike common HVAC issues and comfort calls, network breaches carry much more backlash that stretch the limits of your tenant relationships – Which makes sense figuring you may have cost them hundreds of thousands of dollars.
Half of those reading write off articles like this as a “doomsday” scare tactic – The remainder think it will never happen to them.
Our advice? Have someone on your staff or a provider search for your building automation system on the Internet and see what you find. If you happen to come across your IP-address you need to hire an IT provider to put your building automation system behind a secure firewall.
Total costs to secure your system: $4,000.00 – 5,000.00
Total costs if you get hacked: $500,000 – $3,000,000.00
May the odds ever be in your favor!
My name is Zach Denning and I’m the CEO and owner of EnerDapt, Inc. We’ve developed an HVAC AI software platform that strengthens relationships between service providers and property management, while reducing operating costs 18-22%. You can reach me at [email protected] or visit our website at www.enerdapt.com