Easy VRF & DSS Integration Solutions for BACnet, Modbus, Wifi
We Can Learn From the Target Cyber Incident
| Marc Petock,
Vice President Marketing,
Lynxspring and Connexx Energy
The Target incident is another example of a cyber-incident that struck close to our industry and is another stark wake up call to businesses to be more vigilant and to take more preventative care when it comes to the cyber security of their assets. HVAC systems were in the spotlight and sparked discussions in just about every circle from building owners, to facility management, to contractors, integrators, to IT and security. Attacks like this erode confidence about our industry and some of the technology and services we deliver.
As the discussions and fallout continue and the painful after effects occur (Target is facing losses of billions of dollars, countless numbers of lawsuits, their brand has suffered greatly, they have lost the trust of their customers and given them a reason to shop somewhere else), while many details about the incident remain to be questioned, there are several things we can learn from it.
Cyber-attacks cause significant issues and have major strategic business and operational implications. All it takes is one opening in a device, a fault in an application, software vulnerability, poor remote access, inadequate credentials management and encryption methods, insufficient segmentation or improper setup and control within a network to give cyber criminals access to sensitive data and an opening to go wherever they want to.
are facing non-traditional approaches from more vectors than ever
before.This latest revelation is yet another example that access
through one means can be an entry point into another and the damage is
not just physical or operational disruption, it’s also is monetary, has
social consequences, generates negative publicity, causes loss of
customer confidence, comes with potential lawsuits, and has direct
incident has also put remote access in the spotlight. It is part of our
service delivery; don’t lose sight of the many advantages and business
value secure remote access provides (key word here secure).
Remote access increases service efficiency, provides a higher level of accountability, improves decision making, provides a higher level of analytics, enables higher levels of equipment performance and operational efficiency. It reduces maintenance costs, enables for the monitoring of equipment for service requirements and warranties, and provides immediate access to troubleshoot to quickly solve equipment issues. Secure remote access can spot likely failures before they occur, enable a proactive versus reactive service level, manage equipment repairs better, maximize service provider efficiency and effectiveness and ties together an ecosystem of disparate systems and equipment.
Business and operations today still are not sufficiently protected against cyber-attacks in spite of all the headlines, and coverage. There are large sums of money in play and the stakes are high. Company’s need to have consistent security protection. Building management cyber security should be part of an overall risk management process and managing cyber risks related to these systems should be a part of a company procedure.
Cyber security truly is a shared responsibility (you have heard me say this repeatedly) among technology providers, integrators/contractors and end users. It requires collaboration across a host of business functions. Enlist facility personnel, building owners and IT and get them to understand the business risks associated with insufficient cyber security practices.
part of the value chain, integrators and contractors need to examine
and review their own security practices within their organizations and
how it relates to their customers. Also take the time to review all of
your deployments and the security of these installations to ensure the
systems and networked devices are properly protected. Integrate a
cyber-security strategy for the systems and secure remote access to
them with additional layers of defenses into all new deployments.
Owners and facility management don’t overlook the security of your supply chain providers. Cyber-attacks can come through third parties and a breach in one partner’s environment can easily propagate across today’s connected systems. Have steps in place to supervise provider activity within your network and ensure that appropriate security controls and procedures are in place.
companies connect to each other, they should be aware of what the other
is doing with regard to security; otherwise, they may be opening
themselves up for a major breach. Any company, when asked, should be
able to verify and document how they manage information security,
including password policies, patch management, hardening systems,
network management, and audits, just to name a few.
The Target incident does have an upside; we can learn from it and be more diligent moving forward. Maintaining a strong security posture is vital. We should take action and whether you are an integrator, contractor, building owner, in facility management or IT, ask yourself, “is a cyber incident worth the risk?”
About the Author
Marc Petock is Vice President, Marketing at Lynxspring and Connexx Energy where he leads corporate and product marketing strategy and execution, brand management, public relations and communications to support both companies strategic and growth initiatives.
along with Netop recently launched LYNX CyberPRO the industry’s first
cyber-threat protection solution designed specifically to enhance the
protection of commercial building automation and energy management
systems. For more information visit www.lynxcyberpro.com.
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]