Latest from Building Automation

Modular Building Institute
Airthings
Ventilation Rate Sensors for IAQ-primary
HireSpace.com
Robert ChurchilliStock

IT Pros Advised on Preventing BAS Hacking

Jan. 7, 2015
Gordy explained that by looking for meta-characteristics, or patterns, that do not fit the normal routine, IT professionals can tell if their systems have been hacked.

Robert Churchill/iStock

During a Realcomm Real Estate CIO Forum in Atlanta Nov. 20, Fred Gordy, operational technology manager for McKenney’s Inc. and chairman of the InsideIQ Building Automation Alliance Cybersecurity Committee, explained simple but effective ways facility operators can guard against hackers.

“Social engineering is the process of engineering a situation to your advantage,” Gordy said. “For hackers, this means obtaining account information through spying, misrepresentation—such as by impersonating someone—or other means in order to gain access to a network. IT (information technology) managers need to be aware of this practice and understand that many networks are actually hacked using legitimate log-in information.”

Gordy explained that by looking for meta-characteristics, or patterns, that do not fit the normal routine, IT professionals can tell if their systems have been hacked. For example, a building may typically have 20 setpoint changes in a week during the summer, always between 2 p.m. and 4 p.m.

“If analytics reveal variations to a pattern—for example, 20 setpoint changes late on a Saturday night—then IT staff can look at these instances more closely and determine if a hack occurred,” Gordy said.

About the Author

Scott Arnold | Executive Editor

Described by a colleague as "a cyborg ... requir(ing) virtually no sleep, no time off, and bland nourishment that can be consumed while at his desk" who was sent "back from the future not to terminate anyone, but with the prime directive 'to edit dry technical copy' in order to save the world at a later date," Scott Arnold joined the editorial staff of HPAC Engineering in 1999. Prior to that, he worked as an editor for daily newspapers and a specialty-publications company. He has a bachelor's degree in journalism from Kent State University.