Latest from Columns

photoeverywhere.co.uk
Daikin Europe
Thornton Tomasetti
Getty Images 182409390_142261
OSHA
61 Mip Y9ch El Ac Uf894,1000 Ql80
Atlanta_istock

Editor's Note: Did you hear about Atlanta?

April 3, 2018
From our April issue... If you think ‘digital extortion’ can’t happen to you, then think again. It's 2018. Everyone needs a cyber defense strategy now.

Spring is a time for hope, so I want to be hopeful here. But we also don’t want to be irrelevant Pollyannas. So my “hope” at the moment is that our HPAC audience is paying attention to what happened in Atlanta last month, and what may be happening in their neck of the woods very soon, if not already.

In short, a major American city with 8,000 municipal employees and the world’s busiest airport was held hostage for a week by a ransomware cyberattack that shut down city websites, blocked e-mail communications, stifled services and even cut off free Wi-Fi for travelers. And the ransom demand was ingeniously smaller than the cost of a criminal investigation: $51,000, payable only in Bitcoin. A March 28 headline in The New York Times hinted at the event’s significance: Cyberattack Hobbles Atlanta, and Security Experts Shudder.

At press time, as local and federal law enforcement authorities continued to investigate, the city had not admitted whether or not it paid the ransom. But city employees were once again working at their computers, and Atlanta was largely back to normal. Still, which community will be next?

In recent months, “digital extortionists” have visited the suburbs of Dallas, Denver, Birmingham AL, and Albuquerque NM. “The assault on Atlanta’s computers is a vivid example of the perils local governments face in the internet age,” noted the Times. “They are seen as more vulnerable than private businesses, both in their technology and in their limited ability to tolerate system failures and down time.”

Think about that...

If you are an HVAC contractor working for a local municipality, or school district, your cybersecurity defense systems likely are better than theirs. That should give pause to quite a few of you. In other words, if you are not the weak link in any cyber business chain that you may be part of, then you may actually be working for the weak link, and therefore, just as vulnerable. So, what to do?

Well, don’t despair. But do act.

As cybersecurity expert and keynote Nick Espinosa told the MCAA Convention in San Antonio last month, “If I am trying to hack a massive corporation, I am going to go through the HVAC company, the plumbing company, or anyone with access that does not have a cyber defense strategy as effective and as expensive as the massive corporation’s. Hackers are always going to exploit the easiest way to get into a network.”

Is that you? Recall that it was a mechanical contractor that was the weak link in the epic Thanksgiving Eve breach of Target Corp. in 2013. That event ultimately exposed more than 70 million customers to hackers and caused the owner to pay $18.5 million in damages to 47 states attorneys general just last May.

Unfortunately, that was a wake-up call that not many in our industry heard. But the message is even louder today. As our own cybersecurity columnist Michael Chipley noted earlier this year, “All DoD contractors and vendors are now required to have a Cyber Risk Management Plan in place for their IT business systems… Are you ready?”

Answering ‘Yes’ to that question does not have to break the bank, but it does require common sense proactive measures that can no longer be put off.

About the Author

Rob McManamy | Editor in Chief

An industry reporter and editor since 1987, McManamy joined HPAC Engineering in September 2017, after three years with BuiltWorlds.com, a Chicago-based media startup focused on tech innovation in the built environment. He has been covering design and construction issues for more than 30 years, having started at Engineering News-Record (ENR) in New York, before becoming its Midwest Bureau Chief in 1990. In 1998, McManamy was named Editor-in-Chief of Design-Build magazine, where he served for four years. He subsequently worked as an editor and freelance writer for Building Design + Construction and Public Works magazines.

A native of Bronx, NY, he is a graduate of both the University of Virginia, and The John Marshall Law School in Chicago.

Contact him at [email protected].