Threats to building control systems (BCS) have grown exponentially in the past two years. More importantly, the attacks on BCS have grown at an even higher rate. How can that be? Easy — there have always been threats to control systems. However, successful attacks are becoming more frequent, growing in intensity, and wreaking more havoc. In 2019, there was a 400 percent increase in attacks and 2020 is shaping up to a 600 percent increase.
Attacks are not the only thing causing disruption of service to BCS. Informational technology (IT) is becoming more involved in securing control systems and their networks. This is a good thing. However, IT software, processes, and procedures are also causing interruptions in operations and damage. These systems and their devices require a different approach.
Over the past few years, Intelligent Buildings, LLC (IB) has completed cybersecurity risk assessments across the United States, Canada, and overseas. The results of these assessments showcase that attacks and self-inflicted wounds are typically caused by well-meaning facility personnel not following basic best practices.
The most common attack is ransomware. Ransomware is malicious software that locks all the files on a PC or server until either a ransom is paid, or the PC or server is wiped clean and reloaded. The delivery of ransomware is typically through email, but it can come from social media sites. Ransomware makes up 80 percent of the attacks to control systems.
