By: Jason D. Mills, Director of Marketing and Communications

Building cyber security is crucial to keep data safe from hacking and theft. Building cyber security is the practice of protecting building automation systems (BAS) and the devices used to run a facility’s critical infrastructure. BAS typically includes automation systems for HVAC, lighting, fire safety, electric power, life safety and security that are connected into an IP-based system.

When these devices are connected in a networked environment with proper authentication protocols it can be very difficult for hackers to access them without authorization. This reduces the risk of cyberattacks on your facility’s BAS and critical infrastructure while still giving you access to important information that helps you run your facility efficiently and profitably

More recently, Internet of Things (IoT) devices have been added to the network as sensors and devices used to provide many different types of data to help run a building more efficiently or provide building occupants or visitors with amenities.

Traditional IoT devices are things that do not run on a computer operating system or connect to the public internet. These types of systems can be secured using traditional IT practices by restricting access through firewalls and proxies. The security concerns with this type of system are related to how they communicate with other applications: if they can be accessed remotely, then they could provide an opening for hackers to get access into your network infrastructure (i.e., servers).

Building cyber security is crucial to keep data safe from hacking and theft.

Building cyber security involves the implementation of a set of policies, processes and procedures that ensure a company’s information assets are protected against malicious attacks, including but not limited to:

• Data breaches
• Denial-of-service attacks (DoS)
• Malicious code (e.g., viruses)

How does building cyber security work? Building cyber security starts with identifying your current system vulnerabilities through penetration testing, which involves testing your systems against real-world threats in order to identify weaknesses that can be exploited by attackers. Penetration tests should take place regularly so you’re able to detect and address vulnerabilities as they emerge; however, some businesses opt to take a more proactive approach in their building cyber security by implementing world class solutions such as the TOSIBOX^® industrial router, the TOSIBOX intelligent cryptoprocessing device, or Veridify’s DOME^™ (Device Ownership Management and Enrollment) solution – saving them hundreds of thousands of dollars to recover from a devastating cyber attack. Once these risks have been identified, you can create an action plan for addressing them—typically involving changes to network configurations, infrastructure, or data encryption technologies—and begin implementing those changes immediately so no further damage will occur once hackers get past whatever defenses currently exist around the perimeter where your systems reside.

It’s important for building owners and operators to understand how their BAS and IoT devices are connected and how they can be protected from cyber threats. If you’d like to learn more about the TOSIBOX, DOME or how the BuildingGeniuses^® at KMC Controls^® can optimize your building cyber security, reach out to us today!