The Cyber Threat

Landscape in
Today’s Buildings
CYBERATTACKS AGAINST CRITICAL INFRASTRUCTURE ARE INCREASING EVERY YEAR.
An important piece of critical infrastructure that needs cybersecurity protection is our buildings. Most of
today’s commercial buildings are considered “smart” because of the high level of automation and
connectivity among the systems that manage functions like HVAC, physical security, lighting, energy, and
more. The graphic below shows some of the threat vectors within buildings and the potential
consequences of a successful cyber attack on each.

HUMAN Building Management

ACCESS Workstations Workstations CLOUD
POINTS

Network Switch

IP Camera Building Solar IoT Building Lighting

Controller Arrays Gateway Controller Bridge

NVR Uninterruptible EV Smart Motion

Power Supply Chargers Light Sensor
(UPS)
Badge Door Thermostat Fan
Reader Lock

Display Smart Sensor

Plug

VIDEO SURVELLIANCE ACCESS CONTROL CONNECTED HVAC SMART LIGHTING

SYSTEM SYSTEM DEVICES SYSTEM SYSTEM

Gaining access to a VSS is
easier than you’d think
because of the use of
insecure streaming protocols
and substantial cloud
connectivity.
POTENTIAL IMPACTS OF A
SUCCESSFUL ATTACK:
• Tampering with video
footage to mask malicious
activity (Denial of View,
Loss of View,
Manipulation of View,
Damage to Property).
• Compromise of other
operational systems or the
corporate network
(Lateral Movement, Theft
of Operational
Information).
Access control systems are
notoriously lax on
cybersecurity and easily
accessed from the internet.
POTENTIAL IMPACTS OF A
SUCCESSFUL ATTACK:
• Locking employees or
customers in or out of an
area via a DoS attack
(Denial of Control, Loss of
Control, Manipulation of
Control).
• Compromise of other
operational systems or the
corporate network
(Lateral Movement, Theft
of Operational
Information).
Energy systems are highly HVAC systems are a notorious
critical, especially for data threat vector because of the
centers and control rooms. highly publicized Target hack,
This heavily networked but the consequences of these
environment is often attacks can be far more serious
connected to the cloud, than stolen credit card data.
making it an easy target for
attackers. POTENTIAL IMPACTS OF A
SUCCESSFUL ATTACK:
POTENTIAL IMPACTS OF A
SUCCESSFUL ATTACK: • Tampering with the
temperature of a refrigerated
• Operational downtime storage facility or data center
resulting in product loss or
• Emergency evacuation of network downtime (Loss of
a building (Loss of Safety, Availability, Loss of
Damage to Property, Loss Productivity and Revenue,
of Control, Denial of Damage to Property).
Control)
• Emergency evacuation of a
• Compromise of other building (Loss of Safety,
operational systems or the Damage to Property, Loss
corporate network of Control, Denial of
(Lateral Movement, Theft Control)
of Operational
Information). • Compromise of other
operational systems or the
corporate network (Lateral
Movement, Theft of
Operational Information).
To gain the energy saving
benefits of smart lighting,
these systems must be
connected to the internet,
and often, the cloud. This
connectivity opens up these
systems to cyber attacks.
POTENTIAL IMPACTS OF A
SUCCESSFUL ATTACK:
• Turning off lights in a
critical area through a DoS
attack (Loss of Availability,
Loss of Control, Denial of
Control, Manipulation of
Control).
• Compromise of other
operational systems or the
corporate network
(Lateral Movement, Theft
of Operational
Information).

Buildings need cybersecurity protection more than ever because of increased cyberattack activity by
everyone from hacktivists to nation states, combined with the fact that building management systems are
heavily networked, mission-critical, and often connected to the cloud. To learn more about how Industrial
Defender can help you keep all of these systems secure, visit our Building Defender™ page.

view building defenderTM page

© 2021 iDefender LLC All Rights Reserved