Preventing Physical Damage from Cyberattacks

The term “cybersecurity” typically conjures up images of digital warfare between implacable hackers bent on world domination and stalwart IT defenders determined to protect critical national defense and financial systems. Of course, there is some truth to this. All too often, though, security vulnerabilities are much closer to home, much simpler, and in some ways more concerning precisely because they can affect our everyday lives.

The threat

Energy management and control systems (EMCS) are seldom top-of-mind for the general public. More than 99 percent of the population will have never heard the term. An EMCS is in some ways a glorified thermostat that ensures the conditions within a building remain comfortable. Normally, there is no cause to worry about it. But EMCS, and similar systems called supervisory control and data acquisition (SCADA), actively control equipment whose proper operation is fundamentally critical to functional buildings.

Any modern office building, school, hospital, data center, university or military facility is served by large, complicated mechanical systems that provide heating, cooling, and ventilation. Shutting down any of these mechanical systems threatens the function of the facility. A data center, for example, cannot operate without air conditioning for more than a few minutes. Sabotaging a building does not necessarily require attacking it directly; it can be as simple as shutting down a fan or a boiler at the right moment.

How we got here

Historically, EMCS security was never an issue. These systems existed out-of-sight, tucked away deep in boiler rooms, isolated from most other operations.


To read the full article, click here.