In the quest to maintain energy efficiency and stop employee thermostat fights, companies may be unknowingly exposing themselves and their data.
With the technology available nowadays, it just makes sense to add automated climate control and lighting to office buildings. Smart buildings are convenient… but they may come with unintended security risks.
Building control systems, often connected to the Internet and/or a company’s IT network, may not be outfitted with the same security measures that you would put around sensitive data. IBM’s X-Force security research group warns that hackers may view these systems as gateways to enter networks and steal data, or even physically sabotage the data centers themselves. "For example, you could affect the temperature of a data center, and cause not just a standard denial of service attack," says Chris Poulin, a research strategist with IBM X-Force. "You could actually melt down the systems by heating up the computer room."
IBM has recently performed tests on some automated building systems to detect weaknesses—software bugs, unencrypted passwords and opportunities to access multiple buildings at once—in an effort to help seal security holes and stay ahead of hackers.