November 15, 2013, was the day that put cybercrime on the map in the U.S. commercial real estate world. In one of the largest data breaches on record, a team of hackers nabbed payment card records and personal information of nearly 110 million Target store customers worldwide.
The retail giant took a massive hit to its reputation, as well as its pocketbook. (Target reported a gross financial loss of $252 million related to the cybercrime.)
A little-known fact about the Target data breach that came to light months after the crime was how exactly the hackers gained access to the retail giant’s network: through the building systems infrastructure. The perpetrators swiped network credentials from an HVAC contractor who had performed refrigeration and HVAC work at one of the store locations. While the details remain sketchy—especially how an HVAC contractor’s credentials for access to building systems data provided a backdoor into Target’s payment system network—the case highlights the vulnerability of commercial real estate owners.
After years of talking about cyber security, owners and developers are starting to take action, and they’re leaning on their AEC partners for guidance and support. At a recent BD+C-hosted AEC industry roundtable in Chicago, several architects mentioned that cyber security is now a top concern of more than one of their major clients.
As buildings become “smarter” and increasingly connected—through advanced systems controls, communications protocols, building automation platforms, networked tenant devices, and Internet of Things technology—opportunistic hackers have countless avenues into a building’s network, to gain access to critical data or even take control of a building’s systems.
The number of installed IP-enabled, management-level HVAC controllers is expected to grow by 26% to 1.1 million worldwide by 2018. The vast majority of these systems—as much as 95%, according to building cyber security firm Intelligent Buildings—have insecure connections to the Internet. Two-thirds of controls vendors have remote access to clients’ building systems, and 92% of building systems computers are running outdated, insecure, or un-patched software. Most alarming: 40% of building control and monitoring systems have a potential backdoor to the corporate network, according to Intelligent Buildings data.
After years of talking about cyber security, owners and developers are starting to take action, and they’re leaning on their AEC partners for guidance and support. At a recent BD+C-hosted AEC industry roundtable in Chicago, several architects mentioned that cyber security is now a top concern of more than one of their major clients.
To date, there have been several confirmed and unconfirmed attacks on building systems, according to Fred Gordy, Intelligent Buildings’ Director of Cyber Security. They range from relatively innocuous cases (“lights have mysteriously turned off during entertainment and sporting events”) to potentially deadly episodes (“a German steel mill control system was hacked, and the alarms and operator overrides were disabled, resulting in a meltdown that poured molten steel in the building”). One confirmed case involved a hacker breaking into a generator control system and programming the generator to destroy itself. (Gordy says generators are especially easy targets because they are externally exposed and rarely under surveillance.)
If your clients haven’t yet reached out to inquire about cyber security, chances are it will happen soon, so you need to be prepared. Deloitte’s 2015 white paper on the topic is a good place to start.
More from Author
David Barista | Aug 15, 2019
3 ‘Giant’ AEC market trends for 2019-2020
We’re starting to see a shift toward custom research, thanks in part to the influx of data, data tools, and analytics expertise in the AEC market.
David Barista | Jul 31, 2019
Amenities war no more? Research report explores multifamily market
Multifamily developers show no signs of pulling back on specialty spaces and unique offerings in an effort to attract high-quality tenants, according to new research from Multifamily Design+Construction.
David Barista | Dec 30, 2016
An open letter to the AEC C-suite
Women AEC professionals need you to take action.
David Barista | Sep 6, 2016
Innovation intervention: How AEC firms are driving growth through R&D programs
AEC firms are taking a page from the tech industry, by infusing a deep commitment to innovation and disruption into their cultural DNA.
David Barista | Jun 27, 2016
If ‘only the paranoid survive,’ what does it take to thrive?
“Sooner or later, something fundamental in your business world will change.” The late Andrew Grove (1936-2016), Co-founder of tech giant Intel Corp., lived by these words.
David Barista | May 9, 2016
Is the nation’s grand tech boom really an innovation funk?
Despite popular belief, the country is not in a great age of technological and digital innovation, at least when compared to the last great innovation era (1870-1970).
David Barista | Mar 31, 2016
Deep Learning + AI: How machines are becoming master problem solvers
Besides revolutionary changes to the world’s workforce, artificial intelligence could have a profound impact on the built environment and the AEC industry.
David Barista | Feb 24, 2016
Is the booming freelance economy a threat to AEC firms?
By shifting the work (and revenue) to freelancers, “platform capitalism” startups have taken considerable market share from traditional businesses.
David Barista | Jan 26, 2016
How the Fourth Industrial Revolution will alter the globe’s workforce
The next great technological metamorphosis will be unlike anything humankind has experienced before, due to the sheer size, speed, and scope of disruption.
David Barista | Jan 5, 2016
Potential vs. credential: How men and women differ in career progress
Recent research suggests that women face yet another career impediment: the confidence gap.