Cybersecurity in Building Automation Systems (BAS)
Vulnerabilities in smart buildings are very dangerous because they open these buildings up to the possibility of large-scale cyberattacks. Although we haven’t yet seen malware specifically crafted for smart buildings, malware for ICS have seen enormous growth in the past decade and are getting increasingly common.
To anticipate this threat, the OT Research Team at Forescout has conducted in depth analysis and research of vulnerabilities and malware unique to BAS. There were three key objectives:
1. Understand the level of risk for building automation systems. Entailing the differences between ICS and BAS in terms of security and safety concerns, and whether there is risk posed by exposed IoT and BAS connected devices
2. Demonstrate how a group of researchers could uncover and exploit dangerous vulnerabilities in popular BAS devices
3. Demonstrate the detection capabilities of SilentDefense, a leading network monitoring and threat detection tool for OT networks
Download this white paper to discover an investigation of the current state of cybersecurity in building automation systems (BAS) and analysis of a proof-of-concept malware created by Forescout’s OT research team.