• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • CATEGORIES & PRODUCTS
    • Categories


      BACnet

      Building Automation

      Cloud Computing

      Cybersecurity

      Data Visualization

      Edge Computing

      Energy Efficiency

      EtherNet/IP

      FieldServer

      HVAC-R

      Industrial Automation

      IoT

      Modbus

      Predictive Maintenance

      Remote Connectivity

      Utilities

      Products


      FieldServer

      FieldServer Manager

      FieldVEU

      Fixed Gas & Flame Detection

      Parasense

      Column
  • SUBSCRIBE

OEM Cybersecurity Strategies to Help Prevent Data Theft

3 Min Read | Sep 10, 2024

Reading Time: 3 minutes Cyberattacks on HVAC and other automation systems are becoming alarmingly common, but the real issue lies in securing IoT devices used in Building Management Systems (BMS). As cyberthreats grow more sophisticated, it’s crucial for OEMs to stay ahead of these dangers.

September 10, 2024 by Melina Mangino

Reading Time: 3 minutes

Hardly a day goes by without news of cyberattackers breaching HVAC and other automation systems and causing major disruptions. Rather than rehashing the headlines, let’s zero in on the real issue: cybersecurity for OEMs who develop Internet of Things (IoT) devices for Building Management Systems (BMS).

First, let’s acknowledge the obvious: cyberthreats are and will continue to become more numerous and sophisticated. Second, it’s incumbent upon original equipment manufacturers (OEMS) to keep abreast of how these threats are evolving so they (and perhaps, you) can continue to evolve IoT device cybersecurity strategies to thwart potentially crippling attacks.

Keep reading to learn more about what you can do to help ensure robust internet and cloud security for BMS automation systems in large commercial buildings, industrial facilities, entertainment complexes, and industrial plants.

Key Takeaways:

  • Connected systems can be especially vulnerable to cyberattacks with data theft being the most common impact.
  • OEMs should consider holistically integrating cybersecurity measures into their product development and product update lifecycle.
  • OEMs can help mitigate incidents by adopting cybersecurity best practices.

Cybersecurity by the Numbers

84%

of all critical incidents that could have been mitigated with cybersecurity best practices

71%

increase in cyberattacks using compromised credentials

32%

of all cybersecurity incidents are data theft-related

30%

increase in security misconfigurations

28%

of all cyberattacks are manufacturing related

Source: IBM® X-Force® Threat Intelligence Index 2024

Cybersecurity Challenges in Building Management

Modern building management systems (BMS) and the IoT equipment, sensors, and devices they control are high-tech and complex—and so are the cyberhackers that go after them. Hackers keep upping their game, continually looking for new ways into and around building equipment and systems and the cloud. Their goal? To steal and leak data, extort money, harvest credentials, ruin organizational reputations, and create general destruction.

Because IoT devices are essential in critical infrastructure in today’s connected world, and because these IoT devices collect, store, and share information with each other and the cloud, they’re highly vulnerable to cyberattack. As such, it’s imperative that IoT devices be designed with maximum security in mind as a means of helping prevent unauthorized access.

Here’s a high-level look at some of the most common ways hackers exploit IoT device vulnerabilities so they can infiltrate operational networks.

Improper Configuration

IoT devices that are not properly configured often feature default or weak usernames and passwords. In addition, improperly configured devices often have little to no data encryption. Yet, without strong authentication measures and encryption, attackers can more readily intercept communication, steal credentials, and mine sensitive data.

Outdated Software and Firmware

In systems that lack current software updates, firmware, and security patches, hackers can enter through open ports, execute code, and otherwise breach systems.

Weak Authentication and Controls

Insufficient access controls and authorization mechanisms essentially give hackers carte blanche to access connected devices and systems. As a result, hackers can spread malware, conduct malicious activity on a widespread scale, and launch DDoS (distributed denial-of-service) attacks.

Lack of Real-time Monitoring and Notifications

A slow response to monitoring and alerts can give hackers ample time to breach systems and inflict damage, including manipulating or extracting data, promoting false alarms, spreading malware, and establishing backdoor access for future attacks.

Download our free white paper to learn how to create your Cybersecurity for Connected Automation today.

Download the Whitepaper

Cybersecurity Best Practices

Because smart equipment continuously reports device status and self-diagnostics for predictive maintenance to the BMS and the cloud, it’s essential to extend maximum cybersecurity measures and strengthen security all the way down to the OEM IoT equipment level.

Here are the cybersecurity practices we suggest to our clients—and the same security practices that we use for our FieldServer gateway solutions and MSA Grid platform.

Multi-layered approach with redundant layers of security.

  • Authentication:
    • Unique password requirements/rules.
    • Industry-standard password complexity.
  • Encryption:
    • Encrypted user credentials.
    • Encrypted connections for data transit and storage (data at rest).
  • Testing, Standards, and Certification:
    • Compliance/certification with the most widely recognized information security standard, ISO 27001.
    • Third-party penetration testing and independent review of security controls.
  • Authorization:
    • Varying levels of authorization, access, and user roles.
    • Signed and user signed SSL certificates.
  • Network Security:
    • Hardening of IP interfaces on the gateway.
    • Isolating internal components from other system parts to control dataflows.
  • Backups:
    • Frequent, consistent backup procedures.
    • Encrypted backups.
    • Backup restoration testing.
  • Access and Infrastructure:
    • Background checked employees.
    • Monitoring access.
    • Enabling and logging manual access.
  • Physical Security:
    • Leverage multiple data centers to distribute service.
    • Ensure physical security through AWS, one of the most flexible and secure cloud computing environments.

Preventing BMS Security Breaches

Now that you’ve learned more about the challenges behind building management system security and some of the best practices for preventing attackers from disabling the automated systems that provide building security, fire safety, communications, lighting, HVAC, and equipment on the factory floor, you can empower yourself to better anticipate and thwart future threats. To learn more about how FieldServer can help, schedule a demo or talk to an MSA Sales Representative today.

Recommended for You

Cybersecurity

Digital Safety in a Connected World: Taking Cybersecurity Seriously

October 26, 2023
3 Min Read
Cybersecurity

Why Security Is the New Normal

February 7, 2023
3 Min Read
Cloud Computing

Understanding the Security of the MSA Cloud

December 22, 2021
3 Min Read
Cybersecurity

Cyber Safety: How MSA FieldServer Strengthened Security

November 30, 2021
3 Min Read
Share:

Footer

MSA MISSION: That men and women may work in safety and that they, their families, and their communities may live in health throughout the world.

Visit Our Sites

  • FieldServer Solutions
  • MSA
MSA on Facebook   MSA on X   MSA on LinkedIn  

Contact

  • blog@msasafety.com
  • 1-800-672-2222
  • View All Contact Info
  • Subscribe

Other MSA Blogs

  • Industrial – Spotlight on Safety
  • Fire Service – The Scene

© 2024 MSA. All rights reserved.