October 13, 2020

Midsize-to-large commercial and industrial buildings often rely on building management systems (BMS) to control and monitor their ventilation, lighting, fire, power, and other crucial mechanical or electrical equipment. In recent years, BMS have become increasingly interconnected with other operational technology (OT) systems. Connectivity between BMS and these systems and equipment means that effective security is absolutely imperative. Any threat to a BMS is also a threat to what that BMS controls and monitors—whether it be temperature, humidity, electricity, or even building access or elevators.

Like other forms of enterprise technology, BMS have undergone rapid digital transformation in recent years, shifting toward smart, connected systems to take advantage of performance improvements, reduced energy consumption, and cost efficiencies. But like all forms of digital transformation, connecting formerly isolated BMS assets to the internet and an organization’s internal network introduces additional cyber risk. And yet, BMS are often overlooked as a potential weak point in an organization’s defense perimeter, because security teams are preoccupied with protecting more traditionally targeted IT and OT assets.

Inflicting Damage Through Targeted Attacks on BMS

In July 2019, the U.S. Department of Homeland Security issued an advisory for a vulnerability present in a widely used smart building automation system for monitoring BMS functions such as air conditioning, heating, and door locks through a web-based interface. If exploited, the vulnerability could enable an adversary to gain full system access, thus allowing them to manipulate building temperatures directly, or compromise the physical security of sites.

For instance, data centers rely on BMS to ensure servers operate within a safe temperature range, typically between 64 and 80 degrees. A cyber attack that manipulates or disables climate controls could result in the breakdown or destruction of data center equipment or overheating—or, worse yet, start a fire that could endanger human life and the physical facility. Even relatively mild temperature disruptions can cause data loss or significantly reduce the useful life of data center equipment.

Given these potential impacts, the BMS of enterprises with server-intensive operations—such as banks, social media sites, or other online platforms—are attractive targets for adversaries who wish to destroy proprietary data, damage critical infrastructure, or cause service outages.

BMS can also play a crucial role in supporting manufacturing processes sensitive to temperature or humidity, such as the production of electronics, food and beverages, or pharmaceutical products. As such, an adversary could target the BMS of industrial sites to tamper with these conditions to compromise the quality of production output, potentially leading to significant loss of revenue.

Overcoming BMS Security Challenges with Claroty

Without the right technology in place, security personnel often lack the ability to monitor BMS in a centralized, comprehensive way. For many enterprises, this challenge is exacerbated by a decentralized workforce amid the ongoing pandemic, necessitating secure remote access to BMS monitoring and alert investigation tools and resources.

The challenges don’t end with gaining visibility into BMS; security teams must also be able to accurately identify and investigate potential threats to process integrity and other abnormalities requiring remediation. Even if a SOC analyst is able to monitor temperature, humidity, and other BMS process values, this information is of little use without insight into whether these metrics differ from the normal range, and if so, the root cause underlying these abnormalities.

And when it comes to vulnerability management, the critical nature of BMS and low tolerance for disruptive downtime often means that teams are only able to patch the vulnerabilities that pose a genuine threat to their organization. However, determining which vulnerabilities pose the greatest risk is often easier said than done.

The Claroty Platform delivers the highest caliber of visibility into enterprise OT environments, including BMS, offering insight into granular process values and asset attributes. This extreme visibility is complemented by state-of-the-art threat detection designed to detect anomalies—as well as known attack patterns and indicators of compromise—while weeding out false positives, along with other alert management features purpose-built to help teams overcome alert fatigue while supporting effective decision making. Furthermore, The Claroty Platform’s vulnerability prioritization capabilities not only pinpoint security flaws within an organization’s BMS environment, it also assesses the risk posed by each vulnerability based on unique situational factors, thus supporting effective patch management.

To learn more about how Claroty can help your team overcome its own unique BMS and OT security challenges, request a demo.