Mechanical systems, thermostats, life and safety systems, elevator control, smart metering: all the functions of a building can be subject to the whims of hackers.
In the June issue of Contracting Business.com magazine, I wrote an editorial (First Word, "Living with Technology") about how technology is both a blessing and a curse to the mechanical systems trades. The blessings are many. From wireless sensors and controls, to the use of solar in residential and light commercial applications, from managing system functionality, to controlling a building or a campus from an IPad, smart technology is broadening horizons and creating unique opportunities for HVACR contractors in both the commercial and residential marketplaces.
But is it also opening the door to hackers? Is it leaving our homes and our commercial buildings vulnerable to outside spying and, if so, what can be done about it?
In our sister magazine, HPAC Engineering, author J. Christopher Larry, director of energy engineering for exp, Richmond, VA, wrote an article entitled, "Can You Protect Your BAS Networks From Hackers? " In it he says, "Security professionals are analyzing and discussing the pitfalls presented by hackers. Even Hollywood has taken notice: Several films have explored the topic of unauthorized control of building-control systems. Can you secure your networks? The true answer is, 'It depends.'"
In the August 1, 2013 edition of the Wall Street Journal, reporter Danny Yadron's article, "'Smart Homes' Are a Hacking Risk," highlights a recent Las Vegas convention for computer researchers -- also known as hackers -- where they gathered to show the many ways they can "make new pieces of technology do terrible things," as well demonstrate ways to prevent a house or building from becoming compromised.
In his article, Yadron writes, "Hacking isn't limited to computers and smart phones. When Chinese hackers recently struck the U.S. Chamber of Commerce in Washington, D.C., a thermostat in a townhouse owned by the Chamber was found to be beaming signals back to China."
Yes, even a thermostat. Today, wireless technology is being built into everything: sensors, controllers, thermostats, mechanical systems equipment, lighting systems, security systems, fire/safety controls, even light bulbs and toilets.
It begs the question: If a thermostat can be so compromised, what about a smart meter and ultimately our national power grid?
In the residential marketplace, the advent of wireless hubs for consumers to control a variety of home network devices could be the culprits that enable hackers to break in.
Apparently, there are many technical ways to battle security issues. But according to Yadron's article, the hackers said it's easier than all that -- just don't put sensitive devices like door locks, computers with financial information, and security systems on the network. Even better, unplug those devices when you're done using them.
Not such an easy answer in the commercial space.
My thought is this: In the HVAC mechanical systems industry, we all have to be cognizant of the potential liability and health/safety concerns that a compromised control network in our customers' buildings brings to bear on all stakeholders. This includes from the manufacturing level through the installation and servicing of those products. It's unfortunate that such a wonderful technology provides opportunity for the unscrupulous, but by designing systems and products that provide countermeasures, and by making sure hacking is considered in all installations, we can put a dent in this growing problem.
For some specific suggestions on what to do from a design standpoint, read Christopher Larry's article in HPAC -- it provides six steps to reduce a building or a home's vulnerability.
If you have any thoughts on this, or would like to share some "war stories" on where you may have encountered hackers, please leave a comment below, send me email, or a tweet. We'd love to gather some interesting stories for potential future editorials.