In March, Contracting Business.com published a column titled, "Cyber Security and the HVACR Contracting Community," that addressed the growing vunerability of commercial buildings to Internet-based attacks. The article focused on an attack on Target retail stores and their customers that apparently happened through an unwitting mechanical contracting firm whose wireless billing systems had also been compromised.
Though such attacks aren't new, they are happening with such increased frequency, that there is major cause for alarm. According to the FireEye website, enterprises and government agencies are under virtually constant attack today. Significant breaches at RSA, Global Payments, ADP, Symantec, International Monetary Fund, and a number of other organizations have made headlines — and undoubtedly thousands more have occurred that we haven’t even heard about. Flame, Stuxnet, and a number of other cyber attacks have been uncovered that set an entirely new standard for complexity and sophistication.
Fundamentally, these developments make clear that the cybercriminals, nation-states, and hacker activists waging these attacks are growing increasingly sophisticated and more effective in their efforts to steal and sabotage. Leveraging dynamic malware, targeted spear phishing emails, elaborate Web attack,s and a host of other tactics, these criminals know how to bypass traditional security mechanisms like firewalls and next-generation firewalls, IPS, anti-virus (AV), and gateways...
This type of activity has given rise to a new industry dedicated to helping companies protect their data for a fee (FireEye is one such company).
But wait, there's more.
Even controls manufacturers are jumping into the frey since the attacks usually occur through the building control products and systems they build and that commercial HVAC contractors install in buildings across the country.