Defending BAS Against Hackers Is Facility Priority

When Target’s point-of-sale network was breached by hackers, who then stole millions of credit and debit card numbers, some early reports said the hackers had gained access to the Target network by way of the building automation system. As it turned out, that wasn’t true.

But if hackers are interested in breaking into an organization’s network, the BAS could be a starting point. And a recent Building Operating Management survey indicates that many facility departments aren’t taking basic precautions to protect their BAS from cyberattack.

The survey showed that 84 percent of facility managers who responded to our cybersecurity survey reported that they had a BAS connected to the Internet. Forty-three percent said that their BAS is on the enterprise network. And among the 65 percent who indicated their BAS is on a dedicated network, 35 percent said the BAS network was bridged to the corporate network — and another 29 percent weren’t sure if it was bridged or not.

Those network links mean a hacker who gains access to the BAS may have a back door to the corporate network. But only 29 percent of respondents said they are currently implementing, or have already completed, steps to improve BAS cybersecurity. Compare that to 35 percent who reported they are not taking any action — not even gathering information about cybersecurity. 

It’s easy to imagine a facility manager thinking that changing passwords is an unnecessary hassle. But today, cybersecurity measures are an important part of the facility manager’s job. Our BAS cybersecurity article in the January 2015 issue offers a starting point for tackling the new challenge.


It is with sadness that I report the passing of Angela Lewis, a colleague and member of the magazine’s advisory board. Her warmth, energy, and knowledge will be missed.