ACHRNEWS

Is it Time to Hire HVAC Security?

December 18, 2012

As technology becomes more prevalent and takes over more and more of our daily lives, it also becomes critically important to protect yourself and your company in the face of a rapidly-changing industry.

Just think of all the different ways people can access information these days. I’m sure many of you are reading this on something other than a desktop computer. Laptops are getting lighter and smaller by the minute, it seems, and tablets like the iPad and Amazon Kindle are popping up everywhere. And that’s not even mentioning the increased market share owned by data-hungry smartphones.

With all these devices floating around, there’s a ton of information out there. Unfortunately, if you aren’t safe, a lot of this information can be exploited by hackers, as was the case with a New Jersey company’s HVAC system.

As tech website ARS Technica reported, hackers took advantage of a flaw in an older version of Niagara AX Framework, which remotely controls boiler, heating, fire detection, and surveillance systems operations.

And guess what? Many government institutions use this Niagara system, as well.

The system gives a lot of sensitive and critical information to hackers, including floor plans and control areas, according to an FBI memo. The company set its system up with no firewall, and the “hack” was as simple as finding a backdoor entry into the system where no credentials were required to access the system.

A big lesson can be learned here. Hiring IT professionals to install and administer advanced systems should be mandatory. These people know what they’re doing and can make up their salaries by helping you avoid embarrassing and potentially damaging headaches such as this.

But, if an IT professional isn’t in the budget, even on a contract basis, please be smart about what you do. Don’t use default names and passwords. Consult someone to establish guidelines on how to handle system security to ensure they aren’t compromised. Ask your computer savvy nephew for help. Even if they don’t have direct answers, they sure can be helpful in finding some.

There’s no evidence these particular hackers used this information in an unsavory manner (some hackers just hack because they can), but with these flaws well-known and out there, examining the security of any system you use or install, whether its Niagara or not, should be an absolutely critical function of your business.