Editors Blog

Is it Time to Hire HVAC Security?

December 18, 2012

As technology becomes more prevalent and takes over more and more of our daily lives, it also becomes critically important to protect yourself and your company in the face of a rapidly-changing industry.

Just think of all the different ways people can access information these days. I’m sure many of you are reading this on something other than a desktop computer. Laptops are getting lighter and smaller by the minute, it seems, and tablets like the iPad and Amazon Kindle are popping up everywhere. And that’s not even mentioning the increased market share owned by data-hungry smartphones.

With all these devices floating around, there’s a ton of information out there. Unfortunately, if you aren’t safe, a lot of this information can be exploited by hackers, as was the case with a New Jersey company’s HVAC system.

As tech website ARS Technica reported, hackers took advantage of a flaw in an older version of Niagara AX Framework, which remotely controls boiler, heating, fire detection, and surveillance systems operations.

And guess what? Many government institutions use this Niagara system, as well.

The system gives a lot of sensitive and critical information to hackers, including floor plans and control areas, according to an FBI memo. The company set its system up with no firewall, and the “hack” was as simple as finding a backdoor entry into the system where no credentials were required to access the system.

A big lesson can be learned here. Hiring IT professionals to install and administer advanced systems should be mandatory. These people know what they’re doing and can make up their salaries by helping you avoid embarrassing and potentially damaging headaches such as this.

But, if an IT professional isn’t in the budget, even on a contract basis, please be smart about what you do. Don’t use default names and passwords. Consult someone to establish guidelines on how to handle system security to ensure they aren’t compromised. Ask your computer savvy nephew for help. Even if they don’t have direct answers, they sure can be helpful in finding some.

There’s no evidence these particular hackers used this information in an unsavory manner (some hackers just hack because they can), but with these flaws well-known and out there, examining the security of any system you use or install, whether its Niagara or not, should be an absolutely critical function of your business.

You must login or register in order to post a comment.



Image Galleries

2014 ACI Home Performance Conference

The 2014 ACI National Home Performance Conference & Trade Show was held in Detroit.


NEWSMakers: Michael Willburn

Michael Willburn, president, Infloor Heating Systems, joins the program to discuss his company, radiant heating, industry trends, and whether contractors are becoming more interested in radiant heating. Posted on July 11.

More Podcasts


NEWS 07-21-14 cover

2014 July 21

Check out the weekly edition of The NEWS today!

Table Of Contents Subscribe


Some in the industry are calling for the EPA to halt production of R-22 as of 2015. What do you think?
View Results Poll Archive


2014 National Plumbing & HVAC Estimator

Every plumbing and HVAC estimator can use the cost estimates in this practical manual!

More Products

Clear Seas Research


Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications, Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Magazine image
Register today for complete access to ACHRNews.com. Get full access to the latest features, Extra Edition, and more.


facebook icontwitter iconyoutube iconLinkedIn i con