Full Report
What threats are relevant to building automation systems and what malware their owners have encountered in the first six months of 2019.
Analysis Summary
# Industry News: Assessing the Threat Landscape for Smart Buildings (H1 2019)
## Summary
A comprehensive analysis of building automation systems (BAS) reveals that nearly 40% of smart building environments were targeted by malicious activity in the first half of 2019. The findings highlight a shift in threats from specialized industrial malware toward ubiquitous, non-targeted threats like worms, spyware, and ransomware infiltrating critical facility infrastructure.
## Key Details
- **Date:** September 19, 2019
- **Companies Involved:** Kaspersky ICS CERT
- **Category:** Market Analysis / Threat Intelligence
## The Story
The report examines the security posture of smart building systems—including HVAC, lighting, physical security, and fire safety—which are increasingly integrated into corporate networks and the internet. In H1 2019, Kaspersky products blocked malicious activity on 37.8% of computers used to manage these systems.
Unlike traditional IT environments, smart buildings represent a convergence of Operational Technology (OT) and standard IT. The "story" here is not one of secret state-sponsored sabotage, but rather the massive "collateral damage" caused by common internet threats. The majority of these threats (over 26%) were delivered via the internet, followed by removable media and email links/attachments. This suggests that the primary vulnerability is not a lack of sophisticated defenses, but a failure to isolate automation systems from general web traffic.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Solidifies its position as a thought leader in the ICS/OT security space, moving beyond traditional endpoint protection into specialized infrastructure security.
### For Competitors
- **Legacy BAS Providers:** Companies like Siemens, Honeywell, and Schneider Electric face increased pressure to integrate "secure-by-design" principles as their customers become more aware of these vulnerabilities.
- **MSSPs:** Managed Security Service Providers see an opportunity to offer specialized monitoring services specifically for building automation protocols (e.g., BACnet, Modbus).
### For Customers
- **Facility Managers:** Increased operational risk; a malware infection in a BAS can lead to physical shutdowns, increased energy costs, or safety hazards (disturbing fire alarms/security locks).
- **C-Suite:** Cyber insurance premiums for "smart" corporate campuses may rise as the attack surface expands.
### For the Market
- **Increased Regulation:** The report signals a need for stricter compliance standards tailored to smart infrastructure, separate from standard corporate IT policies.
## Technical Implications
The report highlights that while specialized "BAS-specific" malware is rare, common malware (like financial trojans or cryptominers) is highly disruptive to the resource-constrained hardware often used in building controllers. Key technical vectors identified include:
- **Web-based threats:** 26.1% of attacks.
- **Removable media (USB):** 11.5% of attacks.
- **Email/Phishing:** 5.7% of attacks.
## Strategic Analysis
- **Market Positioning:** Security vendors are repositioning themselves from "anti-virus" to "critical infrastructure protection."
- **Competitive Advantage:** Real estate developers who can prove "certified cybersecurity" in their smart buildings will command higher commercial rents and lower insurance rates.
- **Challenges:** The long lifecycle of building equipment (15-20 years) means that many systems currently in use are inherently unpatchable or lack the processing power for modern security agents.
## Industry Reactions
- **Analysts:** Market analysts point out that the convergence of IoT and BAS is outstripping the security capabilities of most facility management teams.
- **Experts:** Cybersecurity professionals emphasize that "air-gapping" is a myth in 2019; most BAS are connected to the corporate LAN for remote management, creating a bridge for malware.
## Future Outlook
- **Predictions:** Expect an increase in "Lease-Ransomware," where attackers lock down building utilities (heating/cooling) to extort property management firms.
- **What to watch for:** Watch for the adoption of Zero Trust architectures specifically within the Building Management System (BMS) vendor ecosystem.
## For Security Professionals
Practitioners should prioritize network segmentation. Automation systems must be moved to isolated VLANs with strict ingress/egress filtering. Furthermore, security teams need to extend their vulnerability management programs to include non-traditional endpoints like PLCs (Programmable Logic Controllers) and specialized BMS workstations that are frequently overlooked during standard IT audits.