Pen Test Partners have been reviewing the security of Building Management Systems and the findings are not good, see their article here:
Too cold to work? School closed? Sure your BMS hasn’t been hacked?
“The controller security has improved some, but we’ve found large numbers installed on the public internet, unprotected, with complete authentication bypass in some cases!
We found them in military bases, schools, government buildings, businesses and large retailers among many. Ripe for compromise of these organisations.
We also found some that had already been compromised to a point by malware. Further compromise would be trivial.”
“It’s about lax installers NOT vendors
Most of these issues have been caused by HVAC & BMS installers, rather than the vendor. The installers have exposed their clients through not following manufacturer security guidelines. The manufacturer could still make improvements though.”
IoT Security Foundation @IoT_SF Conference will deliver a range of business strategic, research and technical talks across three tracks that demonstrate what good security looks like from planning to execution. Join IoTSF, IBM, Intel, Device Authority, National Cyber Security Centre (NCSC), Pen Test Partners, PhotonStar LED, ARM, Electric Imp, Smarter, Secure Thingz, Data IO, Beecham Research, Connect Devices, IAR, Security Platform Inc, University of Warwick, Pipe, Thales, AESIN & more.
We have a great line up of speakers and exhibitors, including:
- Simon Fabri, Technical Director, Schneider Electric
- Duncan White, Managing Partner, Marks & Clerk
- Piers Corfield, Founder & CEO, Dashboard
- Adam Armer, Global Business Development Manager, Vodafone
- Robin Kennedy, Knowledge Transfer Manager, KTN
- Steve Morecraft – Technical Manager, EMEA, Logi Analytics
If you are looking for a new job/contract position or to recruit staff then come along and talk to Anderson Young and LynxPro who will be exhibiting and are sponsors of the Meetup.
The IoT Security Foundation are holding their 3rd Annual IoT Security Conference on 5th December at the prestigious IET Savoy Place, London. This year’s theme is Knowing It’s Safe To Connect which will deliver a range of business strategic and technical talks that demonstrate what good security looks like from planning to execution. The Conference also features making the business case for the right kind of security, technical sessions for securing the IoT ecosystem, research sessions on the future of IoT security and has a post-conference drinks reception for additional networking.
Why attend? Learn from the best, connect with the IoT security community and enhance business opportunities through extensive networking.