UPDATED 13:00 EST / MARCH 07 2019

SECURITY

Fresh look at building automation security exposes network vulnerability

Engineers at Forescout Technologies Inc. call it the “wow effect.”

When they meet with a client and present a complete overview of a network, the response is invariably a jaw-dropping, forehead-slapping exclamation. Many surprised customers often had no knowledge of how many devices were online or the threat exposure that created.

“They had no idea that a camera was directly connected to the internet,” said Elisa Costante (pictured), senior director of industrial and operational technology innovation at Forescout. “We basically bring light on the dark side of the network. We are looking at all of those tiny devices that you do not expect to be on your network and what they can do.”

Costante spoke with Jeff Frick (@JeffFrick), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the RSA Conference in San Francisco. They discussed the challenge facing many buildings with legacy systems today and the need for network visibility to prevent the spread of viruses in critical institutions. (* Disclosure below.)

Lack of security in legacy systems

In many facilities, building systems are legacy-driven, using older technology that was developed without security in mind. Facilities managers are often reluctant to replace their legacy systems, and information technology is bolted on top.

This is where things can go seriously wrong. “Sixty percent of buildings today are controlled and managed by systems that are 20 years old,” Costante explained. “But you’ve made an investment and you don’t want to change.”

The result can be an attack such as the WannaCry virus, a ransomware worm that spread like wildfire across global computer networks in 2017. WannaCry victimized many hospitals, including the National Health Service in Great Britain.

The vulnerability of public health organizations as a result of one virus highlighted the need for network visibility in an operational technology grid, understanding what devices are connected in real-time.

“You could have the controller for your heating, ventilation and air conditioning exposed to the internet and pull down all of the air conditioning in a hospital, for instance,” Costante said. “WannaCry put down a lot of hospitals.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference. (* Disclosure: Forescout Technologies Inc. sponsors theCUBE’s coverage of the RSA Conference. Neither Forescout nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU