July 29, 2021
Smart Buildings Cited as Iranian Cyberattack Target
A secret Iranian cyber group targets cargo ships, gas stations and smart building networks.
A large player in Building Management Systems is cited numerous times in classified documents.
When any company makes smart lighting products, one of the important measures system engineers must consider is how the network is designed to withstand cyberattack attempts. This has always been a concern for any building management or smart home system that utilizes network devices with IP addresses and TCP/IP ports. The threat has mostly been a theoretical, nameless and faceless threat. That just changed.
The smart buildings space is getting a dose of tangible concern as UK-based Sky News, a Comcast company, has obtained what are believed to be classified Iranian documents that demonstrate initial plans for potential cyberattacks. Many European and U.S. targets -- including cargo ships, gas stations and smart building systems -- were being evaluated as cyberattack targets. The documents start with a statement apparently from Iran's Supreme Leader, "The Islamic Republic of Iran must become among the world's most powerful in the area of cyber."
It does not appear that any attack was imminent but building management systems were among the short list of targets apparently being considered. A glimpse at the Sky News video report shows that Schneider Electric was cited numerous times in the classified documents. Schneider Electric is the parent company to the Square D brand and EcoStruxure brand (its IOT-enabled architecture) which are important components to the company's building management system platform.
According to the report, the Iranian documents also mention Honeywell, Siemens and Indiana-based KMC Controls by name.
Sky news reporter Deborah Haynes consulted with a Washington D.C. area cybersecurity firm, Mandiant. The firm explained that the documents "discuss the possible physical impacts of cyber operations targeting civilian critical infrastructure and the feasibility of conducting such attacks, while examining the percentage of internet-accessible devices that could be potential targets."
Don’t miss the next big lighting story…
Click here to subscribe to the inside.lighting InfoLetter