Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Building control systems can be pathway to Target-like attack

Antone Gonsalves | Feb. 10, 2014
Companies should review carefully the network access given to third-party engineers monitoring building control systems to avoid a Target-like attack, experts say.

In addition, companies should know the IP addresses used by subcontractors in accessing systems. Unrecognized addresses should be automatically blocked.

Better password management is also a way to prevent a cyberattack. In general, a subcontractor's employees will share the same credentials to access a customer's systems. Those credentials are seldom changed, even when an employee leaves the company.

"That's why it's doubly important to make sure those accounts and systems have very restricted access, so you can't use that technician login to do other things on the network," Melancon said.

Every company should do a thorough review of their networks to identify every building system. "Understanding where these systems are is the first step," Rios said.

Discovery should be followed by an evaluation of the security around those systems that are on the Internet.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.