When parents send their children to school, they believe that the school will educate them, teach them manners, and prepare them for the real life. But before the teaching starts, both kids and parents should have confidence in the school environment, the quality of which is a combination of the teachers, the facilities, and most of all, the safety of the children. Their safety has to be assured at all times, whether in the classroom or at play in the yard.

Schools, like many other facilities such as campuses, sports arenas, banks and data centers, are prime targets for cyber attacks on the Building Management System (BMS), which controls the power and water supply, air conditioning, fire alarms, access control and more. The potential damage of a cyber incident to such networks is incalculable. The very thought of hundreds of schoolchildren stuck in their classrooms during a fire, not able to escape to safety, is terrifying.

While the above scenario seems to be taken from an action movie, the threat is actually very real. As hard as it is to believe, it’s actually very easy to break into a BMS network, manipulate its controllers, deactivate the fire alarm system or lock the access control system.
To expose the weaknesses of such networks I ran an internet search for open BACnet devices (port 47808) and found more than 7000 internet-connected devices in the U.S. alone. And while my search was focused on schools (to emphasize my point), my findings easily apply to casinos, sport arenas, universities and even banks.
One of the schools that came up on my search was an elementary school in Massachusetts. I found the IP address of the school’s heating system’s controller. Using a regular browser, within a few seconds I was directed to the login page. At this point, I stopped the process; however, someone with malicious intentions wouldn’t stop here. Potential hackers won’t find it hard at all to log into such systems, because many of them still use the default vendor’s credentials, or the passwords can be cracked using publicly-available tools. Once the hacker penetrates the network, he or she would be able to control the school’s heating system, and from there on to inflicting more damage.
Just like energy firms, that invest heavily in protecting their operational (SCADA) networks to prevent service interruptions, schools, hospitals and numerous other facilities need to be on the lookout for cyber threats to their BMS, to assure the safety of employees and visitors, and to maintain normal, continuous operation.