Easy to Attack – Tiny Markets
The problem of tiny markets: Windows 10.1 has over 200 million installs. That is over 200 million chances to observe and report bugs and vulnerabilities. You can also be sure that those 200 million users use the computers in a diverse way. When it comes to building automation the markets are relatively tiny. There are probably only 10 thousand gateways installed per year from over 100 manufacturers. There is much less chance to discover and report vulnerabilities and there is much less chance of the manufacturer's testing rigorously enough to prevent vulnerabilities. There isn't enough profit for these types of products to fund large testing/validation projects.
Easy to Attack Example: I have attended the Royal Canadian Mounted Police (RCMP) headquarters building many times for building automation purposes. I was able to attend the site without credentials during construction. During my visits I am able to install new networking and automation equipment, update firmware, sniff on the networks. I could even install a wireless router which would allow me to connect to the network from outside the fence. I could install attack devices, I can corrupt the control system, I could schedule attacks so they are coordinated. The attacks could be designed to cause a facility shutdown by causing cascading overloads shutting down the power system and tripping the standby power system. UPS’s could be driven to a failed state and IT networks could be shut down. Denial of service attacks could be installed. Control and sensing devices could be rendered inoperable and could be permanently damaged by driving devices to operate outside safe limits. The same ease of access occurs at almost all sites I visit. There is never an audit of the work I do, of the equipment I install or the changes I make.