How Can BACnet Attacks Cause Harm?
If your system is attacked what’s the worst that can happen?
How easy is it to cause? To stop? Cyber attacks can cause harm. The harm can be extreme such as when permanent damage is caused to equipment or when they cause a cascading effect – to the electrical grid for instance. They have even been used to stop Iran from completing its nuclear program – that attack was known as the Stuxnet Virus. We can expect terror cyber attacks and we can expect them to attack important institutions and infrastructure.
First, understand the harm and the risk. After that, we can look at how BACnet opens the door to attack.
Source of Risks:
- Purposeful attacks: Hacker, malicious attack, competitor attacks/spying, ex-employees, disgruntled employees, autonomous robots. These attacks can be coordinated and scheduled.
- Accidental: deletion of data, flood the market, improper installation of cables, unprepared installing of new equipment.
In CAS’s opinion, the most serious vulnerabilities allow for attacks which can be broadly categorized as:
- Denial of Service Attacks (DOS)
- Re-initialization Attacks, and
- Seizing Control
Denial of Service Attacks (DOS) are those in which the network is flooded with messages which cause collisions preventing control and monitoring messages from being transmitted between devices. By flooding a device’s microprocessor with commands and tasks, one can limit the ability of the device to operate normally. Do this on a large enough scale and you can shut down a campus, a factory etc. Attacks like these can be coordinated.
- Risk Profile = Moderate harm (e.g. In-operable building, water damage) easily achieved.
Re-initialization Attacks are those that cause devices to restart which in itself presents a number of attackable vulnerabilities. If a device’s configuration or firmware can be altered prior to the re-initialization then the device could permanently lose its ability to operate or could be turned into a Zombie device and perform other attacks. Done on a large enough scale or to systems which are no longer supported, these attacks could take the target systems out for weeks and even months. Recovery may be dependent on the quality of backups.
- Risk Profile = Possible extreme effect (Bricking devices, provide pathways for viruses to spread, lost configurations) achieved with a moderate challenge, Moderate harm can easily be caused.
Control Seizure attacks are those that exploit BACnet’s Peer to Peer system allowing any device to write at the highest priority to writable objects in other devices. These objects may control physical equipment such as motors, generators… It is easy to cause permanent damage to some equipment by making it operate outside its design limits. Alarms can be suppressed, data can be changed, sequences of operation can be broken. Systems can be made inoperable presenting.
- Risk Profile = Moderate harm easily be caused.