[{"term":"Libraries_BA","id":0,"type":"QUICKLINKS"},{"term":"Instructions","id":1,"type":"QUICKLINKS"},{"term":"WAGO-I/O-PRO","id":2,"type":"QUICKLINKS"},{"term":"Building","id":3,"type":"QUICKLINKS"},{"term":"221","id":4,"type":"QUICKLINKS"}]
[{"url":"/solutions","name":"Solutions","linkClass":null,"categoryCode":null},{"url":"/building-technology","name":"Building Technology","linkClass":null,"categoryCode":null},{"url":"/building-technology/smart-building","name":"Smart Building","linkClass":null,"categoryCode":null},{"url":"/building-technology/smart-building/it-security-interview","name":"Cybersecurity in Buildings","linkClass":"active","categoryCode":null}]
Interview 28 August 2020

“Our Position with Respect to Cybersecurity is Still Too Weak”

Norbert Pohlmann is a Professor of Computer Science for distributed systems and information security and head of the Institute for Internet Security at the University of Applied Sciences in Gelsenkirchen, Westphalia.

He explains that building automation companies urgently need to upgrade their security technology to the state-of-the-art. Cybercrime is increasing and becoming more and more professional. Attacks against IT systems and complex IT structures, such as occur in buildings, are occurring more and more frequently and represent an ever-greater threat.

IT crime is undergoing increasing industrialization and attaining levels of professionalism never before seen. How does this affect buildings, and, more specifically, how are attacks on building automation systems carried out?

Norbert Pohlmann: It’s an unfortunate truth that any information technology can be attacked. There’s no such thing as 100 percent security. Buildings today have complex IT structures that control heating, lighting, blinds, elevators and other systems. All areas can be affected.

Can you give us an example?

Pohlmann: We hacked into the heating system of a hospital once as a demonstration. This was done to illustrate security vulnerabilities. The hospital operators could then fix these security vulnerabilities, which, to our surprise, took several months. But imagine if we had been real hackers, intent on blackmail, perhaps threatening to completely disable the heating systems? Another conceivable possibility would be to cause panic by suddenly dropping the blinds or shutting electronically controlled doors. In a hospital, these scenarios put lives at risk. However, it’s also conceivable that hackers could gain information about a building and its security infrastructure as a first step, then switch off security cameras in a targeted fashion and rob the building. And there are other threats as well. Malware, for example, can cripple systems, and networked devices like security cameras can be attacked. Thousands of these devices can be linked into botnets to carry out denial-of-service attacks in order to paralyze Webservers, for example.