The OT Research Team at Forescout performed an exercise in vulnerability and malware research for devices commonly used in building automation system (BAS) networks.
The goal was to create a proof-of-concept malware targeting BAS networks to raise awareness about a problem that will likely become increasingly serious over the next few years as the Internet of Things (IoT) continues to expand.
Topics covered in this research paper include:
- An analysis of the security landscape for BAS networks
- The discovery and responsible disclosure of previously unknown vulnerabilities in building automation devices
- The development of a proof-of-concept malware for BAS that persists on devices at the automation level
- A discussion on how improved visibility into BAS networks can help improve building automation system cybersecurity by promptly detecting threats