How Insecure Building Management Systems Are Putting Organizations At Risk

Building Management Systems (BMS) are responsible for many critical aspects of keeping your organization up and running – including access control, HVAC, fire and safety systems and much more. Recent incidents and results of security research reveals the fragility of these components through aspects such as internet exposure, insufficient hardening measures and insecurity by implementation - highlighting the potential consequences to organizations.

The webinar addresses BMS cyber security risks from a vendor and asset owner perspective, with discussions revolving around use cases derived from real world security evaluations and extensive BMS research completed by Applied Risk.

This webinar will cover:

  • What are the challenges of BMS cyber security and why is it critical?
  • Roles and responsibilities – who is responsible for BMS Security?
  • BMS Research and common findings from real world engagements – what is exposed?
  • Vulnerabilities, case studies and real-world threat scenarios
  • Technical and non-technical recommendations to secure your BMS

View the Webinar Here

View the Slides Here

View the Research Report Here

About the Presenters:
 

Gjoko Krstic

Gjoko Krstic is a Senior ICS/IIoT Security Consultant at Applied Risk. Gjoko holds experience in penetration testing, malware analysis, vulnerability and exploit research, incident handling, fuzzing, binary exploitation, embedded operating systems and ICS/SCADA hacking. Gjoko has been involved with security hardening and evaluation of smart systems and devices, applications, networks and has conducted extensive cyber security research into building management and automation systems security.

William Knowles

William Knowles is a Senior Security Consultant at Applied Risk. He specialises in goal-oriented security testing, and works to help organisations improve both their prevention and detection capabilities. His research interests primarily revolve around the breadth of post exploitation activities, and he has spoken at a number of industry conferences on these topics, including BlueHat, DEF CON, and 44CON.

Scott Thomas

Scott Thomas is a Senior ICS Security Consultant at Applied Risk, with 18 years experience in penetration testing, vulnerability management and security governance in the Oil & Gas, Maritime, Manufacturing, Energy and Defense sectors.
 

View the Webinar Here

View the Slides Here

View the Research Report Here