Google's offices in Sydney were (are?) hackable, along with evidently a lot more. http://www.theage.com.au/it-pro/security-it/australian-google-office-building-hacked-20130507-2j416.html
The story says that most building management systems (security, hvac, lighting, etc.) are installed and managed by 3rd parties. The perceptions in the comments are interesting, e.g. Carole: I worked for an organisation that built a new works plant, with all of the latest SCADA technology. Controlled through an unencrypted HTTP data channel. No one except for me cared, and I told it was not my job to worry about it. As far as I know, it's still vulnerable. And yeah, these systems could raise and lower gates that would allow access to the org's assets behind the fence, unlock garage doors on big sheds storing heavy equipment, and so on. So here's a risk management question: If a building is breached and a burglary/damages/worse takes place as a result of a hacked 3rd party building control system, whose insurance company bears the cost and to what level? Jan Melbourne, Victoria, Australia [email protected] blog: http://janwhitaker.com/jansblog/ business: http://www.janwhitaker.com Our truest response to the irrationality of the world is to paint or sing or write, for only in such response do we find truth. ~Madeline L'Engle, writer _ __________________ _ _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
