The report prepared by the U.S. Department of Energy’s Building Technologies Office, in February ‘2022, provides a cybersecurity threat profile for networked building systems, which includes building automation systems, lighting systems, HVAC systems, and more. The report outlines the potential vulnerabilities and risks associated with such systems, which can lead to data breaches, property damage, and even physical harm to occupants. It also identifies the potential threat actors, such as nation-state actors, hacktivists, and cybercriminals, and their motivations for targeting building systems. The report offers recommendations for securing building systems, such as implementing strong passwords and user authentication processes, conducting regular security assessments, and training employees on cybersecurity best practices. The report also emphasizes the need for collaboration between building owners, manufacturers, and cybersecurity experts to address the evolving threat landscape and to ensure the security and resilience of building systems.

Keywords: Access Controls, Architecture/Engineering, Communications, Control & Monitoring Equipment/Sensors, Cybersecurity/Privacy, Energy Efficiency/Management, Internet of Things (IoT), Lighting Systems/Controls