Take Action to Secure Your Uninterruptible Power Supply Devices, Including Commercial HVAC Equipment
Bad cyber actors are accessing Uninterruptible Power Supply (UPS) devices via the Internet, causing disruptions and increasing risks in operations. That’s right – your connected devices are at risk of cybersecurity attacks that could put your entire operation in jeopardy.
Have your facility engineers taken steps to ensure your building management systems (BMS), including your air distribution products and lighting systems, are secure?
What You Should Know About UPS Devices
Modern UPS equipment comes with an Internet of Things (IoT) capability – the physical specialty devices we connect to the Internet. These devices are then attached to networks for easy power monitoring and maintenance. Commonly found in smart buildings, IoT technologies optimize critical systems.
Although centralized building management systems are advantageous in many ways, they pose a cybersecurity risk, particularly as the systems become more complex.
UPS devices linked to your BMS can also be hacked if they’re connected to the Internet. Facilities engineers should ensure their equipment is secured and involve the information technology department for a cybersecurity analysis.
Any connected UPS device in your facility, including lighting systems, commercial HVAC equipment, and other systems, are cybersecurity risks. So what can be done to minimize the risk and keep your operations running?
Recommendations for Securing Air Distribution Products and Lighting Systems
The American Hospital Association (AHA) has addressed this serious concern, particularly because cybersecurity attacks have a high chance of harming patients.
The AHA provided their recommendations for protecting your UPS and BMS and advised that all facility engineers and anyone involved in the construction of new surgical suites or critical environments be made aware of these preventable risks.
First, the best way to mitigate cybersecurity risks to UPS devices and systems is to simply disconnect them from the Internet. But that isn’t possible in every facility. In this case, take additional steps for protection.
Recommendations for Securing UPS Devices
The U.S. Department of Energy and the Cybersecurity and Infrastructure Security Agency (CISA) recommend:
1. Changing default usernames and passwords on all equipment, and ensuring new passwords are strong. AJ Manufacturing can provide guidance for changing default credentials on our commercial HVAC equipment and lighting solutions.
2. Ensuring all your devices and your systems are behind a virtual private network (VPN).
3. Enforcing multi-factor authentication.
4. Activating timeout/lockout features.
5. Developing a cyber incident response plan.
6. Immediately reducing risk by removing management interfaces from the Internet.
Being proactive in preventing cybersecurity breaches will save you time, money, and energy, and protect all your assets from bad actors.
Ask AJ Manufacturing About Keeping Your Commercial HVAC Equipment and Critical Environment Lighting Systems Safe
The UPS products we fabricate at AJ Manufacturing help facilities managers understand how effectively equipment is working. Our team also can help you keep your equipment safe from cyber threats.
To learn how you can protect your systems, call us at (816) 231-5522, or send us a message online. A representative will get back to you as quickly as possible. You also can refer to the operations manuals provided with all our products for more information.
What Happens After a Cybersecurity Incident?
If you suspect your facility’s UPS has been hacked, it’s time to implement the response plan you created. The federal government offers playbooks you may find helpful.
The joint Cybersecurity Advisory by CISA has also outlined approaches to uncovering and remedying cybersecurity threats. You also should report the incident to CISA’s operations center by emailing report@cisa.gov, or by calling 888-282-0870.
Need Additional Resources?
For more information on protecting your operations and facilities from cybersecurity threats, visit the American Hospital Association’s website. There, you will find resources on defending against malicious activity and for managing cybersecurity risks.Order Commercial HVAC Products from AJ Manufacturing for Your Next Project
Trust the leading manufacturers of state-of-the-art critical environment and clean room equipment the next time you upgrade your BMS or start from scratch with a new project.
Each AJ Manufacturing product is designed and built to meet your performance expectations, keep your patients safe, and properly distribute air. With AJ Manufacturing, you get consistency, thanks to our careful hand assembly, in-factory IEST testing, and our high-quality control standards.
Learn more about our extensive array of products, handcrafted with stainless steel, using the latest technology at our Kansas City facility. Contact us to request a proposal for your next project.