In an era where buildings have become as smart as the devices in our pockets, the convergence of operational technology and information technology has transformed how we manage facilities. Building Automation Systems (BAS) now control everything from HVAC and lighting to access control and security cameras (ASHRAE Journal, “Cybersecurity for BAS,” May 2023). While these interconnected systems offer unprecedented efficiency and comfort, they’ve also created a new frontier of vulnerability that many facility managers are unprepared to defend (National Institute of Standards and Technology, 2023).
Hate to read? Listen to a podcast episode on this topic. Visit the NOXTalks Podcast for more episodes
When Smart Buildings Become Easy Targets
In 2017, a casino’s high-roller database was compromised not through sophisticated hacking of their security systems, but via an internet-connected thermostat in their aquarium (Darktrace Security Report, 2018). This oft-cited case illustrates a fundamental truth: your building’s security is only as strong as its weakest connected device.
More recently, in 2022, a breach of Johnson Controls systems exposed operational technology and building automation system data across multiple facilities (CISA Advisory, 2022). The incident demonstrated how vulnerabilities in widely deployed BAS components can create systemic risks across numerous properties simultaneously.
“What makes these attacks particularly effective is that they target systems most facility managers don’t consider part of their cybersecurity perimeter,” explains Jason Christman, VP and Chief Product Security Officer at Johnson Controls, in a personal interview conducted in March 2025. “Organizations must consider all connected systems as part of their security domain, not just traditional IT infrastructure.”
Understanding Your Attack Surface
The first step toward protection is awareness of what hackers see when they look at your building systems. Your BAS attack surface typically includes:
Remote Access Points: Any system that allows offsite management or monitoring
Vendor Connections: Third-party maintenance and analytics platforms
IoT Devices: Smart sensors, meters, and connected equipment
Integration Bridges: Systems connecting your BAS to other enterprise networks
Legacy Systems: Older controllers and equipment never designed for internet connectivity
According to Honeywell’s “2023 Building Cybersecurity Report,” approximately 44% of building management systems operate with outdated software, creating numerous potential entry points for attackers (Honeywell, 2023).
Assessing Your Risk: Signs You May Be Vulnerable
How can you tell if your building systems might be at risk? Consider these warning signs:
Your BAS was installed or last upgraded more than five years ago
You can access building controls from personal devices or home networks
Your vendors have permanent access credentials that don’t expire
There’s no formal process for testing and applying security updates
Building systems share networks with corporate IT infrastructure with no segmentation
Your team lacks documented cybersecurity policies specific to building systems
A facility manager for a commercial property portfolio in Atlanta shared an instructive experience: “We had multiple contractors accessing our systems, all using the same generic login. We never thought about it until we discovered someone had been adjusting our setpoints remotely for months, causing enormous energy waste. It turned out to be a former contractor whose access was never revoked.” This type of access control failure is a common vulnerability in building systems.
Practical Protection Strategies for Non-IT Experts
The good news is that protecting your building systems doesn’t require becoming a cybersecurity expert overnight. Here are practical steps any facility management team can implement:
1. Create a Building Systems Inventory
You can’t protect what you don’t know exists. Document every connected device, controller, and access point in your BAS. Note the manufacturer, model, firmware version, and network connection for each component. This inventory becomes your roadmap for security planning.
2. Segment Your Networks
Work with IT to ensure building systems don’t share networks with corporate systems unnecessarily. “Network segmentation is like having fireproof doors in a building,” explains Fred Gordy, Director of Cybersecurity at Intelligent Buildings, in a webinar presentation on March 15, 2025. “If one area is compromised, the problem can be contained.”
3. Implement Access Control Best Practices
Require unique login credentials for each user and vendor
Implement multi-factor authentication for remote access
Review and purge access lists quarterly
Create role-based permissions so users only access what they need (CISA, “Cross-Sector Cybersecurity Performance Goals v1.0.1,” March 2023)
4. Develop a Firmware and Software Update Protocol
Outdated software is one of the most common entry points for attackers. Create a regular schedule to check for and apply updates, with a testing procedure to ensure updates don’t disrupt operations.
5. Build Resilience Through Backup and Recovery
Even with the best precautions, breaches can occur. Maintain offline backups of all BAS configurations and programming. Document manual override procedures for critical systems so you can operate essential building functions during a cyber incident.
6. Create a Cyber Incident Response Plan
Develop clear steps to follow when suspicious activity is detected. Who should be notified? What systems should be isolated? What external resources can you call on for help? Having this plan in place turns a potential crisis into a manageable event.
Building a Culture of Cybersecurity
Perhaps the most important protection is cultivating awareness among your entire team. “The human element remains both the greatest vulnerability and strongest defense in building system security,” notes James McHale, CEO of Memoori Research, in their “Smart Buildings Security Market Report 2023.” “Organizations should implement regular cybersecurity training sessions with staff meetings, where they discuss recent trends or conduct simple tabletop exercises.”
Miller’s team recently thwarted a potential breach when a maintenance technician received a suspicious email claiming to be from their BAS vendor, requesting remote access credentials for “emergency updates.” Because of the regular security discussions, the technician recognized the red flags and reported the attempt instead of complying.
The Path Forward: Collaboration is Key
As building systems continue to evolve, the boundaries between facilities management and IT will further blur. Forward-thinking organizations are creating cross-functional teams that bring together expertise from both domains.
“The most successful cybersecurity programs for building systems involve regular collaboration between IT security professionals and facility management teams,” says Michael Chipley, President of The PMC Group and contributor to the NIST Special Publication 800-82 (NIST, 2023). “Each brings crucial knowledge to the table—facilities teams understand the operational implications, while IT brings the technical security expertise.”
This collaboration is particularly critical when planning system upgrades or new installations. Security requirements should be included in all specifications and vendor selections, not added as an afterthought.
As our buildings become increasingly intelligent, protecting them requires an equally smart approach—one that combines technical safeguards with human vigilance. The question isn’t whether your BAS will face cyber threats, but whether you’ll be prepared when it does. By taking these practical steps today, you ensure your smart building remains a showcase of efficiency rather than becoming tomorrow’s cautionary tale.
National Institute of Standards and Technology. “Special Publication 800-82 Rev. 3: Guide to Operational Technology Security.” U.S. Department of Commerce, September 2023. https://doi.org/10.6028/NIST.SP.800-82r3
Series: The Role of Building Automation in Disaster Resilience (3/3)
In the previous articles, we covered real-time data monitoring and emergency lighting. Now, we’ll dive into Integrated Communication Systems, an often-overlooked but critical component in disaster resilience. Clear and timely communication can make all the difference when evacuating a building or responding to an emergency, and Building Automation Systems (BAS) can streamline this process with ease.
During a disaster, panic is often the biggest threat to safety. Confusion and a lack of direction can quickly escalate an already dangerous situation. Whether it’s an earthquake, fire, or flood, the ability to disseminate clear instructions to building occupants is crucial. However, relying on manual processes or outdated communication systems can lead to delays, miscommunication, and, ultimately, more chaos.
The Importance of Communication in a Crisis
This is where integrated communication systems, powered by BAS, step in. These systems use a variety of channels—from public address systems to mobile alerts—to ensure that everyone, from facility staff to building occupants, receives accurate and timely instructions.
How BAS Enhances Communication During Emergencies
BAS can unify multiple communication systems under one platform. Imagine the fire alarm goes off in a large commercial building. Instead of relying solely on a single alarm system, BAS can automatically trigger voice announcements, emergency lighting sequences, and send text alerts to occupants’ phones. This multi-layered approach ensures that no one misses the critical message.
Additionally, real-time data gathered through other BAS features, such as flood sensors or seismic monitors, can be used to tailor these communications. If floodwaters are rising on one side of the building, the system can direct people to the safest exits based on real-time data.
Examples of Integrated Communication in Action
Voice Commands and Public Address Systems: In an emergency, automated public address (PA) systems can provide clear, calm instructions. This can include directing people to exits, advising them to shelter in place, or providing real-time updates as the situation unfolds.
Mobile Alerts and Text Messages: Most occupants carry mobile phones, making SMS and app-based notifications an ideal communication method. A BAS can send real-time alerts with detailed instructions, ensuring that people are kept informed even if they’re not near a PA system.
Visual Alerts: For individuals with hearing impairments, visual communication through digital displays and flashing lights can ensure everyone receives the message. A BAS can trigger these systems in sync with other alerts to create a cohesive, inclusive response.
Coordination with First Responders
Another major advantage of integrating communication systems with BAS is the ability to provide real-time data to first responders. As firefighters, EMTs, or police arrive on the scene, the BAS can feed them critical information, such as the status of fire alarms, gas leaks, or structural damage. This allows emergency teams to act faster and more effectively, increasing the chances of a safe outcome.
For instance, if an earthquake has caused damage to specific areas of the building, the BAS can alert first responders to avoid these zones, helping them prioritize where to focus their efforts.
Conclusion: Communication is Key
Effective communication during a disaster can save lives. By integrating communication systems through a BAS, facility managers can ensure that emergency instructions are delivered clearly and immediately across multiple platforms. Whether it’s through PA systems, text alerts, or direct coordination with first responders, BAS streamlines emergency communication to ensure that everyone receives the right message at the right time.
For Further Consideration: Facility managers can also explore how automation enhances other aspects of disaster resilience, such as automated access controls to secure entrances, advanced smoke detection systems, and real-time monitoring of power and water systems. Each of these elements can further bolster a building’s ability to withstand and recover from a disaster, ensuring long-term resilience.
In the world of facility management, maintenance teams often find themselves facing problems that seem straight out of a puzzle book. From wildlife intrusions to ancient plumbing mysteries, the path to a solution requires not just technical skills, but creativity, innovation, and sometimes, a bit of luck. This blog post celebrates the ingenuity and perseverance of those who tackle these challenges head-on, sharing tales of unusual maintenance issues and the clever solutions that resolved them.
When Nature Calls: The Case of the Beehive HVAC
At a small office building in the suburbs, the air conditioning began to fail during a sweltering summer. Technicians initially suspected a typical malfunction, but the truth was far buzzier. A massive beehive had taken residence in an external HVAC unit, blocking airflow and threatening both the system and the building’s occupants. The solution? Maintenance collaborated with a local beekeeper. They safely relocated the bees to a nearby farm, clearing the unit without harm to the bees or technicians. This incident reminded everyone of the importance of regular exterior inspections and the unexpected ways nature can impact facility operations.
A Ghost in the Machine: The Mysterious Nightly Alarms
A heritage hotel experienced a baffling problem: fire alarms going off nightly at precisely 2:03 AM, with no apparent cause. This not only disrupted guests but posed a serious concern for safety protocols. An electrician uncovered the issue wasn’t supernatural but historical—old wiring that expanded and contracted with temperature changes, triggering the alarms. The solution involved replacing the outdated wiring, but to preserve the building’s integrity, this was done meticulously to blend with its historical character. The hotel now enjoys peaceful nights, with guests only disturbed by the occasional creaks of its antique floors.
The Escalator to Nowhere: A Lesson in User Experience
In a modern shopping center, an escalator inexplicably began reversing direction at random intervals, causing confusion and safety concerns. Initial checks on the system’s mechanics and electronics returned no clues. The breakthrough came when a keen-eyed technician observed shoppers leaning on an advertising panel at the escalator’s base, unwittingly pressing a hidden “reverse” button intended for maintenance use. The solution was elegantly simple: relocate the button and educate the staff, preventing further accidental escalator adventures. This incident underscored the importance of considering user interaction in facility design and maintenance.
The Unseen Leak: Solving a Puzzle Below the Surface
A newly renovated office building faced an escalating water bill with no visible signs of leaks. The maintenance team embarked on a detective mission, using thermal imaging to trace the building’s plumbing. They discovered a small, but constant leak in a pipe encased within a concrete floor, likely damaged during construction. Repairing this without extensive disruption required precision: the team drilled a small access hole to inject a sealant, successfully stopping the leak without having to excavate the floor. This approach not only solved the problem but did so in a way that was minimally invasive and cost-effective.
The Staircase Symphony: Harmonizing Form and Function
In a unique instance at a university, a newly constructed outdoor staircase began producing musical tones when stepped on, much to the confusion and delight of students. While initially considered a charming quirk, concerns arose about its potential as a distraction or even a safety issue. Investigation revealed that the spacing of the steps, combined with the material used, created the musical effect when walked upon at a normal pace. The creative solution? Embrace it. The university launched a competition for students to compose melodies for the staircase, turning an oddity into an attraction. This innovative response not only resolved the concerns but also celebrated the intersection of functionality and art.
Conclusion
These stories highlight the unpredictable nature of facility maintenance, where the ordinary can quickly turn into the extraordinary. They showcase the ingenuity required to solve problems that don’t always have a straightforward fix. For facility managers and maintenance teams, these tales underscore the importance of being prepared for anything, thinking outside the box, and sometimes, finding the joy in the challenge. In the world of maintenance, every problem is an opportunity to innovate, learn, and occasionally, add a little excitement to the daily routine.
In the critical sphere of facility safety, the traditional approach to emergency drills often misses the mark on engagement and effectiveness. As facility managers and owners seek to ensure the safety of all occupants, the challenge lies in transforming these drills from mundane obligations into captivating and instructive experiences. This article unveils innovative strategies and game-like drills that promise not only to instruct but also to captivate, ensuring that when emergencies arise, responses are both rapid and proficient.
The Game-Changer: Gamification of Drills
Emergency Quest: Imagine transforming the necessity of learning emergency routes and locations of safety equipment into an adventure. Participants engage in a scavenger hunt, navigating clues to discover vital resources and exits. This interactive approach not only makes learning fun but embeds crucial safety information into participants’ memories.
Safety Bingo: This game converts the drill into a lively bingo session, where actions such as locating fire alarms or identifying exit routes become the means to victory. It transforms emergency preparedness into an engaging group activity, ensuring wide participation.
The Power of Role-Playing
Crisis Actors: Adding realism to drills, volunteers simulate scenarios like being trapped or facing a medical emergency. This method enhances the drill’s realism, pushing participants to apply their knowledge practically and under pressure.
The Director’s Cut: Participants take the reins, directing the emergency response based on given scenarios. This role-play tests leadership and decision-making skills, offering valuable insights into both individual and collective preparedness.
Leveraging Technology for Enhanced Realism
VR Simulations: Virtual reality offers immersive experiences of varied emergencies, from fires to earthquakes, without real-world risks. It allows repeated practice in simulated conditions, sharpening responses and decision-making skills.
AR Escape Rooms: Augmented reality turns emergency preparedness into an interactive escape room challenge. Participants use smartphones or AR glasses to solve puzzles related to emergency scenarios, merging problem-solving fun with practical safety training.
Introducing Fun to Serious Learning
Emergency Olympics: A competitive twist on learning critical skills, where teams vie in tasks like evacuation speed or communication efficiency. This competition makes learning memorable and enjoyable.
Safety Flash Mob: A flash mob performing an emergency drill catches everyone by surprise, serving as a vivid reminder of emergency actions in an unexpected and engaging format.
Engaging Everyone: The Path to Enhanced Preparedness
Active participation is the cornerstone of effective emergency preparedness. Facility managers should ensure clear communication of drill objectives and procedures, making the importance of these activities clear. Feedback is essential for refining drills, making them more effective and engaging over time. Recognizing and rewarding participation and outstanding performance can motivate ongoing engagement and improvement.
Conclusion
By transforming emergency drills with innovative ideas and engaging methods, facility managers can foster an environment where preparedness is both a priority and a positive part of the organizational culture. These strategies ensure that when emergencies occur, everyone is equipped to respond with confidence and efficiency, making the workplace not only safer but also more connected and empowered.
If you’re thinking of starting a new career, there’s no better place than the automated buildings industry. It’s one of the best kept secrets in technology careers today. It helps when starting or growing any career, to have a good understanding of the intellectual tools you’ll need, so consider this list of essentials skills and knowledge for the building automation industry.
Technical Knowledge: A solid understanding of building automation systems, including HVAC (Heating, Ventilation, and Air Conditioning), lighting controls, energy management systems, and integration protocols (e.g., BACnet, Modbus). This includes knowledge of hardware components, software applications, networking, and troubleshooting.
Programming and Software Skills: Proficiency in programming languages commonly used in building automation, such as C++, Python, or Java. Familiarity with automation software platforms and tools for system configuration, programming, and diagnostics.
Electrical and Controls Understanding: Knowledge of electrical systems and controls, including wiring, circuits, sensors, actuators, and controllers. Understanding of control logic and the ability to interpret electrical drawings and schematics.
Problem-Solving and Troubleshooting: Strong problem-solving skills to diagnose and resolve technical issues in building automation systems. The ability to troubleshoot complex problems efficiently and effectively.
Communication and Collaboration: Excellent communication skills to interact with clients, engineers, technicians, and other stakeholders. The ability to clearly convey technical concepts, provide support, and collaborate effectively within multidisciplinary teams.
Project Management: Proficiency in project management principles, including planning, organizing, and executing building automation projects. This involves coordinating timelines, resources, and deliverables to ensure successful implementation and customer satisfaction.
Industry Knowledge: Staying up to date with the latest trends, technologies, and regulations in the building automation industry. This includes knowledge of energy efficiency practices, sustainability, emerging standards, and industry-specific best practices.
Continuous Learning: A commitment to continuous learning and professional development to keep pace with advancements in building automation systems and technologies. This can involve attending industry conferences, participating in training programs, and staying engaged with industry publications and forums.
Customer Service Orientation: A customer-centric mindset with a focus on delivering high-quality service and meeting customer needs. This includes responsiveness, attentiveness to customer requirements, and the ability to provide effective solutions.
Analytical and Data-Driven Approach: Proficiency in data analysis and interpretation to optimize building automation systems for energy efficiency, performance monitoring, and predictive maintenance. The ability to leverage data to identify opportunities for improvement and make informed decisions.
Developing and honing these skills can greatly contribute to success in the building automation industry, as they encompass both technical expertise and the interpersonal skills required to navigate complex projects and meet customer expectations. But just because these skills are important doesn’t mean you need to have mastered each now, or even know much about them. It just means you will likely encounter them in the future. If you feel confident in your dedication to learning, you’ll have few barriers to growing a successful career in the building automation industry.
The most difficult part of creating short videos isn’t the production or sharing. It’s coming up with effective content ideas. One easy way to generate engaging content is to use a common category as a guide. Here are some popular categories that work well on most platforms, as standard corporate posts or paid ads.
One limitation you may run into is the maximum video length for each app. As of the time of this writing, the following max time limits apply for the following platforms:
TikTok: 10 Minutes
Instagram Reels: 90 seconds
YouTube Shorts: 60 seconds
If your video concept will require more than a minute, it probably isn’t practical for a YouTube Short.
1. Behind-the-Scenes
Show a glimpse into your daily operations and behind-the-scenes tour. This could include showcasing your team working on projects, setting up equipment, or testing systems. Behind-the-Scenes also work well for events. If your company attends industry events, trade shows, or conferences, capture moments from these events and share them. This can create excitement and showcase your company’s involvement in the industry.
2. Before-and-After Transformations
Highlight the transformational power of your work by sharing videos that show “before” and “after” shots of projects you have completed. This can be particularly captivating if you’re working on visual installations or upgrading systems.
Educate your audience by sharing short, informative videos that provide tips and tutorials related to your business or industry. For example, you could explain how to set up a specific type of BMS or offer troubleshooting advice.
Showcasing your products in action is a great way to engage with your audience. Demonstrate how your products work, highlight their unique features, and explain their benefits.
Introduce your team members through short videos that highlight their roles, skills, and personalities. This humanizes your brand and helps your audience connect with the people behind the company.
6. Client Testimonials
Share short clips of satisfied clients discussing the positive impact your services have had on their businesses or lives. This can help build trust and credibility among your audience.
7. Q&A
Take questions from your followers and answer them with another video. Q&As give your audience valuable information, creates a direct connection with them, and addresses their immediate concerns.
Showcase unique or creative projects you’ve worked on that go beyond your traditional work. For example, if you’ve integrated systems into an immersive art installation or a smart home with innovative features, capture and share those moments.
Share your thoughts and insights on current trends and developments in the systems integration industry. This positions you as an expert and keeps your audience informed about the latest advancements.
Collaborate with other content creators or businesses in related fields to create engaging and mutually beneficial content. This can help expand your reach and bring new perspectives to your audience.
11. Company Culture and Employee Spotlights
Highlight your company culture and introduce your team members to your audience. This humanizes your brand and fosters a connection with your followers. Showing off your company culture also aids in employee recruitment.
12. User-Generated Content
If you want to get your audience hooked on short-form video content, get them to create their own! Encourage your audience to make short-form videos featuring your products. Social media advertising can be much more effective when it features user-generated content (UGC), whether it be product reviews or DIY tutorials.
Bonus: Popular Topics
Popular short form video apps consistently feature specific topics and genres that are popular with users. Mix these topics with the above categories to create engaging content unique to your brand. For example, you could showcase an access control project (Behind-the-Scenes) that made a building more accessible to folks with visual impairment (Social Responsibility).
Sustainability and Social Responsibility
If your company has a strong commitment to sustainability or social responsibility, create videos that highlight your initiatives. Share your efforts to reduce your carbon footprint, support charitable causes, or make a positive impact on society.
Share creative DIY projects or life hacks that are related to your products or industry. This can provide value to your audience while promoting your brand.
Humor and Entertainment
Don’t be afraid to inject humor and entertainment into your videos. Create light-hearted content that resonates with your target audience and makes them smile.
Education
Create informative and educational content related to your industry. Share tips, tricks, and insights that can help your audience learn something new or solve a problem. During anniversaries of important dates, share a historical fact about your industry that’s interesting.
Participate in popular challenges and trends that are relevant to your industry or brand. Put your own spin on these trends to showcase your company’s personality and creativity.
Remember to keep your videos short, engaging, and visually appealing. Add music, captions, or other effects to make your content stand out. Also, don’t forget to use relevant hashtags and engage with your audience by responding to comments and participating in trends and challenges.
