BLOG

Why the Target HVAC Hack is Not Possible with the TECS Wireless EMS Solution

Most IT departments have heard about the Target Hack, exposing millions of customers credit card and personal information. What some might not know is the hack originated through the HVAC system. That puts an extra emphasis on IT departments to check every aspect of their network, and it causes them to look twice at IP based solutions for controlling mechanical devices. Understandably, this can make IT Directors nervous about putting devices on their network.

Fortunately, the Target Hack could never happen with the TECS solution, because there is no gateway or Windows machine required on the network. According to Krebsonsecurity, the HVAC company had a solution where they were required to have VPN access into Targets network to monitor the control system, apply updates and patches, and troubleshoot glitches. Due to the network setup, the HVAC contractor could also access the customers payment system, and other critical systems. The consequence of having an additional hardware device in the customer location was a security hole that cost Target tens of millions of dollars.

Other solutions provide for a gateway, with a random open port on the network being open to connect to that gateway. This creates a couple of security issues. First off, opening a port on your network is like keeping a window or door unlocked on your house. People may not see it at first, but on the internet, some bot will eventually find the open door and start poking at it. According to WatchGaurd, a cyber-security technology firm, your goal should be to block every port you can. Secondly, you end up with a device that you don’t control the security of onto your network. How secure is the firmware on the device that is on your network. Have you verified with the vendor they have done adequate security testing for their application. If a hacker does get in through their device, who is going to get the blame? Any solution that requires an open port to a specific device creates additional potential security risks.

The TECS wifi thermostat solution is built upon secure technology that does not require any additional devices on a customer’s network, nor any additional ports to be opened. Our industry leading secure wireless thermostats communicate directly out to our cloud server via standard HTTP ports, and our cloud servers respond to those requests via HTTP protocols. For added security, customers can choose to put our devices into a separate VLAN, create a unique username and password for each device to connect to their network via WPA2-Enterprise level security, and/or configure their content filter to only communicate to our servers. This secure technology and communication protocol eliminates the ability for a hacker to get to our devices. With no additional ports required to be opened, and no additional hardware devices, such as a gateway or a server, required on the customers network, our solution routinely meets the strict requirements of IT departments across the nation.

The key point of any EMS is troubleshooting the HVAC equipment, and monitor the data to catch HVAC problems as or hopefully before they arise. With TECS, any troubleshooting of the actual HVAC equipment occurs on our secure cloud servers from the data provided by our thermostats. The solution for the Target hack required the HVAC firm had a connection into the customers network to monitor and troubleshoot the solution. Our advanced technology creates no holes to a clients network, providing IT directors peace of mind knowing their networks are not exposed to outside vendors.

Capitol Energy Solutions has been the secure Energy Management Solution of choice for customers across the United States, and continues to innovate in the Energy Management space for schools, retail, commercial, and government customers. For more information, please contact info@capitolenergysystems.com.