Cybersecurity: More Than PCs and Macs

Could the sprinklers in the Oval or the air conditioner in your office pose a security risk to Stanford? Believe it or not, they can.

The systems that operate the campus sprinklers; your office air conditioner; and things like building lighting, door access, and fire alarms are often connected to Stanford’s campus network and could be vulnerable to compromise.

Protecting those systems through upgrades to the latest security standards is the focus of a joint project by Land, Buildings & Real Estate (LBRE), University IT, and school and department IT groups across campus.

“Cybersecurity applies to more than just servers and user devices,” said Michael Tran Duff, assistant vice president and chief information security officer. “Stanford facilities depend heavily on control and monitoring systems that are connected to our campus network, and we need to ensure that those systems are properly protected.”

Last year, LBRE and UIT implemented a program to inventory, assess, and address any identified security issues on all of the university’s major Supervisory Control and Data Acquisition (SCADA) systems. These systems allow for online monitoring and control. Now near completion, the SCADA review will ensure all networked building facilities equipment meet the latest security standards.

SCADA systems at Stanford

In and around your building, there are SCADA systems such as a Heating Ventilation and Air Conditioning (HVAC) system, an irrigation system, and a hot water system. Some of these systems already run on isolated building control systems networks, while others may run on the same network as your computing devices and administrative servers.

SCADA systems are often at risk because they are typically older industrial building control systems running on outdated hardware and software that are vulnerable to current security threats. Because they must be on a network to function, new security standards require they be connected through special isolated networks.

LBRE and UIT are actively upgrading these systems to meet new network security requirements. They are also working with organizations across campus that run their own systems, such as Residential & Dining Enterprises, School of Medicine, and Graduate School of Business, to do the same.

“Everyone has a role in keeping Stanford’s network secure, and this project touches all corners of the place that is Stanford University,” said Michael Fox, director of technology for LBRE. “We are pleased with the partnership and support we’ve received in upgrading the university’s SCADA systems, and we know that Stanford is more secure because of it.”

Learn more

If you are concerned about systems in your area, email the project team or talk to your local IT professionals.