• Corporate Announcement

M.C. Dean title sponsored Hack the Building, a U.S. Cyber Command-inspired exercise designed to assess the impact of cyber-attacks on critical building systems. The company contributed to the event’s planning and exercise coordination, outfitting a 150,000 square-foot building in Annapolis, MD with access control, building automation, and life safety hardware and software.

Sixty teams of government and industry experts from across the country participated in the Hack the Building event, organized by Maryland Innovation and Security Institute (MISI) and Dreamport. The event sought to accomplish four goals:

  • Provide a realistic scenario for qualified teams to attempt offensive and defensive cyber operations against information technology, control system, and manufacturing systems
  • Conduct exploits against building management, digital manufacturing automation and general control systems, causing real-world physical events resulting in loss of physical assets, access to non-volatile electronic information, and physical damage or destruction
  • Model and simulate scenarios affecting existing U.S. Defense Industrial Base manufacturers and consultants
  • Evaluate efficacy of defensive cyber solutions designed to protect control systems and manufacturing technologies

“As operators of mission critical facilities navigate evolving risks, events like Hack the Building demonstrate the need for enhanced cybersecurity measures to guard against physical and cyber threats,” said Phil Owen, M.C. Dean information assurance and cybersecurity expert. “By applying our knowledge of real, highly probable cybersecurity risks and vulnerabilities we developed and monitored five scenarios executed by participants.”

Scenario – It’s Getting Hot in Here

Attackers remotely exploit building management systems (BMS) and alter building controls, such as HVAC fans and thermostats, to cause manufacturing errors and automatic shutoff of IT systems due to overheating.

Scenario – Breach the Building Automation Systems

Attackers breach physical security to alter building environmental systems on the operational technology (OT) network, such as temperature settings and hot water.

Scenario – Let’s Evacuate the Building

Attackers remotely exploit the building’s fire alarm system, triggering alarms to evacuate personnel or disable fire protection systems.

Scenario – Let’s Get Physical #1 & #2

Attackers gain unauthorized physical access to the building by exploiting an access control system. The advanced level of scenario #2 requires attackers to use a blended logical and physical attack vector.

About Maryland Innovation and Security Institute (MISI)
MISI is a non-profit formed exclusively to further and promote charitable, educational, and scientific purposes including, but not limited to, furthering innovation in cybersecurity through education, global technology partnerships, investment, and community engagement to create a collaborative network of subject matter experts and cyber professionals. Learn more at misi.tech.

About Dreamport
DreamPort is a cyber innovation, collaboration, and prototyping facility located in Columbia, MD. DreamPort is designed as an open facility that welcomes the public to tour, collaborate, and prototype in support of USCYBERCOM and its mission partners. Learn more at dreamport.tech.

About M.C. Dean

M.C. Dean is Building Intelligence®. We design, build, operate, and maintain cyber-physical solutions for the nation’s most recognizable mission critical facilities, secure environments, complex infrastructure, and global enterprises. The company’s capabilities include electrical, electronic security, telecommunications, life safety, automation and controls, audio visual, and IT systems. M.C. Dean is headquartered in Tysons, Virginia, and employs more than 5,800 professionals who engineer and deploy automated, secure, and resilient power and technology systems; and deliver the management platforms essential for long-term system sustainability.