Building Automation Systems are the silent brains of modern buildings: HVAC, lighting, access control, lifts, energy management. Designed for reliability, they were quietly connected to the internet and the wider IoT estate, and every new connection widened the attack surface. This piece walks through how BAS became a soft target: open protocols that trust by default, real incidents that exploited overlooked vulnerabilities, and the uncomfortable truth that a comfort system can become a way into the corporate network. It covers why these systems are so exposed, long lifecycles, weak segmentation, vendors optimising for uptime over hardening, and what defence actually requires: visibility, segmentation, and treating the physical integrity of a building as a security concern, not just its data. The threat is invisible because the systems are.
Writing
Essays, papers, notes, and references.
A place for longer pieces, formal work, and useful written records.
Building Automation Systems are the silent brains of modern buildings: HVAC, lighting, access control, lifts, energy management. Designed for reliability, they were quietly connected to the internet and the wider IoT estate, and every new connection widened the attack surface. This piece walks through how BAS became a soft target: open protocols that trust by default, real incidents that exploited overlooked vulnerabilities, and the uncomfortable truth that a comfort system can become a way into the corporate network. It covers why these systems are so exposed, long lifecycles, weak segmentation, vendors optimising for uptime over hardening, and what defence actually requires: visibility, segmentation, and treating the physical integrity of a building as a security concern, not just its data. The threat is invisible because the systems are.
TLS and centralised Public Key Infrastructure were built for the web, humans connecting to servers, not for fleets of machines talking continuously with no human in the loop. As Industrial IoT scales to millions of devices, traditional PKI strains: certificate authorities become single points of failure, revocation is slow, and one compromised node can threaten the whole system. This piece makes the case for Brontide, the Lightning Network's encrypted handshake, as a better fit for machine-to-machine communication: decentralised trust, channel graphs standing in for certificate authorities, and identity backed by economic stake rather than a single signing party. It walks through the limits of conventional PKI at industrial scale, how Brontide and Instant Karma PKI reframe the problem, and why borrowing trust from a payments network might be what securing industrial machines needs.