The building that houses your organization is almost certainly smarter than it was a decade ago. Thermostats negotiate with cloud servers. Chillers report sensor telemetry to analytics platforms. Variable-air-volume boxes respond to occupancy signals from Wi-Fi access points. The result is an extraordinary improvement in energy efficiency, occupant comfort, and operational visibility — and a dramatically expanded attack surface for adversaries. This book was written because the gap between HVAC engineering knowledge and cybersecurity knowledge remains dangerously wide. Mechanical engineers who design and commission building automation systems rarely receive formal training in network security. Cybersecurity professionals assigned to protect operational technology (OT) environments often lack the domain context to understand what a BACnet broadcast storm actually means, or why a chiller controller running an unpatched 2009 firmware deserves the same attention as a perimeter firewall.
