As a building owner, you juggle countless responsibilities, from tenant satisfaction to operational efficiency and physical safety. But there’s a growing, often invisible, threat that many are still overlooking: the cybersecurity of your elevators. This is an overlooked concern for buildings with elevators. The elevator systems that move people through your building daily could be an open door for cyber threats, especially as they become increasingly “smart” and connected.
The traditional relationship with elevator companies has been built on necessity and trust. These are complex, specialized systems requiring expert installation and ongoing maintenance. It is now time for building owners to have a degree of concern and must implement practices, not from a place of distrusting reputable elevator companies, but from an understanding of modern security risks. It is being asked more and more why elevator cybersecurity demands attention, what are the specific vulnerabilities you need to be aware of, whether your elevator uses an old phone line or a direct internet connection and crucially, how to protect your building, especially when changing service providers. Elevator cybersecurity is real and needs to be addressed.
The Unseen Vulnerabilities: Why Your Elevator Isn’t Just a Mechanical Box Anymore
Historically, elevator safety focused almost exclusively on physical and mechanical integrity. Cybersecurity is a newer concern, it has been here, but equally now more of a critical layer to address. Many building owners assume or may think the elevator company is solely responsible for the security of their equipment and access methods, but the reality is more complex, and the potential attack vectors are multiplying. In reality most building owners, property managers, facility managers, asset managers or anyone that touches and elevators needs top be aware.
The Connection Conundrum: From Dial-Up to Direct Lines
You might think your elevator is secure if it’s not directly on your main IT network. However, vulnerabilities can exist regardless of the connection type:
· Plain Old Telephone Service: Many elevators, especially older models use a standard analog phone line often an RJ11 connector, which people sometimes mistakenly refer to as RJ45 for communication. This is essentially a modem dial-up connection. While it might seem isolated, these lines can be targeted. If an attacker can identify and access this line, and if the elevator system’s remote access protocols are weak, they could potentially gain unauthorized access.
· Internet-Connected Elevators (RJ45 Ethernet Connection): Modern elevators are increasingly connected directly to your building’s network and the internet via an Ethernet (RJ45) connection. This enables advanced remote diagnostics, software updates, and integration with Building Management Systems (BMS). While offering significant benefits, this direct connectivity also exposes the elevator system to a much broader range of cyber threats if not properly secured.
Key Cybersecurity Vulnerabilities Building Owners Must Understand:
· Remote Access Channels: This is a major concern. Many modern elevators have remote access capabilities for diagnostics, software updates, and sometimes even remote operation. If these
channels aren’t robustly secured by the elevator company they can become attack vectors for malicious third parties. A compromised elevator company system could potentially grant attackers access to many buildings.
· Technician Tools & Laptops: The specialized devices and software used by elevator technicians can be points of vulnerability. If these tools are compromised with malware and then connected to your elevator system, they could inadvertently introduce threats.
· Interconnected Systems: Elevators increasingly interface with your Building Management System (BMS) or other networks. A compromise originating through the elevator company’s access or directly attacking the elevator network could potentially spread to other critical building systems if not properly segmented.
· Data Breaches: Smart elevators can collect significant data, including traffic patterns, destination dispatch logs, and sometimes even integrated camera footage. Secure access is vital to protect this data’s privacy and integrity and comply with data protection regulations.
· Insider Threats: While less common, the possibility of a disgruntled or malicious employee within the elevator company misusing their legitimate access credentials cannot be entirely dismissed. This is a risk with any vendor who has privileged access to your systems.
· Proprietary Control and Lack of Transparency: Some concerns revolve around the “black box” nature of proprietary elevator systems. Building owners may have limited visibility into what data is being collected, how it’s being used, or the full extent of remote access capabilities held by the manufacturer. This can lead to concerns about vendor lock-in.
· Supply Chain Risks: Vulnerabilities can be introduced anywhere along the supply chain of the software and hardware components used in elevators.
The consequences of a compromised elevator system are severe, ranging from operational disruption and significant financial losses to, in worst-case scenarios, risks to passenger safety and a building’s physical security.
Heightened Stakes: Elevator Cybersecurity in Regulated Industries
While every building owner should prioritize elevator cybersecurity, the imperative is even stronger in certain regulated industries. For these sectors, a compromised elevator system isn’t just an inconvenience it can lead to severe regulatory scrutiny, breaches of sensitive data, risks to vulnerable populations, and catastrophic operational failures. The existing concerns about remote access, interconnected systems, data breaches, and physical security implications take on new dimensions.
· Hospitals and Healthcare Facilities: For healthcare providers, patient safety and data privacy (e.g., under HIPAA in the U.S.) are paramount. While elevators themselves might not store electronic Protected Health Information (ePHI), their operational integrity is critical for patient care, emergency response, and the movement of medical equipment and staff. A compromised elevator could:
o Disrupt critical hospital operations, delaying patient transport or access for medical teams.
o If connected to the broader hospital network without adequate segmentation, potentially serve as an attack vector towards systems that do handle ePHI or control other critical infrastructure.
o Impact physical security, controlling access to sensitive areas where patient data or valuable medical supplies are stored. The need to protect operational data generated by the elevator also remains vital.
· Financial Institutions: Banks, credit unions, and other financial entities operate under stringent cybersecurity regulations designed to protect financial data and ensure the stability of financial systems. While your elevator system won’t be processing transactions, its cybersecurity is still relevant because:
o Physical Security: Elevators control access to different parts of a building, including potentially sensitive areas like vaults, server rooms, or executive offices. A compromised elevator could undermine physical security measures.
o Operational Resilience: Regulators expect financial institutions to maintain high levels of operational resilience. An elevator outage due to a cyberattack can disrupt business operations, employee access, and customer service in a physical branch.
o Attack Vector: As with hospitals, an insecure elevator system connected to the corporate network without proper segmentation could be an entry point for attackers aiming to penetrate deeper into the institution’s IT infrastructure.
· Retail Establishments (Especially Large Retailers): For retailers, particularly larger ones, concerns revolve around business continuity, physical security, and protecting any customer data environments.
o Operational Uptime: Elevators and escalators are key for customer experience and the movement of goods in multi-story retail environments. System downtime due to a cyber incident can lead to lost sales and customer dissatisfaction.
o Physical Security of Assets: Elevators can control access to stock rooms, cash offices, or inventory management areas. Compromise could facilitate theft or unauthorized access.
o Network Segmentation: While PCI DSS (Payment Card Industry Data Security Standard) might not directly list elevator controls, if the elevator’s network is not properly isolated from the Cardholder Data Environment (CDE), any vulnerability could theoretically pose a risk to segmentation controls, which are a PCI DSS requirement.
· Other Critical Infrastructure and Public Venues: Beyond these specific examples, any industry considered critical infrastructure (e.g., government buildings, transportation hubs, energy facilities) or large public venues (stadiums, convention centers) has an implicit responsibility to ensure the safety and security of their operational technology. As highlighted, staying informed about emerging cybersecurity threats and best practices for OT is crucial. The focus here is on ensuring operational continuity, public safety, and preventing any component, like an elevator system, from becoming a weak link in their overall security posture.
Even if direct regulations for “elevator cybersecurity” are not explicitly spelled out for every scenario in every industry, the general mandates for data protection, operational resilience, physical security, and risk management in these sectors absolutely extend to encompass the networked control systems of modern elevators. Building owners in these industries must be particularly diligent in asking questions, ensuring strong contractual agreements, and implementing robust network segmentation and other security measures.
The “Changing of the Guard”: Heightened Risks When Switching Elevator Service Providers
What happens when you change elevator service providers? This is an extremely critical point concerns surrounding elevator company access are significantly amplified when a building changes its elevator service provider. This transition period is a vulnerable time where proactive security measures are paramount.
Why the Risk Spikes During a Handover:
· Lingering Access of the Outgoing Provider: This is the most significant risk. If the outgoing provider’s remote access credentials are not meticulously identified and deactivated, they could retain a backdoor into your system. Don’t forget physical keys and access codes either. Former technicians also retain “embedded knowledge” of setups and potential default passwords.
· Incomplete Data and Knowledge Transfer: The outgoing provider might use proprietary diagnostic tools or hold specific system data that isn’t easily transferable, especially if you’re moving from an OEM to an independent contractor. Incomplete maintenance logs and system history can hamper the new provider. Furthermore, the outgoing provider might retain copies of operational data, raising privacy concerns.
· Establishing New Security Baselines: The new provider needs to conduct their own security assessment. The previous setup might not align with their protocols, or they might uncover existing vulnerabilities. Crucially, all default or previously known access points known to the old provider must be changed.
· Vendor Lock-In Complications: If your elevator system is highly proprietary to the OEM, a new independent provider might face challenges accessing all diagnostic functions or software. This could leave some aspects of cybersecurity or advanced features unmanaged.
· Potential for Blame and Disruption: If an issue occurs shortly after the transition, determining responsibility can be difficult if the handover wasn’t clean.
Changing elevator service providers isn’t just a contractual shift, it’s a critical moment for reassessing and reinforcing the security and control over a vital piece of building infrastructure.
Your Proactive Defense: An Action Plan for Elevator Cybersecurity
Instead of just worrying, building owners can and should take proactive steps. In today’s connected world, blind trust is not a sufficient security strategy.
1. Ask Tough Questions & Demand Transparency:
o Inquire specifically about your elevator company’s cybersecurity policies, practices, and any certifications their systems have undergone. This demonstrates your expertise and expectation of authoritativeness from your vendor.
o Understand precisely how remote access is managed, secured, and logged.
o Ask about their data handling and privacy policies, especially concerning passenger data or operational logs.
o Request clear explanations of any remote access activities and software updates.
2. Strengthen Contractual Agreements:
o Incorporate explicit cybersecurity expectations and responsibilities into your service and maintenance contracts.
o Include clauses on data security, immediate breach notification, and the right to audit.
o When changing providers, ensure the termination clause with the outgoing provider addresses data return/destruction and secure decommissioning of their access. The contract with the new provider should clearly define their cybersecurity roles from day one.
3. Implement Robust Technical Safeguards:
o Network Segmentation: This is crucial. Work with your professionals to ensure elevator systems, especially if connected to the building network, are isolated on their own dedicated, secured network. This limits potential lateral movement in case of a breach.
Monitoring and Logging: Where possible, implement systems allowing your building to monitor access to elevator controls and log activities. Regularly review any access logs provided by your vendor.
o Principle of Least Privilege: Ensure that elevator company technicians and their remote systems only have the minimum necessary access privileges required to perform their tasks, and only for the duration needed.
4. Manage Vendor Transitions Meticulously:
o Formal Offboarding for Outgoing Provider: Conduct a comprehensive access audit to identify all potential access points. Systematically disable all known user accounts, change passwords, decommission remote access links, and re-key physical locks if necessary.
o Systematic Onboarding for New Provider: Have the new provider conduct a thorough security assessment as part of their onboarding. Implement new, strong, unique credentials for all their required access points. Ensure a clear handover of all system documentation and maintenance logs.
o Independent Verification : For critical infrastructure or after a contentious switch, consider an independent third-party cybersecurity audit of elevator system access controls post-transition. Your elevator consultant can assist with the step as well.
o Communication: Maintain clear communication with both outgoing and incoming providers throughout the process.
5. Integrate into Overall Risk Management:
o Include elevator companies in your building’s overall third-party risk management program.
o Ensure physical security for elevator machine rooms, control panels, and network connection points is strictly controlled.
6. Stay Informed and Foster a Security-Aware Culture:
o Be aware of emerging cybersecurity threats and best practices related to operational technology and smart buildings. This knowledge empowers you to ask the right questions and make informed decisions.
Secure Your Ascent
The access elevator companies have is essential for the function and maintenance of these critical systems. However, in our hyper-connected world, a passive approach to security is a path to vulnerability. Building owners must proactively engage with their elevator providers about cybersecurity, understand the specific risks pertinent to their installations be it POTS lines or direct internet connections and take reasonable, informed steps.
Protecting your elevators from cyber threats isn’t just an IT issue; it’s a fundamental aspect of modern building management, tenant safety, and operational resilience. By implementing the strategies outlined above, particularly during the critical juncture of changing service providers, you can significantly reduce your risk and ensure your building’s vertical transportation remains safe, secure, and reliable for everyone. This is about managing a necessary technological relationship in an increasingly complex environment.
FAQs
My elevator uses an old phone line (POTS line/modem dial-up), not a direct internet connection. Is it still vulnerable to elevator cyberattacks?
Yes, elevators using Plain Old Telephone Service (POTS) lines for communication, which is like a modem dial-up, can still be vulnerable. If an attacker can identify and access this line, and if the elevator system’s remote access protocols are weak they could potentially gain unauthorized access. An independent elevator consulting firm can guide you to the appropriate actions to take to protect your elevator
What is considered the biggest elevator cybersecurity concern for elevators now a days?
The biggest modern concern is often cited as remote access channels. Many elevators have remote access capabilities for diagnostics, software updates, and sometimes even remote operation. If these channels aren’t robustly secured by the elevator service company they can become attack vectors for malicious third parties.
If I change my elevator service provider, what is the most significant security risk I need to address during the transition?
When changing elevator service providers, the most significant risk is the potential for lingering access by the outgoing provider, especially their remote access credentials. If these are not meticulously identified and deactivated, the outgoing elevator contract service provider could retain a backdoor into your system. When changing service providers your elevator consultant can help mitigate the risk.
As a building owner feeling concerned about elevator cybersecurity, what’s the first practical step I should take?
The first practical step is to ask questions and demand transparency from your current elevator service company. You should inquire about their elevator cybersecurity policies and practices, understand how remote access is managed and secured, and ask about their data handling and privacy policies. An elevator consulting firm will have this information as well.
My building is a hospital. Are there specific elevator cybersecurity implications I should be aware of?
Yes, for hospitals, while elevators themselves might not store electronic Protected Health Information (ePHI), their operational integrity is critical for patient care, emergency response, and the movement of medical equipment and staff. A compromised elevator could disrupt critical hospital operations or, if connected to the broader hospital network without adequate segmentation, potentially serve as an attack vector towards systems that do handle ePHI or control other critical infrastructure. The need to protect operational data generated by the elevator also remains vital. The hospitals elevator consulting firm will ensure all protocols are in place.