Unsubsribe On Tuesday, December 31, 2013 5:43 PM, John Young <jya@xxxxxxxxxxxx> wrote: Brian Carroll rightly expands the discussion of pervasive targeting by ubiquitous technology. In architecture, for example, the increasing use of automation for controlling building systems -- HVAC, electrical, plumbing, security among others -- poses considerable vulnerabilities beyond legacy analog controls. Many of the automated systems are administered remotely over telephone, cable and wireless networks. Others are controlled locally within structures. Some are secured with encryption but many are not. And few are TEMPEST-protected outside military and governmental facilities. We have found that few architects and building engineers are knowledgeable about building automated systems nor the variety of means to secure and protect them. They are customarily designed, operated and maintained by specialty firms not traditional building designers. Moreover we have found that building management and maintenance staff rely upon outside firms for advanced technology, thus subjecting their facilties to unsupervised interventions by outside personnel who may themselves be sub-contractors, and sub-subs for each component of automation. In short, it is fairly easy to interdict and access building automation systems for implanting devices, injecting packets, tampering with OSes, siphoning networks, temporarily suspending security, all the things recently revealed in the 30c3 presentations. Digital security and TSCM experts are familiar with many of these vulnerabilities but there is a common practice to specialize in services (often at client request) and neglect comprehensive coverage. For example, to inspect communications and security systems but not HVAC, plumbing, electrical and automation systems which often have far more inadvertent emitters and transceivers contained in extensive components throughout a structure. NSA TAO and the joint CIA-NSA Special Collection Service are especially capable to expoit these gaps, and usually send teams composed of experts in each building system to determine a comprehensive attack on vulnerabilities, and shrewdly, planting multiple and various decoys to mislead counterspies. A catalog of these full-scope operations would be quite informative and perhaps diminish the effectiveness of ruses and decoys, in particular the kind of solo operation valorized in movies, books and TV.