An episode exploring how one individual's personal email activity led to damage to the building's HVAC central plant equipment and controllers, the sequence of events, and recovery steps; insights into attacker motivation and building control system programming knowledge.

This episode examines how a user checking personal email on an application host in a commercial building could compromise the building’s HVAC, central plant equipment and controllers. It discusses how downstream devices are at risk and how attackers with knowledge of building control systems may exploit interoperability. The talk walks through the events in order and the remediation steps, and what actions may have inflamed attackers rather than stopped them.