Why NFPA 72 Chapter 11 Matters More Than Ever
Key Takeaways
- NFPA 72 Chapter 11 establishes cybersecurity requirements for networked fire alarm systems, including security gateways, protection of physical ports, timely software updates, and formal change management procedures.
- Cybersecurity failures in connected fire alarm systems can often be traced back to installation, maintenance, or service practices, making cyber protection a critical responsibility for industry professionals.
- Fire alarm integrators can significantly reduce cybersecurity risks by implementing a few practical security measures immediately.
As fire and life-safety systems become increasingly connected, cybersecurity has emerged as a vital component of protecting critical building infrastructure. Modern fire alarm systems are no longer standalone devices; they are often integrated into broader building networks, creating new opportunities for cyber threats to target essential life-safety equipment.
The Growing Threat of Cybercrime
Cybercrime has become one of the world’s largest and most profitable industries. In 2025, global cybercrime generated more than $3 trillion in illicit revenue, making it the world’s eighth-largest industry—approximately five times larger than the global illegal drug trade. The rapid advancement of artificial intelligence is further accelerating the scale and sophistication of cyberattacks.
The financial rewards for cybercriminals are substantial. The average ransomware payment reached $1 million in 2025, highlighting the lucrative nature of these attacks. Importantly, cybercriminals do not only target high-value systems. Any connected device can serve as a gateway into a larger network.
A notable example occurred in 2013 when attackers exploited vulnerabilities in an HVAC system to gain access to retail point-of-sale terminals, ultimately compromising 40 million credit and debit card records. This incident demonstrated how seemingly low-risk devices can become entry points for major cyber breaches.
NFPA 72 Responds to Cybersecurity Challenges
Recognising these evolving threats, the fire protection industry has taken significant steps to address cybersecurity risks. Chapter 11 of NFPA 72 outlines specific cybersecurity requirements for fire alarm systems connected to a network.
Internet Access Must Be Controlled
Fire alarm systems may only connect to the internet through a secure gateway, such as a hardware firewall. In addition, unused physical ports—including LAN, USB, and similar interfaces—must be secured against unauthorised access.
Maintaining Critical Contact Information
Manufacturers must have current contact information for building owners or managers so they can quickly communicate urgent security updates and vulnerability notifications. During annual inspections, service providers should verify that contact details remain accurate and that manufacturer cybersecurity certifications are up to date.
Timely Software and Firmware Updates
Manufacturers regularly release software and firmware updates to address newly discovered vulnerabilities. These updates should be installed promptly according to the urgency level specified by the manufacturer. Service agreements should account for the time and resources required to implement these updates effectively.
Formal Change Management Is Essential
One of the most demanding requirements in NFPA 72 is the establishment of a formal change control process. Section 26.6.3 requires that network modifications be reviewed and coordinated through a change control committee involving multiple stakeholders.
This is not a simple administrative task. Effective change management requires clear procedures, dedicated personnel, and strong collaboration between service providers, building owners, IT teams, and other stakeholders to ensure that network changes do not introduce new vulnerabilities.
Real-World Cyberattacks Highlight the Risk
Cyberattacks on building systems are no longer theoretical concerns.
In October 2021, a cyberattack targeted a building automation system, locking out the owner, installer, and manufacturer while rendering hundreds of devices across multiple floors inoperable. Perhaps most concerning was that the attackers never claimed responsibility or demanded a ransom. Some cybersecurity experts believe the incident may have been a proof-of-concept attack or an attempt by hackers to demonstrate their capabilities.
The fire alarm industry has not been immune to cybersecurity concerns. In 2020, a major fire alarm manufacturer disclosed two critical vulnerabilities that could have allowed attackers to gain complete control of affected systems. Fortunately, the vulnerabilities were identified and patched before exploitation occurred. However, the incident served as a reminder that similar risks may still exist in connected systems today.
Four Practical Steps for Fire Alarm Integrators
While compliance with NFPA 72 Chapter 11 is essential, fire alarm professionals can further strengthen cybersecurity by adopting the following best practices:
1. Keep Devices Updated
Ensure that laptops, smartphones, and other service devices are running the latest software updates and protected by reputable anti-malware solutions. This reduces the likelihood of service equipment becoming a pathway for attackers to access fire alarm networks.
2. Encrypt Hard Drives
Full-disk encryption protects sensitive information stored on laptops and mobile devices. If equipment is lost or stolen, encryption helps prevent unauthorised access to critical system data.
3. Use a Trusted VPN
When accessing systems remotely or working on public networks, use a reputable paid Virtual Private Network (VPN) service. Quality VPN solutions provide secure communication channels and help protect sensitive information from interception.
4. Strengthen Password Security
Every account should have a unique, complex password. Reusing passwords across multiple systems significantly increases risk because compromised credentials can be used to access additional accounts.
Password managers can simplify the creation and management of strong passwords. In addition, fire alarm control units (FACUs) should be configured with unique access credentials to prevent a breach in one system from compromising others.
Cybersecurity Is Life Safety
As fire alarm systems become more connected, cybersecurity becomes inseparable from life safety. Protecting these systems from cyber threats is not simply about safeguarding equipment or data—it is about ensuring that critical life-safety systems remain operational when they are needed most.
By following NFPA 72 requirements and implementing strong cybersecurity practices, fire protection professionals can help protect buildings, assets, and, most importantly, human lives.
Learn more about these topics during Ben Adams’ presentation, “Cybersecurity in the Fire Alarm Industry,” at the NFPA Conference & Expo taking place June 22–24 in Las Vegas.
