Therefore, building auto-
mation has become an important
and growing area of security vulnerability,
confronting the same issues
corporate computer networks had
in Mitnick’s day, such as lack of
encryption, authentication weakness,
and password reset problems. There
are a few crucial questions to answer:
How will BACnet continue to adapt
to this new world of the IoT? How
can the BAS industry prevent hackers
from gaining a foothold?
As the ICT industry is transitioning
to the world of IoT and
smart building development,
it is important that ICT designers,
installers, project managers, and
consultants become increasingly
familiar with the current status
of the BAS and cybersecurity,
the weaknesses of the BAS and
considerations for improvement,
and the new BACnet Secure
Connect (BACnet/SC) technology
that promises to solve some of the
IoT
BEMS
BMS
BAS
INTERNET OF
THINGS
BUILDING ENERGY
MANAGEMENT
SYSTEMS
BUILDING
MANAGEMENT
SYSTEMS
BUILDING
AUTOMATION
SYSTEMS
40 I ICT TODAY
FIGURE 1: No highly technical hacking is required to bring down a mission critical
system. Dumpster diving and social engineering, such as an infected Microsoft Word
file, can be enough to crack a system.
most serious cybersecurity
problems facing the BAS and the
entire enterprise network.
When considering any security
application, it is helpful to recall
that there are now many thousands
of unrepentant, non-rehabilitated,
and less benevolent Mitnicks who
also routinely go dumpster diving
and do a lot of old-fashioned,
Infrastructure for connectivity and data
acquisition for actionable insights
and system improvement
Analytics that utilize data from BMS
and BAS, plus external data such
as utility billing, grid signals, or weather
Software plus networking/protocol
translation hardware that coordinate
the operation of multiple BAS
System of individual components
to automate the control in a single
building function
Enabling
hardware and
communications
Decision support
for the C-suite,
enterprise, and
operations
Front-end
decision support
for operations
HVAC, lighting,
fire & safety,
controls
FIGURE 2: More and more levels of the building network are collecting
data on operating systems. Image source: Navigant Research.
yet still highly successful, social
engineering to bring down a system
(Figure 1). Therefore, securing
BACnet systems needs to be a major
priority for any IT, facilities, or ICT
network manager.
OVERVIEW OF BUILDING
AUTOMATION TODAY
There are two dominant forces
in play with BACnet and smart
building automation today: cybersecurity
is more important than ever
before, and there is the collection
of an enormous amount of data
(Figure 2) causing an overrun
of high traffic that is overloading
the systems to the point where
even one unsophisticated malicious
intruder could easily knock out
firewalls and other security systems.
Compounding matters is that
building automation is certainly
undergoing both a cultural and
technological transition. Many
facilities engineers and managers
are embarking on a new frontier
having to manage so many new