A thermostat may be sending out updates on
every small incremental change of temperature,
which means it will constantly send out data,
adding to traffic overload, slowing the network,
and potentially making the BAS devices
unresponsive or erratic.
July/August 2019 I 43
• Make certain that the BACnet
network is segmented or isolated
properly. One consideration is
to essentially separate IT systems
from OT systems. There still can
be one optical fiber, but two
VLAN pipes; one for IT and the
other for OT. This may help
restrict the ability of hackers
to access internal servers
and data via the internet.
• Assign IP addresses and IDs
to BACnet devices, which are
typically manually assigned
and static in BACnet versus
the dynamic host configuration
protocol (DHCP) typically
used in IT systems.
• Install firewalls if needed
and ensure all servers,
workstations, and mobile
devices, including laptops,
have strong usernames
and passwords.
• Provide remote access to control
systems behind a firewall and
consider setting up a VPN.
• Ensure that the same password
is not used for both the BAS
and enterprise (corporate)
network that can give hackers
an easy open door.
• Advise facilities managers
not to give unsecured access
to vendors, including
controls contractors.
• Change default passwords
on all BAS devices and reset.
• Verify that all devices
are configured securely
and patched with the latest
version of all vendor software.
• Confirm that all systems are
running the latest firmware.
• Verify that all notifications
are running properly, limiting
traffic overload.
• Help develop better reports,
logs, and documents other
than spreadsheets often used
by facilities managers.
• Develop mutually beneficial
port security and port
control communications.
• Determine the best method
for data tagging, which is
essentially assigning a label
to the data that is generated
on the building.
• Make certain that the system
is flexible enough to scale
in support of increasing
IoT applications.
• Assist with the best choice of
monitoring and analytical tools.
When even minor fundamental
improvements have been implemented,
it is vitally important
to choose the best monitoring
and/or analytical tool(s) that best
meets the objectives of facilities
management, IT, and the building
owner. Currently, many facilities
managers are using tools from IT,
such as open-sourced Wireshark,
SolarWinds, Microsoft Network
Monitor, PRTG, and ExtraHop that
they have tweaked just enough
to work with BAS. The tools are far
from a perfect fit, though, since
they do not meet the needs, values,
and workflows in building automation
and the commercial real
estate (CRE) sector. Some managers
choose to work with BACnetspecific
tools, such as BACnet
Quick Test and BACnet diagnostics
options, which are fine choices for
the sophisticated BACnet expert,
but they may not be user-friendly
for a facilities technician or for IT
personnel to easily understand
BACnet output. Therefore, many
facilities managers turn to simple
spreadsheets to manage their
device lists or to export data
from another program.
All of the solutions are highly
prone to error and still have
to be tweaked to fit the BAS
and CRE workflows.