April 2013

Babel Buster Network Gateways: Big Features. Small Price.
Control Solutions, Inc. - Minnesota

(Click Message to Learn More)

BAS and Cyber-Security

Traditionally building systems including BAS have been protected partially through obscurity, and largely through physical protection.

Paul Ehrlich, Ira Goldschmidt & Angela Lewis
Building Intelligence Group

As published
Engineered Systems 
April Issue - Column

New Products
Site Search
Secured by Cimetrics
Past Issues
Control Solutions, Inc
Securing Buildings News

During the President’s recent State of the Union address one of the key initiatives identified dealt with the issue of Cyber-Security.  This was supported by a new White House initiative focused on protecting critical infrastructure from attacks.  What is interesting about this initiative is that it is much broader than just computer networks and IT systems, but also includes industrial systems including those used to control the power grid and critical infrastructure.  This, and other recent industry efforts, has raised questions about security and the level of protection against potential attacks for building automation system. 


Traditionally building systems including BAS have been protected partially through obscurity, and largely through physical protection.  Gaining access to a building control system and enabling or disabling systems, or even changing setpoints required accessing the building and entering mechanical and electrical rooms, which are typically secured. However as we have moved toward control systems that are network (or Internet) enabled, it is now possible to access these systems through the building network or even remotely through the Internet.  At the same time the systems have become increasingly less obscure.  Older, proprietary BAS systems could only be accessed through a desktop computer application.  This was typically located in a secured area and was protected by user name and password.  As we have moved to open systems including those that utilize BACnet, LonTalk, and Tridium Niagara, it becomes possible to access the systems using tools other then a workstation leading to more paths for potential breaches.  In fact one of the goals of an open protocol control system is to make communications easy, which in turn can make these systems potential targets for attacks. Within the industry many have long been aware of this potential vulnerability, but recent events have led to a broader awareness of this issue. 


There is work going on within the industry to better protect systems including changes to the open protocol standards, as well as software patches and improvements from suppliers and new products coming on the market intended to provide added protection.  In the meantime, however, there are several recommended approaches that should be used to provide security protection for any BAS.  These include:

While arguably the risk to an attack on a BAS is less serious then that of a power plant, it is still a risk and one that we can not afford to have occur.  Following this issue and utilizing designs to protect systems is highly recommended. 

About the Authors

Paul and IraPaul and Ira first worked together on a series of ASHRAE projects including the BACnet committee and Guideline 13 – Specifying DDC Controls. The formation of Building Intelligence Group provided them the ability to work together professionally providing assistance to owners with the planning, design and development of Intelligent Building Systems. Building Intelligence Group provides services for clients worldwide including leading Universities, Corporations, and Developers. More information can be found at www.buildingintelligencegroup.com  We also invite you to contact us directly at Paul@buildingintelligencegroup.com or ira@buildingintelligencegroup.com


[Click Banner To Learn More]

[Home Page]  [The Automator]  [About]  [Subscribe ]  [Contact Us]


Want Ads

Our Sponsors