Page 16 - BACnet_Europe-Journal_42
P. 16
BACnet Insight
How to Protect Building Automation –
Today and Tomorrow
Wie sich Gebäudeautomation schützen
lässt – heute und in Zukunft
Cybersecurity threats are increasing.
Cybersicherheitsbedrohungen nehmen zu.
Building automation increasingly faces unprecedented security challenges – especially in critical infrastructure. of respective manufacturers. In addition, BACnet/SC
Fortunately, the BACnet Secure Connect standard (BACnet/SC) addresses both current and future cybersecurity requires a single Certificate Authority (CA) in order to sign
needs. Dr. Alina Matyukhina, CSO and Global Head of Cybersecurity at Siemens Smart Infrastructure Buildings, and validate certificates across all devices. All of these
explains how. features significantly increase security while maintaining
Gebäudeautomation ist mehr denn je mit völlig neuen Sicherheitsherausforderungen konfrontiert – vor allem in kriti- compatibility with existing BACnet systems.
schen Infrastrukturen. Der BACnet-Secure-Connect-Standard (BACnet/SC) erfüllt sowohl aktuelle als auch zukünftige
Anforderungen an die Cybersicherheit. Dr. Alina Matyukhina, CSO und Global Head Cybersecurity bei Siemens Smart Compliant and certified solution for cyberthreats
Infrastructure Buildings, erklärt wie.
Another important asset, BACnet/SC, aligns with the new
With the increasing digitalization of building systems, maintains the solution’s open, flexible nature while adding Network and Information Security 2 (NIS-2) EU standard
cybersecurity has become a pressing issue for facility crucial security features. that came into effect in October 2024, aimed at critical
management as operational technology (OT) systems face sectors such as healthcare, energy, transportation,
a growing number of incidents. According to projections, As an additional data link layer, BACnet/SC can banking, and digital infrastructure. The directive requires
cyberattacks on businesses, consumers, governments, be seamlessly integrated through BACnet routers, organizations to implement encrypted communications,
and devices will occur every two seconds by 2031. allowing existing systems to be upgraded without any device authentication, cybersecurity policies, and other
extensive infrastructure changes. The protocol supports cybersecurity measures. BACnet/SC allows organizations
This threat is compounded by the rapid growth of Internet communication with earlier versions of BACnet, ensuring to set up a building automation system that meets the
of Things (IoT) devices in smart buildings, which are backward compatibility as well as providing enhanced NIS-2 requirements.
expected to reach more than three billion by 2028. Robust security features for newer installations.
security measures are required, especially for critical To proof that the necessary cybersecurity measures
infrastructure, such as hospitals, airports or laboratories. The protocol uses WebSocket Secure (WSS) with TLS are in place, Siemens products have received IEC
However, traditional building automation protocols were 1.3 to allow for encrypted, bug and tamper-proof 62443 certification through verification by TÜV Süd. The
not designed to address today’s cybersecurity challenges. communication of devices. It also implements a hub- independent label not only covers the products but also
and-node architecture to ensure high availability in the entire development process.
Adding critical security features to the standard critical environments. Certificates for authentication
protocol provide multiple protection layers: The first one is an BACnet/SC application in critical infrastructure
individual so-called Operational Certificate (OC), which
BACnet, which is used in more than 70 percent of the is unique to the device and used for authentication An excellent example of the capabilities of BACnet/SC in
world’s building automation systems, has adapted to processes as well as for encryption and decryption of critical infrastructure is the Oberwart Hospital in Austria.
these challenges with its Secure Connect (SC) upgrade. traffic. The second, so-called Root Certificate, is project- Healthcare facilities naturally require exceptionally high
Launched in late 2019, the BACnet/SC enhancement based and identical across all project devices, regardless standards. Patient safety and operational continuity
16 BACnet Europe Journal 42 03/25