Page 35 - BACnet_Europe-Journal_43
P. 35
Technology Technik
Minimum Standards for IT Security in
Building Automation
Mindeststandards für IT-Sicherheit in
der Gebäudeautomation
The basic rules for IT security in building Nevertheless, there is no such thing as 100% Added to this are the long-life cycles of building
automation in Germany are the standards IT security for building automation. The specific services systems, which require a high degree of
and the Basic Protection Compendium of IT security standards to be met in building forward planning for BA systems and a strategic
the Federal Office for Information Security automation must be derived from a risk analysis approach.
(BSI). The basic protection modules for for the respective use of the building.
building management (INF.13) and building Based on this, the following specifications
automation (INF.14) are mandatory for The current BSI Standards and Basic Protection should be taken into account when planning BA
federal authorities and operators of critical Compendium in the IT Basic Protection Module systems.
infrastructures (information available at INF14 Building Automation from 2022 lists the
www.bsi.de). following risk situations as relevant for building Specifications for the Planning of GA
Grundlegende Regelwerke für IT-Sicherheit automation: Systems
I
in der Gebäudeautomation in Deutschland nadequate planning of building automation,
sind die Standards und das Grundschutz- for example due to a lack of redundancy or pecifications for encrypted data transmis-
S
kompendium des Bundesamts für Sicher- high complexity in the interaction of different sion/communication (BACnet/SC, KNX-Se-
heit in der Informationstechnik (BSI). Die trades. cure, or similar).
F
Grundschutzbausteine Infrastruktur für aulty integration of TGA systems into Deactivation of all unnecessary services and
Gebäudemanagement (INF.13) und building automation or faulty configuration of accesses ex works (“hardened“ devices and
Gebäudeautomation (INF.14) sind verpflich- building automation. software) including documentation of the
tend für Bundesbehörden und Betreiber se of insecure systems and protocols in ports used.
U
kritischer Infrastrukturen (Informationen building automation, such as the “old“ Management software with functions for
unter www.bsi.de). BACnet protocol, as well as KNX or ModBus. recording user activities (audit trail).
A
Manipulation of the interfaces of indepen- cceptance of the GA system only with the
In addition, the VDMA 24774 (2023-03) dent TGA systems for building automation latest firmware (automation stations) or
standard supports BA planning, implementation, (e.g., via a manipulated fire alarm that opens software version (BBE, MBE), at least all
and operation with specific requirements for BA all doors). security-relevant updates, in particular the
systems. latest Windows patches and the latest
versions of the software systems used.
IT SECURITY STRATEGY FOR BUILDING AUTOMATION
Damage Prevention
Encrypt data and communication
Hardening (strengthening systems)
Secure access (firewalls, identification, authentication)
Threat
Policies/guidelines
Sabotage
Burglary
Espionage
Damage Damage Reduction
System manipulation Data loss Alarm system
Data manipulation Loss of trust Emergency operating level
Theft Downtime/production Backups
Personal injury downtime Traceability (audit trail)
according to VDMA 24774 (2023-03)
vergleichbar mit VDMA 24774 (2023-03)
BACnet Europe Journal 43 09/25 35
