Page 52 - 210922_BACnet_Europe-Journal_35_low
P. 52
BACnet Insight
Cyber-Secure and Open Building Automation:
Integrating BACnet into an SL3-Certified
Architecture
Cybersichere und offene Gebäudeautomation:
Die Integration von BACnet in eine
SL3-zertifizierte Architektur
In modern building automation, open communication Integration of BACnet into an SL3-certified architecture Compatibility with the PCD3 I/O system enables the
standards such as BACnet are essential for seam- system to connect seamlessly to existing automation
lessly integrating systems from different manufactur- The integration of the open BACnet protocol into an ISA/ architectures. This is crucial for facilitating the transition
ers. However, this openness brings with it challenges IEC 62443 SL3-certified architecture requires careful from outdated systems to modern, secure solutions.
in the area of IT security. planning and implementation in advance to minimise The platform also offers enhanced cybersecurity
In der modernen Gebäudeautomation sind offene potential risks. Important measures include: features that meet the requirements of ISA/IEC 62443.
N
Kommunikationsstandards wie BACnet unverzichtbar, etwork segmentation: Dividing the network into These include:
um Systeme unterschiedlicher Hersteller nahtlos zu different segments controls data traffic and reduces Protected network ports: To secure unprotected
integrieren. Diese Offenheit bringt jedoch Herausfor- potential areas of attack. This segmentation makes it protocols such as BACnet, the Saia PCD QronoX
derungen im Bereich der IT-Sicherheit mit sich. possible to isolate critical systems from less secure controller uses IEEE 802.1X port security, among
areas. If cybercriminals succeed in penetrating the other measures. This protects physical network
Cyber attacks on building automation systems are network, this reduces the risk of them gaining direct access; only authorised devices are granted access.
D
increasing and require security measures that ensure access to critical network segments. ata encryption: Data transferred between
P
data integrity and confidentiality. The integration of open ort security: Monitoring and controlling data individual devices is protected by modern encryption
BACnet into a system architecture certified according to traffic on network ports prevents unauthorised technologies such as TLS 1.2, which reduces the
ISA/IEC 62443 Security Level 3 (SL3) shows that open- access and protects against potential threats. By risk of data loss and manipulation. In addition, user
ness and security do not have to be mutually exclusive. implementing port security mechanisms, only file systems are also encrypted with the hardware’s
This article highlights the measures that need to be authorised devices can access the network. This private key. This private key is stored exclusively on
taken into account during planning in order to create a significantly reduces the risk of attacks by the device and is not accessible to the development
securely integrated environment for interoperable control unauthorised devices. team, support staff or during the production
S
and monitoring solutions, and uses the Saia PCD QronoX ecurity by design: Security aspects are process.
system as an example to show how integration can be integrated into the development process from the Access control: The implementation of role-based
implemented at a technical level. outset to ensure a robust and secure system access controls ensures that only authorised users
architecture. can access certain functions and data. This increases
BACnet and the challenges of IT security egular security reviews: To ensure that the security and minimises the risk of human error.
R
security measures implemented are effective,
BACnet has established itself as the standard protocol in regular security reviews and penetration tests are Conclusion
building automation and enables interoperability between essential.
devices from different manufacturers. This openness can By implementing security measures such as network
bring with it potential security risks. Open protocols can QronoX as a platform for secure interoperability segmentation, port security and security by design,
provide entry points for cyber attacks, which can then the open BACnet protocol can be used securely.
lead to unauthorised access to systems and data. The The Saia PCD QronoX system provides a secure Powerful integration platforms such as the Saia PCD
use of BACnet therefore requires a protected system environment for integrating BACnet into building QronoX system provide the necessary infrastructure
architecture and a comprehensive security concept that automation. It is object-oriented and graphically for this: the combination of open standards and robust
incluades both technical and organisational measures programmable in accordance with IEC 61131-3 security architectures ensures that the advantages of
to eliminate these potential risks. In addition, it must be (CFC – Continuous Function Chart, SFC – Sequential interoperability between open standards and protocols do
integrated into a secure architecture such as ISA/IEC Function Chart, LD – Ladder Logic and FBD – Function not come at the expense of security. Openness and the
62443 SL3. Block Diagram) and supports high-level language (ST best possible protection against cyber attacks can thus go
Structured Text). It also supports various protocols, hand in hand.
including BACnet, OPC UA, Modbus, MQTT, Profinet,
DALI, M-Bus and others.
52 BACnet Europe Journal 44 03/26
