Convergence of IT and OT

In today’s building automation projects, the boundaries between IT (information technology) and OT (operational technology) are often blurred and no longer clearly distinguishable. Attacks on these systems have increased exponentially in recent years, leading to continuously rising cybersecurity requirements. Inadequately protected OT systems often serve as gateways for cyberattacks, and building automation components can also be impacted by threats from the IT sector.

It is with all of this in mind that the IT and BA departments have to collaborate and work together closely to maximize their defense against attacks. It is also essential to define organizational processes and have appropriate data backups in place in case of a successful attack. Yet even with the best preparation, a successful attack can result in several months of downtime and significant financial damage.

A user- or role-based authentication and authorization system is currently in the initial stages as an addendum to the BACnet standard.

Secure communication systems

BACnet/SC faces challenges in gaining acceptance compared to established, equally secure communication systems such as OPC UA. Many consider the need to secure open BACnet as urgent; however, IT departments often advocate for the use of OPC UA or MQTT. Firewall rules for anomaly detection are already in place for these protocols, while they are often still lacking for the relatively new BACnet/SC.

It therefore remains to be seen which protocol or standard will prevail and gain the necessary acceptance from all stakeholders. On the other hand, BACnet/SC continues to use the established BACnet object model and the same services as with data link layer such as MS/TP or BACnet/IP, which means existing systems can be migrated with little effort. Regardless of the outcome, there is one thing that remains certain: In a networked world, building automation must be designed with security in mind.

www.beckhoff.com/bacnet

www.ashrae.org

www.openssl.org