Building Automation Systems fundamentally aim at elevating the control and regulation of mechanical and electrical systems in buildings — and to be more specific, the interaction & communication between the wide array of devices typically found in a building. Implementing a fully integrated building automation system is an indispensable instrument in managing a business, irrespective of whether employed at a single site or even multiple buildings across different physical locations. Nevertheless, it must be stated that this system is only as efficient as it is secure. Turning a blind eye in taking these critical steps in employing a reliable and adequate security strategy puts the entire building management at risk.
To be able to safeguard critical services, the employed control functions, i.e., functions that facilitate and regulate the building automation services, must be sheltered against unrecognised access and unauthorised interference (hackers, security attacks). A standard example of such a security attack is the exploitation of an access control system that regulates the opening and closing of an entrance door. To successfully carry out these security attacks, the attacker has to recognise the vulnerabilities of a system that can be taken advantage of in order to gain unauthorised access to the control functions. Some of the common cybersecurity solutions to tackle risks faced by a building management system or smart buildings can be explained below –
LonTalk offers authentication security by implementing a four-step challenge-response mechanism. A sender which wishes to authenticate a transmission confirms the authentication bit of its message. The receiver then replies with a 64-bit random number. The sender replies with a 64-bit hash value calculated over the content of the message and the random number with the use of a shared key. In addition to the function of confirming the identity of the sender, data safety, as well as data freshness, are confirmed.
BACnet offers multiple services which offer support for data conﬁdentiality, data integrity and data freshness as well.. These mechanisms utilise a symmetric Data Encryption Standard (DES)algorithm and a trusted key server, which is responsible for creating and distributing session keys. These session keys essentially encrypt the transmitted data between two network nodes. To establish and maintain a secure connection to the key server, each node should own a secret key.