An analysis of security issues in building automation systems

The purpose of Building Automation Systems (BAS) is to centralise the management of a wide range of building services, through the use of integrated protocol and communication media. Through the use of IP-based communication and encapsulated protocols, BAS are increasingly being connected to corporate networks and also being remotely accessed for management purposes, both for convenience and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations, relying on security through obscurity. Research has been undertaken into addressing the shortfalls of security implementations in BAS, however defining the threats against BAS, and detection of these threats is an area that is particularly lacking. This paper presents an overview of the current security measures in BAS, outlining key issues, and methods that can be improved to protect cyber physical systems against the increasing threat of cyber terrorism and hacktivism. Future research aims to further evaluate and improve the detection systems used in BAS through first defining the threats and then applying and evaluating machine learning algorithms for traffic classification and IDS profiling capable of operating on resource constrained BAS.

[1]  Wolfgang Granzer,et al.  Security in Building Automation Systems , 2010, IEEE Transactions on Industrial Electronics.

[2]  Steffen Wendzel Covert and side channels in buildings and the prototype of a building-aware active warden , 2012, 2012 IEEE International Conference on Communications (ICC).

[3]  Wolfgang Granzer,et al.  Security Analysis of Open Building Automation Systems , 2010, SAFECOMP.

[4]  Seung Ho Hong,et al.  BACnet over ZigBee, A new approach to wireless datalink channel for BACnet , 2007, 2007 5th IEEE International Conference on Industrial Informatics.

[5]  Pavel Celeda,et al.  Traffic Measurement and Analysis of Building Automation and Control Networks , 2012, AIMS.

[6]  H. M. Newman,et al.  BACnet: The Global Standard for Building Automation and Control Networks , 2013 .

[7]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.

[8]  E. Byres,et al.  The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems , 2004 .

[9]  Alessandro Barenghi,et al.  Security Analysis of Building Automation Networks - Threat Model and Viable Mitigation Techniques , 2013, NordSec.

[10]  Florian Skopik,et al.  Dealing with advanced persistent threats in smart grid ICT networks , 2014, ISGT 2014.

[11]  Parvaiz Ahmed Khand System level security modeling using attack trees , 2009, 2009 2nd International Conference on Computer, Control and Communication.

[12]  Thomas Novak,et al.  Safety- and Security-Critical Services in Building Automation and Control Systems , 2010, IEEE Transactions on Industrial Electronics.

[13]  Wolfgang Kastner,et al.  Communication systems for building automation and control , 2005, Proceedings of the IEEE.

[14]  David Fisk Cyber security, building automation, and the intelligent building , 2012 .