IT Security in Building Automation

The topic of IT security in building automation (BA) has become increasingly important in recent years. The reasons for this lie in the development of the technologies used. Like the technologies used in industrial automation, they have become ever more similar to general IT applications. The devices are now microcomputers with their own operating system. For communication, they use the global IP standard, and therefore the internet for remote communication. Because BA has become more open and standardised so that different systems can be combined, it has also become more vulnerable. But unlike general IT applications, with building automation it is not just data which is at risk. Since BA systems are physically connected to the technical equipment of the building (ventilation , lighting, doors, access control systems), any attacks can compromise the safety and security of the building itself. The actual risk each building faces is project-specific and greatly depends on its sensitivity and on the scope and depth of the building automation system. The measures used to protect building automation systems fall into two fundamental types: those which protect the individual devices, computers and software, and those which protect the IT infrastructure, in other words the networks and network access points. Protective measures for devices, computers and software start with the manufacturer. The protective measures for the IT infrastructure and the remaining measures for the devices , computers and software are implemented by the installation contractor, with clients , general contractors and specialist planners setting out the general conditions, particularly the cost framework, in their tendering specifications and bills of quantities. The efforts to ensure IT security extend throughout the lifetime of a system, from the manufacturing of the components, via project engineering and commissioning through to maintenance and operation. An adequate standard of security can only be achieved if all those involved play the part required of them. The security precautions must be proportionate to the risks. A risk analysis is essential. This white paper, entitled IT Security in Building Automation, describes in detail the security measures that can be taken. The diagrams and illustrations contain additional information on the various threats. The white paper only deals with the aspect of IT security against unauthorised external intervention or attack. It only refers to the other aspects – IT availability and the technical safety of the HVAC system itself – when necessary in order to minimise the negative …