Building Cybersecurity

Preparing Smart Buildings for BACnet Secure Connect

By: Zach Netsov, Product Manager, Siemens Smart Infrastructure USA

Smart buildings are under increasing threat of cyberattacks from bad actors who exploit any vulnerability in a building’s automation system to gain access. Building designers, owners, and operators can mitigate the risk of cyberattacks by leveraging advanced Operational Technology (OT)-specific protocols like BACnet Secure Connect as they become available.

It’s never too early for organizations to prepare for phasing in new technologies that strengthen building automation network security while also considering each stakeholder’s unique needs.

Building Owners/Investors are under pressure to comply with the latest environmental and cybersecurity regulations, while keeping costs under control. As a result, they demand the latest advanced technologies to ensure their buildings operate efficiently and optimize occupant/tenant comfort, productivity, and security. Owners and investors may struggle to justify the additional investment required for cybersecurity enhancements to the building automation system, especially if their existing system is not a BACnet system.


They can prepare by first conducting a cybersecurity assessment to identify and expose gaps in OT security. Once the potential vulnerabilities are known, stakeholders can more easily balance the costs of a potential security breach that could compromise their operation, business, reputation, or sensitive data with the expense of OT cybersecurity improvements. BACnet/SC is also a future-proof investment for any building automation system. By investing in BACnet/SC upgrades, they are not only investing in cybersecurity and a peace of mind, but also enabling their building automation systems to be prepared for future requirements as new innovations become available.


IT Departments support the organization’s information infrastructure and implement best practices such as defense in depth to ensure data is securely accessible within the digital environment. BACnet/SC brings cybersecurity to OT systems and eliminates some long-standing IT-acceptance issues associated with BACnet/IP. With the advent of BACnet/SC and automation applications that require the integration of OT system data to the enterprise side of the organization, IT professionals will work closely with their OT counterparts to design and deploy more secure building automation systems. Collaboration between IT and OT professionals early in the network design and deployment stages of new construction projects, combined with secure OT protocols like BACnet/SC, and well-established IT cybersecurity strategies, allow for secure IT/OT network convergence. Sharing the same physical network infrastructure eliminates the cost and complexity of running separate network segments and enables smart building applications that require data to flow throughout the organization.


Whether a converging IT/OT network scenario, or a separate OT network with BACnet/SC, IT best practices for integration, monitoring and management, as well as the defense in depth strategy of layering security measures must be applied to OT networks to improve cybersecurity in buildings. In either case IT/OT collaboration is required to realize secure smart building networks.


Consultants/Specifiers incorporate the most advanced and proven building automation technologies available to attain smart building goals and deliver value to owners and occupants. It’s important that solutions are backward compatible to ensure a smooth transition in upgrades and extensions. They also need to provide system interoperability and scalability. As the industry rolls out BACnet/SC devices, specifiers should prepare to take a stepwise approach to designing secure building automation systems. Initial specifications are likely to call for “BACnet/SC native” compliance, or “BACnet/SC ready” devices that can support future firmware updates. Networks of BACnet/SC devices can be connected to BACnet networks such as BACnet/IP and MS/TP by using BACnet routers. With BACnet’s standardization and interoperability maintained by BACnet/SC, specifiers can also choose from a wide range of manufacturers to deliver the best smart building solutions while meeting the desired features and budget.


System Integrators should prepare to collaborate with IT professionals even more when deploying secure OT networks with BACnet/SC. Existing building automation systems can be gradually upgraded to BACnet/SC as equipment becomes obsolete. Since BACnet/SC features backward compatibility, interoperability, and system scalability, stepwise extensions or upgrades of existing BACnet systems are easy to accomplish using BACnet routers. In new projects, integrators can deploy building automation systems with both new BACnet/SC devices and currently available BACnet devices with future upgrades in mind. Vendors will provide additional support with tools and training for the new BACnet/SC network configuration processes.


Building Operators face a multitude of post-pandemic challenges and economic pressures, not the least of which is smart building cybersecurity. Building operators should prepare to work in collaboration with on-site IT professionals to monitor and manage automation devices whether on a converged network, or on a separate secure OT network.


A Phased Approach to Building Cybersecurity

By enabling security at the device and network level with encrypted communication and certificate-based authentication, as well as complying with IT best practices, BACnet/SC provides a powerful set of tools to be incorporated as part of a comprehensive defense in depth approach and improve smart building cybersecurity. Siemens can help create a phased plan to prepare organizations to migrate to a more secure OT/IT network infrastructure, while at the same time protecting current security investments.


Learn more about integrating BACnet/SC into a comprehensive security plan: download the White Paper, “BACnet Secure Connect: The next generation of OT security for building operations.”


For additional information on laying the groundwork for a secure building, read: “Steps to strengthen building automation cybersecurity.”


Discover how Siemens can help you with cybersecurity for your smart buildings.