 |
|
|
|
|
|
|
|
|
|
|
 |
 |
 |
 |
|||||||
 |
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
|||
Mechanical Systems and Controls Group
BACnet Network Security Working Group
Network Security Working Group NS WG of the ASHRAE SSPC 135 (BACnet) committee The Network Security Working Group was formed in January, 2001 in response to public review comments about managing the primary workstation in life safety emergencies. The primary goal is to develop a general, network visible mechanism for authorizing and transferring control authority and also to develop auditing mechanisms. That goal has lead to work in many areas. Initial work focused on assessing the various threats to building automation and control systems (BACS) and determining the appropriate countermeasures. A two-pronged approach was taken to defending the BACS—first to address secure network configurations that can be implemented now, and second changes to the BACnet standard that will allow for secure message exchange.
Work on identifying BACS threats led to the publishing of a NIST Internal Report (Holmberg, D.G., 2003, “BACnet Wide Area Network Security Threat Assessment,” NIST Internal Report 7009) that identifies threats to a building’s control network, both in network architecture and in communication protocol security, and then discusses countermeasures that can increase security. A following “Secure BAS Implementation Guide” is now under development and should be available in early 2006.
Work on secure messaging for the BACnet protocol continues with a draft proposal to add secure messaging. This proposal will likely be out for public review in early 2006. This proposal adds a level of BACnet specific security to existing IT security, extending the BACnet standard to offer basic security using signatures for integrity protection, and higher security with encryption for confidentiality. The issues of key distribution and user authorization will be addressed concurrent with public release.
In addition to these areas, various other work is being done to address network security needs. A BACnet Firewall Router (BFR) software has been developed and is now on Sourceforge for community use and improvement. Committee members are working to address such things as BBMD security, and use of BBMD messaging in a NAT environment. A protection profile for BBMD devices has been developed, and research is underway in the area of wireless building sensor network security.
|
Privacy Policy / Security Notice / Accessibility | Disclaimer | FOIA NIST is an agency of the U.S. Department of Commerce |
|
Last updated: 11/3/2005