Early Access

Secured by Cimetrics™ Early Access Program

Industry Dynamics

BACnet/SC (Addendum bj to ASHRAE Standard 135-2016) is an important addition to the BACnet standard that will improve BACnet network security on TCP/IP networks.  However, BACnet/SC is missing numerous elements that are needed to fully secure customers’ building automation systems against increasing cybersecurity threats.  

It took the BACnet committee 10 years from the formation of the IT-WG to the approval of BACnet/SC. The BAS industry can not afford to wait several more years to address the remaining known cybersecurity gaps using the same process. We need an approach that will get secure, interoperable products to market more quickly.

About Secured by Cimetrics™

As the leading provider of BAS networking technology, Cimetrics is committed to working with its customers and the BAS industry to transform BAS to become a fully secured citizen of the interconnected cyber world we live in today.  Secured by Cimetrics™ (SbC) is a commercial solution that will achieve this, building upon BACnet/SC.

Secured by Cimetrics is designed as a full-stack solution to secure BAS systems, from terminal devices to zone- and building-controllers, all the way to a multi-building cloud management layer. Built on BACnet/SC, SbC creates a management framework of BACnet devices so they can be secure, managed by interoperable tools, and integrate with tools and platforms commonly used by IT and cybersecurity organizations.

Introducing SbC Early Access (SbC-EA)

In order to rapidly bring SbC to the market, facilitate consensus, and educate the industry to deliver the level of security demanded by IT and today’s enterprises, Cimetrics is launching an invitation-only SbC Early Access program (SbC-EA).

SbC-EA is a deliberative and collaborative process for participating member companies to quickly deliver the benefits of SbC as well as to arrive at de facto standards that will benefit the BAS industry at large.  It is Cimetrics’ expectation that, as these de facto standards achieve commercial acceptance, some will be contributed to de jure standards organizations for formal adoption.

SbC-EA Program Components

SbC-EA Members can choose to participate in any combination of the following:

  1. Evaluating SbC: Facilitate the rapid delivery of SbC technology to BAS OEMs dedicated to fully securing their BAS software stack.
  2. Consensus Building: Achieve rapid consensus on specifications necessary for the broad adoption of secure and interoperable tools across systems regardless if they use SbC or not.
  3. Marketing: Produce and distribute materials to bolster the preparedness of BAS cybersecurity to both the BAS and IT professionals and industries at large.

Ready - fire - aim!

Cimetrics is driving these objectives by inviting key BAS players to be part of SbC-EA.

Cimetrics intends to use the agile “working code, rough consensus, then standardize” approach to push the BAS industry on this important and yet challenging journey, critically necessary to the future of BAS.

For those planning to implement portions of the SbC stack from Cimetrics, the SbC-EA is the main method to get early access to plans, roadmaps, insights, deployment strategies to minimize the effort and maximize the benefits from adopting the Secured by Cimetrics platform into their product lines.

This is also the mechanism for those OEMs who are committed to using SbC to receive early Beta code for testing as well as to provide feedback, feature requests and otherwise liaise with Cimetrics to assist with integrating SbC into their products.

Participating and process

  • All SbC material will be provided by Cimetrics to Members under an NDA
  • Information provided by Members to Cimetrics will not be attached to any constraints
  • Product development processes will adhere to IEC 62443 / ISA Secure
  • This component of the SbC-EA will coordinate with the Consensus Building as needed
  • A formal SbC Partnership Agreement will be required to license the production versions of SbC software

Several essential interoperable standards are required to create holistic cybersecurity technology such as SbC. These standards are necessary for the industry to create tools, products, and services that can securely work together in a secure building.

SbC-EA provides an ideal mechanism for Cimetrics to lead like-minded BAS organizations to collaborate to define these standards.

Focus standardization areas:

  • Device/user authentication 
  • Request authorization
  • Certificate management
  • BACnet/SC communication configuration
  • Firmware updates
  • Backup/restore
  • Network event logging/management
  • Device installation / onboarding

Participation, IP and process

  • Cimetrics will manage, provide strawman, identify editors, and finalize content and format of work products in this consensus process.
  • Members will provide IP into the SbC-EA consensus-building activity without limitation or constraints
  • Cimetrics retains the right to include any IP provided by Members into SbC
  • Once finalized, interoperability specifications will be placed into the public domain
  • Where relevant, the specification will be handed over to a standards organization for formal adoption

Cimetrics intends to use SbC-EA to collaborate with Members in creating and distributing the material to support the goal of advancing the BAS cybersecurity subject in both the BAS and IT industries.

Scope of activities

  • Messaging and thought leadership
  • White papers
  • Public webinars

Key initial BAS topics

  • Holistic cybersecurity
  • BAS industry preparedness for cybersecurity
  • Secure & standardize tools

IT Positioning

Cimetrics intends to use SbC-EA to collaborate with Members in positioning the BAS industry into the IT and cybersecurity industries. In this regard, SbC-EA will focus on the following:

  • Messaging and thought leadership
  • Integrating with IT tools
  • Providing IT-friendly products, tools, and services

Participation and process

  • Cimetrics will propose and manage projects to completion
  • For activities that require funding, the cost will be spread between those participating in such activity
  • Members will have an opportunity to contribute, comment and participate as they desire

SbC-EA launches at AHR Expo on Feb. 3, 2020.

In order to achieve the aspiration of urgency, the participation of SbC-EA is limited and is by invitation only. If you feel that your company should be part of this important initiative, reach out to sbc@cimetrics.com.

It is anticipated that SbC-EA will be a one-year-long program, concluding in the release of SbC and publication of interoperability specifications into the public domain and/or a standards development organization.