BACnet/SC (Addendum bj to ASHRAE Standard 135-2016) is an important addition to the BACnet standard that will improve BACnet network security on TCP/IP networks. However, BACnet/SC is missing numerous elements that are needed to fully secure customers’ building automation systems against increasing cybersecurity threats.
It took the BACnet committee 10 years from the formation of the IT-WG to the approval of BACnet/SC. The BAS industry can not afford to wait several more years to address the remaining known cybersecurity gaps using the same process. We need an approach that will get secure, interoperable products to market more quickly.
As the leading provider of BAS networking technology, Cimetrics is committed to working with its customers and the BAS industry to transform BAS to become a fully secured citizen of the interconnected cyber world we live in today. Secured by Cimetrics™ (SbC) is a commercial solution that will achieve this, building upon BACnet/SC.
Secured by Cimetrics is designed as a full-stack solution to secure BAS systems, from terminal devices to zone- and building-controllers, all the way to a multi-building cloud management layer. Built on BACnet/SC, SbC creates a management framework of BACnet devices so they can be secure, managed by interoperable tools, and integrate with tools and platforms commonly used by IT and cybersecurity organizations.
In order to rapidly bring SbC to the market, facilitate consensus, and educate the industry to deliver the level of security demanded by IT and today’s enterprises, Cimetrics is launching an invitation-only SbC Early Access program (SbC-EA).
SbC-EA is a deliberative and collaborative process for participating member companies to quickly deliver the benefits of SbC as well as to arrive at de facto standards that will benefit the BAS industry at large. It is Cimetrics’ expectation that, as these de facto standards achieve commercial acceptance, some will be contributed to de jure standards organizations for formal adoption.
SbC-EA Members can choose to participate in any combination of the following:
Cimetrics is driving these objectives by inviting key BAS players to be part of SbC-EA.
Cimetrics intends to use the agile “working code, rough consensus, then standardize” approach to push the BAS industry on this important and yet challenging journey, critically necessary to the future of BAS.
For those planning to implement portions of the SbC stack from Cimetrics, the SbC-EA is the main method to get early access to plans, roadmaps, insights, deployment strategies to minimize the effort and maximize the benefits from adopting the Secured by Cimetrics platform into their product lines.
This is also the mechanism for those OEMs who are committed to using SbC to receive early Beta code for testing as well as to provide feedback, feature requests and otherwise liaise with Cimetrics to assist with integrating SbC into their products.
Several essential interoperable standards are required to create holistic cybersecurity technology such as SbC. These standards are necessary for the industry to create tools, products, and services that can securely work together in a secure building.
SbC-EA provides an ideal mechanism for Cimetrics to lead like-minded BAS organizations to collaborate to define these standards.
Cimetrics intends to use SbC-EA to collaborate with Members in creating and distributing the material to support the goal of advancing the BAS cybersecurity subject in both the BAS and IT industries.
Cimetrics intends to use SbC-EA to collaborate with Members in positioning the BAS industry into the IT and cybersecurity industries. In this regard, SbC-EA will focus on the following:
SbC-EA launches at AHR Expo on Feb. 3, 2020.
In order to achieve the aspiration of urgency, the participation of SbC-EA is limited and is by invitation only. If you feel that your company should be part of this important initiative, reach out to sbc@cimetrics.com.
It is anticipated that SbC-EA will be a one-year-long program, concluding in the release of SbC and publication of interoperability specifications into the public domain and/or a standards development organization.