Cybersecurity for Buildings

As building control and automation systems rapidly adopt IP (Internet Protocol) as the defacto networking technology for devices and systems, they are increasingly being scrutinized by IT and cybersecurity departments as a potential attack vector for cyber breaches. Building control and automation systems are made up of complex networks of interconnected devices that manage a variety of electro-mechanical building services including the indoor environment, physical security, and people movers to name a few. These systems and services, in addition to a growing number of Internet of Things (IoT) devices that monitor, analyze, and optimize peripheral systems, are designed to work in tandem to improve comfort, general safety, and productivity.

Read SbC Primer

Secured by Cimetrics™

With the creation of the growing adoption of BACnet/SC (Secure Connect), the building automation systems industry is now promoting the adoption of IT-centric security standards to complement BACnet as a foundation to make securing the whole building a reality. Secured by Cimetrics is the manifestation of this mission, created by Cimetrics, the leading provider of BACnet stacks to more than 60% of automation vendors, and instigator of the broad collaboration to further the industry’s adoption of IT technologies and best practice. SBC takes a holistic view of security, providing a secure and interoperable management layer on top of BACnet/SC. Devices that are SbC-managed enable them to be securely installed, authenticated, and authorized to be part of the network. Managed devices can also be securely configured using interoperable tools from the appropriate tool and application vendors. Ongoing device and system management are also enabled by the Secured by Cimetrics framework, including communication configuration; backup/restore; software updates; network/device event logging; and integration with IT and enterprise tools, services and applications. Secured by Cimetrics provides tools for building systems engineers as well as IT and security organizations to engineer, manage, and operate their automation systems’ cybersecurity defenses.

The NIST Framework

Nowhere is it more important than buildings to have a holistic view when it comes to cybersecurity. Since buildings typically last for decades, any system installed in them will need to consider cybersecurity through the full lifecycle of construction, commissioning, operation, and repeated refurbishment.

Secured by Cimetrics was created with reference to the NIST Framework 1.1, a framework designed to provide private-sector owners and operators of critical infrastructure with the standards and best practices to help manage cybersecurity risks. Secured by Cimetrics does not just secure the automation network; it facilitates the integration of the IT tools and processes used during incident response and recovery following a breach.

Overview

Secured by Cimetrics allows building control and automation networks to be fully integrated into the IT infrastructure. Unlike past automation systems, all components of a Secured by Cimetrics network conform to IT norms expected by IT organizations. Any unsecured, legacy devices that may exist in the building are placed behind Secured by Cimetrics Firewall Routers which intelligently monitor network traffic for nefarious activity. The SbC Appliance and Failover nodes—either as discrete hardware or installed in the building’s data center—provide a key security management function within the building by orchestrating monitoring functions and acting as an aggregator of network packets, configuration data for backup/restore, and event logging streams which can be forwarded to the IT organization’s favored SIEM tools. The SbC Cloud provides an off-premise management portal for users working within the building or remotely in addition to a tool for incident response and recovery. Secured by Cimetrics takes a holistic view of security, starting by providing a secure and interoperable management layer on top of BACnet/SC. Devices that are SbC-managed enable them to be securely installed, authenticated, and authorized to be part of the network. Managed devices can also be securely configured using interoperable tools from the most appropriate tool and application vendor. Ongoing device and system management are also enabled by the Secured by Cimetrics framework, including communication configuration; backup/restore; software updates; network/device event logging; and integration with IT and enterprise tools, services and applications. Secured by Cimetrics provides tools for building systems engineers as well as IT and security organizations to engineer, manage, and operate their automation systems’ cybersecurity defenses.

The SbC Management Stack

The SbC Management stack is a holistic security system made up of three discrete components that work in unison to provide the desired results. As a provider to OEM manufacturers, these components provide a pick-and-choose model allowing our customers to integrate appropriate parts of Secured by Cimetrics into complex product lines.

- - SbC Management Cloud

The SbC Management Cloud brings the management of multi-building automation systems into a single, cloud-based platform. Securely connecting to SbC Appliances, the SbC Cloud enables the administration of SbC Managed Devices, secure BACnet Firewalls, and BACnet Routers. SbC Cloud provides a single point of management for incident response, and it integrates with the IT and cybersecurity organizations’ view of building automation systems.

- - SbC Orchestrator Appliance

The SbC Appliance is a security appliance installed on-premise that orchestrates the management of automation and control devices from installation through operation, maintenance, and incident response. SbC Appliances can also provide a local user interface in cases where no connection to the cloud is possible or desired.

- - SbC Managed Device

An SbC Managed Device is a BACnet/SC device that can be managed by the Secured by Cimetrics management platform, including being locally managed by the SbC Orchestrator Appliance and remotely managed by SbC Management Cloud.