Dalibor Celar, product management, Metz Connect looks at the BACnet/SC router for secure and encrypted data communication in critical building automation infrastructures.
A BACnet router enables interoperable and interdisciplinary communication at fieldbus and IP level between devices from different manufacturers. Security plays a crucial role in this networking. Mechanisms are needed to defend against hacker attacks, especially on critical buildings such as hospitals. With BACnet/SC (Secure Connect) routers, BACnet MS/TP and BACnet/IP networks can be integrated into the secure BACnet/SC communication level.
BACnet networking takes place via a network based on an Ethernet or RS-485 infrastructure (BACnet/IP or BACnet MS/TP). There are several types of BACnet-enabled devices, including sensors and actuators that collect data such as temperature, humidity or CO2 levels, as well as devices that control valves, dampers and pumps.
BACnet-capable control systems act as central control units for specific areas or functions within a building. There are also routers and gateways that enable the integration of non-BACnet-capable devices and systems into a BACnet network. However, BACnet is not a security protocol; it is solely a communication protocol for building automation. This can lead to security gaps - which is unacceptable or only partially acceptable in critical buildings (airports, hospitals, etc.).
Metz Connect offers BACnet routers that support the connection of 32 BACnet MS/TP devices per line with no wire length restrictions. This makes reliable and fast communication between the devices possible. The new BMT-RTR/SC with screw type terminal blocks and the BMT-F-RTR/SC variant with spring terminal blocks are BACnet/SC routers that provide secure, encrypted communication in BACnet networks.
Improved security against cyber attacks
Due to the increase in IT networking in buildings and the connection of building management systems to the cloud, there is a growing risk of hacker attacks on building installations. Access to sensitive data can cause major damage to the building or facilities. Systemically important and critical infrastructure, such as railway stations or hospitals, can come to a standstill and companies often suffer significant economic damage. This makes it all the more important to protect networked buildings and building automation systems against attacks.
And this is where BACnet generally offers several security mechanisms. BACnet/SC (Secure Connect) is an extension of the BACnet protocol specifically designed to improve the security of building automation networks. BACnet/SC defines a new standard for secure data transmission using the BACnet protocol and enables the secure utilization of existing IT infrastructures.
BACnet/SC devices for encrypted data transmission
The BACnet/SC protocol was developed to increase protection against cyber threats and unauthorized access to networked building automation systems. It offers security features (TLS 1.3 encryption method) that go beyond the standard BACnet protocol. For example, advanced authentication methods can ensure that only authorized devices and users can access the network. This can include the use of digital certificates or other cryptographic mechanisms.
BACnet/SC encrypts all traffic sent over the BACnet/SC network to ensure the confidentiality of information. This protects against the interception and manipulation of data by potential attackers. The protocol also checks the integrity of the transmitted data to ensure that it has not been tampered with during transmission. This ensures that the data received is correct and unchanged.
BACnet/SC also implements mechanisms to prevent repeat attacks, where an attacker attempts to reuse previously sent messages to manipulate the network. These additional security features make BACnet/SC a suitable choice for applications where increased protection against cyber threats is required, such as critical infrastructure or highly sensitive environments.
Metz Connect offers a hardware-based security solution for building automation, heating/ventilation/air conditioning (HVAC), lighting control, access control and shading in BACnet networks. For secure, encrypted data transmission in critical infrastructures, the BMT-(F)-RTR/SC BACnet/SC Router is a suitable, cost-effective solution. It communicates with a primary hub as a node in BACnet/SC, BACnet/IP and BACnet-MS/TP networks. Its compact design, with a width of only 35 mm, is designed to allow easy baying of additional BACnet MS/TP-IO modules using jumper plugs or device connection terminal blocks.
BACnet/IP and BACnet MS/TP routing to BACnet/SC
The router's flexibility is particularly noteworthy: it seamlessly connects both BACnet-MS/TP and BACnet/IP devices in secure, encrypted BACnet/SC networks. This simplifies and secures communications over long distances, including connections to cloud applications. A secure remote access and therefore the remote maintenance of systems is possible.
The BACnet router provides an integrated web server with intuitive menu navigation for configuring and parameterizing device-specific functions. Responsive design makes it easy to use from a smartphone, tablet or notebook. BACnet-MS/TP devices connected to the router are displayed in the web server with the set device address. Communication between devices via the RS485 bus can be recorded and analyzed.
BACnet/IP and BACnet MS/TP systems can be converted to BACnet/SC at any time without replacing the cabling. This enables the step-by-step integration of the latest security and communication standards into building automation. This adaptability offers significant planning and investment security for system operators who are considering switching to BACnet/SC in the future.
Summary
BACnet/SC defines the standard for secure data transmission using the BACnet protocol, enabling the use of existing IT infrastructures and the Internet. The new BACnet/SC router BMT-(F)-RTR/SC is an ideal solution for secure and encrypted data transmission in building automation, especially in critical infrastructures. The router's ability to seamlessly extend the routing from MS/TP to BACnet/IP to BACnet/SC is particularly advantageous.