Skip to content

How to Secure Building Management Systems

As infrastructure modernizes, building management systems (BMS) are becoming increasingly sophisticated. They provide automation, control and management of the physical environment of buildings, and to operate reliably, you need to ensure their security. This can be crucial in some buildings, such as hospitals. What can you do to make buildings safer?

An Introduction to BMS

BMS stands for Building Management System. It is a computer-based system that controls and monitors a building’s mechanical and electrical equipment, such as heating, ventilation, and air conditioning (HVAC), lighting, and other building systems. There are several common BMSs used in buildings today, each with their own specific features and capabilities, these include:
  • Siemens Desigo
  • Johnson Controls Metasys
  • Honeywell WEBs
  • Schneider Electric Andover Continuum
  • Trane Tracer
  • Delta Controls
There are many more systems and the choice of BMS depends on the specific requirements of the building and the needs of the building owner or operator. However, they have one thing in common – the BACnet protocol is frequently used between these systems and HVAC-endpoints.

BACnet Protocol: Essential for Building Management Systems Security

The Building Automation and Control Network (BACnet) protocol is a communication protocol that is widely used in building automation and control systems for HVAC, lighting, and other building systems. BACnet was designed to provide a standard way for different building systems to communicate and share data, and is now used in thousands of buildings worldwide. One of the key features of BACnet is its support for security. BACnet includes several security features to protect against unauthorized access, tampering, and other types of attacks. These features include:
  • Authentication: BACnet supports the use of passwords and other forms of authentication to ensure that only authorized users can access the building automation and control systems.
  • Encryption: BACnet supports the use of encryption to protect the confidentiality and integrity of data as it is transmitted between different devices and systems.
  • Access control: BACnet includes features to restrict access to specific objects and properties within the building automation and control systems. This allows building operators to control who can access and control different systems within the building.
  • Auditing: BACnet includes the capability to record and log all access to the building automation and control systems. This allows building operators to detect and investigate any unauthorized access or tampering.
Despite these security features, the BACnet protocol has some security weaknesses. For example, some security experts have raised concerns about the use of static passwords for authentication, which can be easily guessed or cracked by attackers. Additionally, BACnet does not include support for security certificates or other forms of digital authentication, which can make it more difficult to ensure that devices are communicating with the correct systems. Another concern with BACnet security is that its security feature is not widely implemented. Many building automation and control systems using BACnet do not have security features enabled or are configured in an insecure way. This leaves them vulnerable to attacks and can make it easy for unauthorized users to gain access to sensitive systems and data.
BACnet is a communication protocol that is widely used in building automation and control systems, and provides several security features to protect against unauthorized access and tampering. However, there are some concerns about the security of the protocol, particularly regarding the use of static passwords and the lack of wide implementation of security features. It is important for building operators to be aware of these security risks and to take steps to secure their building automation and control systems, such as regularly changing passwords, enabling encryption, and monitoring for suspicious activities.

Risk Mitigation in BMS Security

One of the most important aspects of risk mitigation is the visualization of the flows from and to a BMS, whether it is executed via BACnet or a different OT-protocol. This allows a user to optimize their network configuration, mitigating the risks of:
  • Static passwords
  • Lack of certificates
  • Disabled security features on various BACnet-enabled assets
One tool you can use for the flow visualization is GREYCORTEX Mendel, which has protocol parsers and BMS-asset identification built into its core.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

GREYCORTEX Mendel 4.0 Now Available

December 15, 2022 – We have released a new version of GREYCORTEX Mendel. Version brings a new view of security and risks that individual subnets and hosts bring, advanced NetFlow processing and integration with other tools and security platforms.

The new version is already available for new installations and will also be gradually released on December 19 for an online upgrade.

More about GREYCORTEX Mendel 4.0

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

GREYCORTEX Mendel 3.9.1. Now Available

September 20, 2022 – We have released GREYCORTEX Mendel 3.9.1 which brings minor improvements and bug fixes.

Enhancements

Event visibility level store its configuration on the user level (keep the last state before logout)

Improved performance and reliability for Failsafe mode

Improved subnet filtering by substring search in filter

Fixed issues with

  • Performance in the network capture module
  • Invalid license during Sensor&Collector upgrade
  • Default firewall configuration for an asset discovery tool
  • Checkpoint firewall rule policies
  • Detecting TOR traffic by IDS signatures
  • Resizing LVM storage on AWS
  • Two or more DNS servers on the management interface
  • Empty subnet graph for subnets filtered by tag(s)
  • User permissions
  • SSL configuration for Fortigate firewall plugin
  • Invalid CSV header in subnet import
  • Malformed input for network parsers
     

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

GREYCORTEX Mendel 3.9

We have released a new version of GREYCORTEX Mendel

GREYCORTEX Mendel 3.9 is more interactive, safer and allows even deeper data analysis than ever before. We have increased the interoperability of Mendel with other tools and extended the hardware support.

GREYCORTEX Mendel 3.9 Features List

Interactive Visualization of Detected Threats

Detect an attack on your infrastructure easily and in time

You’ll see the detected events even clearer thanks to the new interactive dashboard, based on GREYCORTEX’s and MITRE ATT&CK®’s knowledge. You’ll easily see if someone is attacking your infrastructure according to known tactics and techniques, no matter whether Mendel is helping secure your IT or OT environment.

New API features

Connect Mendel to other systems via APIs

New two-way connectivity with other security tools (SIEM, BI and others) enables external visualization or deeper data analysis. Mendel’s API currently covers:

  • direct database access to stored network data
  • capturing traffic and downloading data in pcap data format
  • management of false positives
  • third-party security information sources (blacklists based on IP addresses and malicious files)
  • integration with the MISP security platform

User Activity Log

Control who is looking into your Mendel

Mendel is even more secure. It records user activity in the system itself, helping to meet even the strictest of security policies and corporate standards.

Extended Support of Hardware Devices

No more surprises from unavailable devices

We optimized Mendel to run on up-to-date hardware devices with new generations of CPUs, such as DELL and HP servers, and have wide support for new network card models from Napatech, Intel and Broadcom.

Improved Visibility and Data Analysis

Understand completely what happened in your network

You can now view the data for all the use cases you have defined and get broader insights than the system views already set up by the standard user interface. In combination with the new attributes and metrics, you can stipulate your database queries over stored network data even more precisely. You can also export or import saved views between machines and for further investigation, use Mendel’s ability to bring the parameters of the displayed data into the main filter.

Working on: Microsensors for IT and OT Networks

Find out basic information about the devices in your network

A microsensor, either as a small device or in a virtualized form, scans your network and in a follow-up report you can see: what devices are in the network; what vulnerabilities they have; which manufacturers they are from; or what protocols they use.

The tool is already ready to use in an alpha version. If you are interested in the solution, please contact us for more information.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

GREYCORTEX Mendel 3.9 Now Available

June 20, 2022 – We have released a new version of GREYCORTEX Mendel. Version 3.9 is more interactive, safer and allows even deeper data analysis than ever before. We have increased the interoperability of Mendel with other tools and extended the hardware support.

More about GREYCORTEX Mendel 3.9

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×