3. Why do we need to protect BAS systems?
● They are mission-critical systems in many buildings.
Therefore they are potential targets of cyber criminals.
● A compromised BAS can also be used to attack interconnected systems.
4. What should we protect?
● From the Identify function activities the building owner should determine:
○ What are the assets that make up the BAS?
○ Physically where are those assets?
○ How are the assets connected to networks?
● Use a risk assessment to prioritize protection activities.
5. Protect - from the NIST Cybersecurity Framework
● Identity Management and Access Control
● Awareness and Training
● Data Security
● Information Protection Processes and Procedures
● Maintenance
● Protective Technology
6. Protect - from the NIST Cybersecurity Framework
● Identity Management and Access Control
● Awareness and Training
● Data Security
● Information Protection Processes and Procedures
● Maintenance
● Protective Technology
7. Protect - from the NIST Cybersecurity Framework
● Identity Management and Access Control
● Awareness and Training
● Data Security
● Information Protection Processes and Procedures
● Maintenance
● Protective Technology
8. Protect - from the NIST Cybersecurity Framework
● Identity Management and Access Control
● Awareness and Training
● Data Security
● Information Protection Processes and Procedures
● Maintenance
● Protective Technology
9. Protect - from the NIST Cybersecurity Framework
● Identity Management and Access Control
● Awareness and Training
● Data Security
● Information Protection Processes and Procedures
● Maintenance
● Protective Technology
10. Protect - from the NIST Cybersecurity Framework
● Identity Management and Access Control
● Awareness and Training
● Data Security
● Information Protection Processes and Procedures
● Maintenance
● Protective Technology
11. Protect - from the NIST Cybersecurity Framework
● Identity Management and Access Control
● Awareness and Training
● Data Security
● Information Protection Processes and Procedures
● Maintenance
● Protective Technology
12. How does BACnet/SC help protect BAS systems?
● A device must have a properly signed digital certificate to join a
BACnet/SC network.
● All BACnet/SC network traffic is encrypted.
13. Discussion
● Identity Management and Access Control
● Awareness and Training
● Data Security
● Information Protection Processes and Procedures
● Maintenance
● Protective Technology