Jim Butler, covener of BACnet IT Working group, CTO of Cimetrics presents:
BACnet/SC Overview:
- A secure BACnet option for TCP/IP networks
- Will improve network security in any deployment scenario
- Not yet finalized!!
- Backward-compatible with existing BACnet deployments and devices
- Built on standard IT network protocols: WebSockets and TLS 1.2+
- NAT and firewall friendly
- Static IP addresses are not required
- No more UDP broadcasts and BBMDs
What is secure about BACnet/SC?
- Encrypted communication (TLS)
- Site-based authentication of devices (TLS)
- New: Carrier for user authorization data (OAuth 2)
The Next Generation Mobile Networks Alliance feels that 5G should be rolled out by 2020 to meet business and consumer demands. In addition to providing simply faster speeds, they predict that 5G networks also will need to meet new use cases such as the Internet of Things (internet connected devices) as well as broadcast-like services and lifeline communication in times of natural disaster. Although updated standards that define capabilities beyond those defined in the current 4G standards are under consideration, those new capabilities have been grouped under the current ITU-T 4G standards. The U.S. Federal Communications Commission (FCC) approved the spectrum for 5G, including the 28 Gigahertz, 37 GHz and 39 GHz bands, on July 14, 2016. 5G research and development also aims at improved support of machine to machine communication, also known as the Internet of things, aiming at lower cost, lower battery consumption and lower latency than 4G equipment. To put it simply, the use cases for 4G networks has expanded well beyond the initial scope of the standard. 5G is what you get when you reset the standard/design to cope with the increase in scope.4G networks don’t just support mobile devices anymore. IOT (Internet of Things) devices are everywhere and the number of them is only going to increase. We’re seeing 4G modems in smart watches, in CCTVs and even in doorbells.
CCNA is associate level career certification. It is an International certification course. Which is helpful to improve your career path in networking field. It gives lot of opportunity for Engineers and lots of opportunity having lots of job.
But now in these days,
This International course is offered by SMS Institute of Technology, Lucknow
So ,
There is no need to go anywhere for the training on CCNA Course Certification during summer Training.
I want to give this information because lots of people think about this course. But they have no any other way like - going to the training institute that offers CCNA Training But they give the certification on Own training Institute That is invalid Because CCNA is a International course Certification and these certificate are come on the email Id.
But Now this course Certification offers by SMS Institute of Technology But the certificate are valid through out the world.
Learn more at blog : --
https://solutionbyexpert.blogspot.com/2020/08/become-expert-secret-of-success-ii.html
#coding
#coding development skill program
#java
The Next Generation Mobile Networks Alliance feels that 5G should be rolled out by 2020 to meet business and consumer demands. In addition to providing simply faster speeds, they predict that 5G networks also will need to meet new use cases such as the Internet of Things (internet connected devices) as well as broadcast-like services and lifeline communication in times of natural disaster. Although updated standards that define capabilities beyond those defined in the current 4G standards are under consideration, those new capabilities have been grouped under the current ITU-T 4G standards. The U.S. Federal Communications Commission (FCC) approved the spectrum for 5G, including the 28 Gigahertz, 37 GHz and 39 GHz bands, on July 14, 2016. 5G research and development also aims at improved support of machine to machine communication, also known as the Internet of things, aiming at lower cost, lower battery consumption and lower latency than 4G equipment. To put it simply, the use cases for 4G networks has expanded well beyond the initial scope of the standard. 5G is what you get when you reset the standard/design to cope with the increase in scope.4G networks don’t just support mobile devices anymore. IOT (Internet of Things) devices are everywhere and the number of them is only going to increase. We’re seeing 4G modems in smart watches, in CCTVs and even in doorbells.
CCNA is associate level career certification. It is an International certification course. Which is helpful to improve your career path in networking field. It gives lot of opportunity for Engineers and lots of opportunity having lots of job.
But now in these days,
This International course is offered by SMS Institute of Technology, Lucknow
So ,
There is no need to go anywhere for the training on CCNA Course Certification during summer Training.
I want to give this information because lots of people think about this course. But they have no any other way like - going to the training institute that offers CCNA Training But they give the certification on Own training Institute That is invalid Because CCNA is a International course Certification and these certificate are come on the email Id.
But Now this course Certification offers by SMS Institute of Technology But the certificate are valid through out the world.
Learn more at blog : --
https://solutionbyexpert.blogspot.com/2020/08/become-expert-secret-of-success-ii.html
#coding
#coding development skill program
#java
in the slide we discuss - VLAN overview, effectiveness, benefits, how VLAN work, memberships mode, operations, creation Guidelines, add VLAN, accessing,managing and verifying .
Ethernet is a family of computer networking technologies for local area networks (LANs) and metropolitan area networks (MANs). It was commercially introduced in 1980 and first standardized in 1983 as IEEE 802.3, and has since been refined to support higher bit rates and longer link distances.
Redistribution is necessary when routing protocols connect and must pass routes between the two.
Route Redistribution involves placing the routes learned from one routing domain, such as RIP, into
another routing domain, such as EIGRP.
While running a single routing protocol throughout your entire IP internetwork is desirable, multiprotocol routing is common for a number of reasons, such as company mergers, multiple departments
managed by multiple network administrators, and multi-vendor environments. Running different
routing protocols is often part of a network design.
A PROJECT REPORT
On
CISCO CERTIFIED NETWORK ASSOCIATE
A computer network, or simply a network, is a collection of computer and other hardware components interconnected by communication channels that allow sharing of resources and information. Where at least one process in one device is able to send/receive data to/from at least one process residing in a remote device, then the two devices are said to be in a network. Simply, more than one computer interconnected through a communication medium for information interchange is called a computer network.
Is 2020 The Year Of Building Automation Cybersecurity?Memoori
A Q&A Webinar with Anto Budiardjo, Jim Lee from Cimetrics & Steve Fey from Totem Building Cybersecurity discussing BACnet Secure Connect (BACnet/SC) and what lies ahead in 2020 for Building Automation Cybersecurity.
NAB2022: Essentials for Media over IP Network DesignKoji Oyama
When you try to build an ST-2110 based network, your first question may be "how should I design a specific Media-over-IP (MoIP) network?". Even if you design according to JT-NM TR-1001-1 guideline, you may still face on a lot of abbreviations about network technology during your detailed design phase, because most of which are what you, a broadcasting engineer, seldom hear so far. Especially it would be a big difference from SDI network design that we have to consider not only structural design for physical cable connections, but also logical and functional connections which are multiplexed bidirectionally in fiber cables.
This presentation provides you a basic design flow and elemental technologies that network engineers should know when they configure network switches on their MoIP networks. The technologies include VLAN, VRF, Multicast routing, IGMP, PIM, OSPF, LAG, and LACP, which are essentials for ST-2110 network but rarely heard in home network design.
I have been designing several MoIP networks by combining these elemental technologies. I also have been proving some trainings on the basics of IP network design for broadcast engineers. So, I would like to introduce realistic design process based on my experience. In addition, I am going to explain some design tips from a lot of my try-and-errors and my failures. The targeted audience is broadcasting engineers who are about to study how to build a MoIP network. I hope this presentation will guide them on what they need to learn to design network design techniques at the beginning.
in the slide we discuss - VLAN overview, effectiveness, benefits, how VLAN work, memberships mode, operations, creation Guidelines, add VLAN, accessing,managing and verifying .
Ethernet is a family of computer networking technologies for local area networks (LANs) and metropolitan area networks (MANs). It was commercially introduced in 1980 and first standardized in 1983 as IEEE 802.3, and has since been refined to support higher bit rates and longer link distances.
Redistribution is necessary when routing protocols connect and must pass routes between the two.
Route Redistribution involves placing the routes learned from one routing domain, such as RIP, into
another routing domain, such as EIGRP.
While running a single routing protocol throughout your entire IP internetwork is desirable, multiprotocol routing is common for a number of reasons, such as company mergers, multiple departments
managed by multiple network administrators, and multi-vendor environments. Running different
routing protocols is often part of a network design.
A PROJECT REPORT
On
CISCO CERTIFIED NETWORK ASSOCIATE
A computer network, or simply a network, is a collection of computer and other hardware components interconnected by communication channels that allow sharing of resources and information. Where at least one process in one device is able to send/receive data to/from at least one process residing in a remote device, then the two devices are said to be in a network. Simply, more than one computer interconnected through a communication medium for information interchange is called a computer network.
Is 2020 The Year Of Building Automation Cybersecurity?Memoori
A Q&A Webinar with Anto Budiardjo, Jim Lee from Cimetrics & Steve Fey from Totem Building Cybersecurity discussing BACnet Secure Connect (BACnet/SC) and what lies ahead in 2020 for Building Automation Cybersecurity.
NAB2022: Essentials for Media over IP Network DesignKoji Oyama
When you try to build an ST-2110 based network, your first question may be "how should I design a specific Media-over-IP (MoIP) network?". Even if you design according to JT-NM TR-1001-1 guideline, you may still face on a lot of abbreviations about network technology during your detailed design phase, because most of which are what you, a broadcasting engineer, seldom hear so far. Especially it would be a big difference from SDI network design that we have to consider not only structural design for physical cable connections, but also logical and functional connections which are multiplexed bidirectionally in fiber cables.
This presentation provides you a basic design flow and elemental technologies that network engineers should know when they configure network switches on their MoIP networks. The technologies include VLAN, VRF, Multicast routing, IGMP, PIM, OSPF, LAG, and LACP, which are essentials for ST-2110 network but rarely heard in home network design.
I have been designing several MoIP networks by combining these elemental technologies. I also have been proving some trainings on the basics of IP network design for broadcast engineers. So, I would like to introduce realistic design process based on my experience. In addition, I am going to explain some design tips from a lot of my try-and-errors and my failures. The targeted audience is broadcasting engineers who are about to study how to build a MoIP network. I hope this presentation will guide them on what they need to learn to design network design techniques at the beginning.
Cradlepoint PS6S9000UE - USB to Ethernet Cradle (quantum-wireless.com)Ari Zoldan
Rugged, Industrial-class, Single-slot Ethernet Cradle
• Connect Symbol mobile computers into any Ethernet network
• Tailored design allows one-handed insertion and removal of the mobile computer
• Supports mobile computers deployed in harsh, dirty or extreme environments
“Wired” Ethernet Connection
• Increase efficiency and speed with 10 mbps or 10/100 mbps Ethernet connection
• Provides simple and reliable integration between Symbol mobile computers and the most widely deployed networking technology
• Performance advantage over wireless and modem
• Preferred solution for large data transfers
• Reduced security concerns as compared to wireless connectivity options
Built on Industry Standards
• Supports mobile computers operating serially, as USB “Host” or USB “Peripheral”
• Simple installation and seamless integration with existing network infrastructure
• Compatible with DHCP or Static IP Address assignment
• Minimize support, integration and hardware requirements
Improve Workflow & Productivity
• Users can access and synchronize their data while charging at the same time
• Access files, Local Area Networks (LANs) and the Internet
• Supports server synchronization software
Quantum-Wireless.com
1-877-259-4629
Many network operators still struggle with which type of data-plane encoding they should use for segment routing. The world is hyper-connected and we can’t afford to be late to deliver 5G. Using IPv6, MPLS (or even IPv4) data-plane encoding keeps us moving forward.
A detailed overview of Sierra Monitor's FieldServer protocol gateways for original equipment manufacturers (OEMs). This covers the FieldServer OEM product line, features and benefits of working with us, and use cases.
IBC2022: Tips for Media-over-IP Network DesignKoji Oyama
This presentation provides you the design flow and some common pitfalls when broadcast network engineers consider their Media-over IP (MoIP) network architecture and configure its network switches. In addition to the essential technology such as VLAN, VRF, IGMP, PIM, and OSPF I introduced at the NAB 2022 IPShowcase, you can also know how to verity the network design, some issues that have happened in the design so far, and some key points you should be careful about your logical design.
A Summit to advance BAS cybersecurity
For the second year, the New Deal for Buildings is organizing a Cybersecurity Summit at AHR Expo. The event is designed to gather BAS leaders and facility practitioners to discuss and chart the way forward for the adoption of comprehensive cybersecurity policies, practices, and technologies in the BAS industry. Sponsors of this event are made up of the leading companies and organizations advocating for better cybersecurity in building automation systems.
The Summit comes at the heels of the release of BACnet/SC, a critical component to securing BAS networks.
What BACnet/SC can do to improve BAS cybersecurity, and what it won’t doCimetrics Inc
How should we protect building automation systems from cybersecurity threats? Jim Butler is a BACnet IT Working Group convener and the first BACnet Testing Laboratories Manager, CTO of Cimetrics.
A brief history of metering and BACnet. By Christopher Searles from Eaton Corporation, Power Management Account Manager, NE Region. Christopher has been working 21 Years at Eaton.
Currents is the energy conservation newsletter for Thomas Jefferson University. This newsletter highlights energy conservation efforts throughout the enterprise. This issues presents Jefferson's Building Commissioning project with Cimetrics Analytika. Result - energy cost savings of over $1M Dollars, reduction in CO2 from reduced energy use.
BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...Cimetrics Inc
Cimetrics Senior Analysts – Lisa Zagura and Julianne Rhoads presented at the 2018 I2SL Annual Conference.
Fault detection and root cause analysis of big data provide a strategic approach to energy savings at high-performance healthcare, pharmaceutical, and university laboratory buildings. Insidious HVAC faults are often superseded by reactive maintenance. By analyzing building data, large scale operational issues can be mitigated and persistent alarms can be minimized. The economic impact associated with these issues can be used to quantify building performance improvement potential.
Physical world analytics for the Internet of Things. How can vendors work to earn a relationship with the end customer/user/owner— can existing vendors become agents of the customer? Turning data into value.
BACnet continues to evolve as the preeminent building automation and control protocol. The next step - getting BACnet data out of the building and into the cloud. In this session, Sierra Monitor Corp presents 5 benefits of having BACnet data in the cloud and discuss how this has impacted their customers.
New to BACnet? How would you make your product BACnet compatible? You can try a traditional way or a fastest route - to go with Cimetrics OEM solutions.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
2. About Cimetrics
• BACnet communication products (since 1995)
• BACnet protocol stacks
• Routers, gateways, meter interfaces, …
• Building system analytics (since 2000)
• FDD software (SaaS)
• Professional services
2
3. BACnet/IP Overview
• Widely used BAS backbone network protocol
• Published in 1999
• Employs UDP for communication on TCP/IP networks
• Static IP addresses are typically used
• DNS is not used
• Can easily span multiple IP subnets
• … but the management of broadcast messages can be tricky in practice
• Can be used in a NAT environment, but not easily
3
4. Securing BACnet/IP networks
• BACnet/IP has no native security features!
• Common ”secure” deployment options:
• Physically separate BAS network
• Dedicated VLAN(s) or VPN for BAS
4
5. IP Router
D1 D2 D3 D4
IP Subnet A IP Subnet B
BBMD A BBMD B
6
A Simple BACnet/IP Network
6. 7
IP Router
D1 D2 D3 D4
IP Subnet A IP Subnet B
BBMD A BBMD B
D5
IP Subnet C
Foreign Device
BACnet/IP Foreign Device Registration
7. 8
IP Subnet A IP Subnet B
BBMD A BBMD B
D5
IP Subnet C
Foreign Device
BACnet/IP Broadcast Message Forwarding
8. 99
IP Subnet A IP Subnet B
BBMD A BBMD B
D5
IP Subnet C
Foreign Device
BACnet/IP Broadcast Message Forwarding
IP Subnet D
BBMD D
BBMD E
IP Subnet E
BBMD F
IP Subnet F
9. 101010
IP Subnet A IP Subnet B
BBMD A BBMD B
D5
IP Subnet C
Foreign Device
BACnet/IP Broadcast Message Forwarding
IP Subnet D
BBMD D
BBMD E
IP Subnet E
BBMD F
IP Subnet F
10. 1212121212
IP Subnet A IP Subnet B
BBMD A BBMD B
D5
IP Subnet C
Foreign Device
BACnet/IP Broadcast Message Forwarding
IP Subnet D
BBMD D
BBMD E
IP Subnet E
BBMD F
IP Subnet F
11. 131313131313
BACnet/IP and Network Address
Translation (NAT)
IP Router
with NAT
BACnet
BBMD/Router IP Router
with NAT
BACnet
BBMD/Router
Private IP Network B
Private IP Network A
D1 D2
D3 D4
“Public” IP Network
12. BACnet/SC Overview
• A “secure” BACnet option for TCP/IP networks
• Will improve network security in any deployment scenario
• Not yet finalized!!!
• Backward-compatible with existing BACnet deployments and devices
• Built on standard IT network protocols: WebSockets and TLS 1.2+
• NAT and firewall friendly
• Static IP addresses are not required
• No more UDP broadcasts and BBMDs
14
13. What is “secure” about BACnet/SC?
• Encrypted communication (TLS)
• Site-based authentication of devices (TLS)
• New: Carrier for user authorization data (OAuth 2)
15
20. Learn more about BACnet/SC
http://www.bacnet.org/Bibliography/B-SC-Whitepaper-
v10_Final_20180710.pdf
2019 ASHRAE Winter Conference: “Securing BACnet Networks: Present
and Future” (Seminar 47)
22
21. Takeaways
• BACnet/SC will be a “secure” alternative to BACnet/IP.
• BACnet/SC complements VLANs and other existing security methods.
• Security comes at a cost.
23
A little about Cimetrics: we have been involved in the development of the BACnet standard since 1994. Our experience providing BACnet products to the controls industry and to their customers motivated us to develop HVAC analytics software in order to find ways to improve the performance of building systems.
I think that most of you are already generally familiar with BACnet/IP, but I would like to review its general characteristics so that we can see how BACnet/SC differs.
BACnet/IP is like other BACnet data links in that it is easy to add a device to a network. That is one consequence of the fact that BACnet/IP has no native security features, so securing a BACnet/IP network typically involves setting up one or more dedicated VLANs. This works pretty well as long as the VLANs are set up correctly.
Here is a diagram of a simple BACnet/IP network. The devices D1-D4 can directly communicate with each other through the IP routing infrastructure using unicast messages. However, BACnet/IP broadcast messages are blocked by the IP router, so we invented BBMDs in order to forward BACnet broadcasts between IP subnets.
Foreign devices typically reside on IP subnets that don't have a BBMD. They can register with a BBMD in order to fully participate in a BACnet/IP network. In this diagram, foreign device D5 has registered with BBMD "B".
When device D5 wants to send a BACnet broadcast to all of the devices in the BACnet/IP network, it sends the broadcast to BBMD "B", which locally broadcasts the message on IP subnet "B" and forwards the broadcast to BBMD "A", which in turn locally broadcasts the message on IP subnet "A".
BACnet/IP networks can become much more complicated in a big system. In this diagram, the BACnet/IP network consists of devices connected to six different IP subnets. This is an example of a "full mesh" BBMD configuration, because every BBMD is configured to forward broadcasts to every other BBMD. A full mesh configuration does not scale well.
In order to limit the propagation of broadcast traffic, BBMDs can be configured in various ways. In this diagram, BBMD "B" will see all of the broadcast messages in the BACnet/IP network, but BBMD "D" will not see broadcast messages that originate in IP subnets "A", "E", and "F".
Other BBMD configurations are possible, depending on where broadcast messages need to go. Unfortunately we have found that many controls technicians are unfamiliar with how to set up BBMDs in order to optimize the flow of broadcast traffic in a particular system.
It is also possible to use BACnet/IP in an environment in which network address translation is used. Not only does this require the proper configuration of BBMD/Routers, but the NATting IP routers also require special configuration.
Now let's talk about BACnet/SC. First I should mention that the BACnet/SC specification is still under development, but I expect that it will be approved sometime in the latter part of next year. BACnet/SC is a "secure" alternative to BACnet/IP, and it has some other benefits. For example, BBMDs are not used! But most importantly, BACnet/SC uses TLS, a secure transport protocol...
Why do we say that BACnet/SC is "secure"? It provides encrypted communication and device authentication, both of which are enabled by the TLS protocol. Only devices that have an operating certificate signed by the site's certificate authority can join that site's BACnet/SC network.
Let's look at the architecture of a BACnet/SC network. One essential device is the hub. Every other device establishes a secure connection to the hub. The hub is responsible for forwarding all broadcast messages between the other devices. As well, the hub can forward unicast messages; in this respect it differs from a BBMD. Note that the hub can be anywhere that can be reached by the other BACnet/SC devices.
Devices can optionally attempt to establish peer-to-peer connections for exchanging unicast messages. This improves the performance of the network and reduces the dependency on the hub.
Another way to reduce the dependency on the hub is to add a second hub. In the event of a failure of the primary hub, devices will establish a connection to the secondary or failover hub.
Let's look at a few possible deployment scenarios. In this first scenario, BACnet/SC is used to secure the communication between devices connected to networks that are considered to be "unsecure".
In this scenario, BACnet/SC is used to enable communication between Internet-connected devices (such as the operator workstation in this diagram) and a network of BACnet/IP devices that are behind a firewall. Note that the primary and failover hubs are in "the cloud". The OWS and the BACnet router establish a BACnet/SC connection to the primary and failover hubs.
Here is one more scenario, which shows a system containing both BACnet/SC devices and other BACnet devices. BACnet routers provide the glue that connects the different BACnet networks. Since the primary and failover hubs are behind a firewall, the Internet-connected laptop will need some means to establish a BACnet/SC connection to those hubs through the firewall.
If you are interested in learning more about BACnet/SC, there is a white paper that you can freely download from bacnet dot org. BACnet/SC will also be discussed during a seminar in the upcoming ASHRAE conference in January.
Here is what I hope that you will take away from this talk... BACnet/SC will be able to be used instead of BACnet/IP when additional network security is needed. I should emphasize that you can use BACnet/SC with VLANs and other existing network security infrastructure. But of course, security comes at a cost, for example the need for additional device configuration and the maintenance of a certificate authority. Thank you for your attention.
The BACnet/SC protocol stack
Here is a scenario in which multiple retail stores are connected using BACnet/SC over the Internet.