The document discusses cybersecurity solutions for smart buildings, focusing on securing Internet of Things (IoT) devices through the 'Securing the Internet of Things' protocol. It outlines various security features such as device authentication, encryption, and automated certificate management to protect building operations from cyber threats. Key offerings include a user-friendly installation process and real-time protection without requiring extensive IT knowledge.

1. Cybersecurity for Building Controls

2. Securing the Internet of Things™
Buildings are Becoming Smarter and More Connected…
…Increasing Exposure
and Security Risks:
• Building Operations
• Occupant Safety
• Data Loss, Ransomware
• Financial Liability
• Reputation

3. Securing the Internet of Things™
Protocol Security Challenges
BACnet/Modbus protocols originally developed without security
Device-to-device messages are inherently unsecure
Anyone that gets in or plugs in to the network can:
• Can discovery network devices
• Watch and record all traffic
• See message types and details
• Inject commands

4. Securing the Internet of Things™
• Cybersecurity “In a Box”
• Protects Devices at the Edge
• NIST Zero Trust Compliant
• Stops Cyber Attacks on OT
Networks, Buildings and Critical
Infrastructure
ISO 26262
ASIL D Certified
Developed in partnership with

5. Securing the Internet of Things™
Security Features
Device-to-Device
Authentication
Secure Tunnels
Between Devices
Data
Encryption
Automated
Certificate
Authority

6. Securing the Internet of Things™
BACnet Device Protection
BACnet/IP BACnet MS/TP BACnet/SC
Enables existing/
installed BACnet
devices to
participate in a
BACnet/SC domain
Automatically and
seamlessly manage
security certificates
Protects devices on
MS/TP trunk from
attacks originating on
IP network
Protects IP network
devices from attacks
originating on an
MS/TP trunk
Protects individual
devices
Protects devices
behind BACnet
routers

7. Securing the Internet of Things™
Unsecure Building Network
Controller
Building
Automation
Edge
Components
No Built-In Security
IT
Network
Unsecure Network
Anyone that gets in or plugs in can:
• Send “Who Is” and other commands
• Watch and record all traffic
• See message types and details
• BACnet IP or BACnet MSTP

8. Securing the Internet of Things™
Unprotected Network Traffic
Message Types and Message Details are Easily Monitored
Message Details
Message Types

9. Securing the Internet of Things™
Secure Building Network
Controller
Building
Automation
Edge
Components
No Built-In Security
Secure Enclave
BACnet/IP, Modbus TCP, etc.
IT
Network
• Data logging
• Analytics
• Alerts
NIST-Compliant

10. Securing the Internet of Things™
Network Traffic Protected by DOME
Message Types and Message Details are Protected
Message Types are Hidden
Message Details are Encrypted

11. Securing the Internet of Things™
“Cybersecurity In a Box” for Building Controls
DOME SaaS/Dashboard DOME Interface
Appliance (DIA)
DOME Sentry
• Analytics
• Security Alerts
• Daily Status Email
• Manages Cloud Connection
• Device Management
• Credential Management
• Data Logging Capture
• STOPS Cyber Attacks
• Works with Installed Devices
• 100% NIST Zero Trust Framework
• Zero Touch Onboarding
• Installs in Under 60 seconds
• No IT or Cyber Skills Needed
• Protects 1:1 and 1:Many Devices
DOME supports “No Cloud Connectivity”
operation for secure Defense/Gov’t sites

12. Securing the Internet of Things™
Daisy-Chain Capable Industrial Specs
Compact Standard
DOME Sentry Devices
Hardware Options for Various Network Topologies and Environments
Software Options:
• AI device monitoring
• Post-Quantum (PQ) encryption

13. Securing the Internet of Things™
Protecting BACnet MS/TP Devices
ssdsd
DOME Sentry
BACnet MS/TP
DOME
Secure Enclave
BACnet
Router
BACnet IP
DOME protects the BACnet/IP router and BACnet MS/TP devices against
unauthenticated incoming BACnet/IP traffic
1
1
2
2
DOME protects the broader network against the injection of unauthorized
BACnet MS/TP traffic from an unapproved device on the local trunk

14. Securing the Internet of Things™
Installation Benefits
System-driven approach improves speed of
implementation and eliminates opportunities
for errors (e.g. automated certificates)
DOME Mobile App makes device registration
a simple “point-and-click” process
Simplicity means no IT/Cyber expertise is
needed – installation by existing technicians

15. Securing the Internet of Things™
DOME Mobile App™ Makes Installation Easy
No IT/Cyber Expertise Needed, No Manual Configuration
Sign In Select
Register Devices
Select Pre-Registered
Location
Scan QR Code Device Registered,
Security Credentials Auto-
Installed on Installation

16. Securing the Internet of Things™
•Previous victim of a cyber attack
•BACnet/IP riser trunks
•BACnet MS/TP floor trunks
•Entire building automation network
protected with just 4 DOME Sentry
devices
Example Deployment
32-Story Building in NYC

17. Securing the Internet of Things™
STOPS Cyber Attacks
• Real-time protection to the edge
• Only purpose-built solution for edge devices
Fully Packaged Cybersecurity Solution
• Eliminates need for IT / Cybersecurity resources
• Installs and protects in under 60 seconds
Works with New and Existing Devices
• Protection/Encryption between devices
• Supports commonly used IP network protocols
Cybersecurity Made Easy