Security of Building Automation and Control Systems: Survey and future research directions

Abstract

Building Automation and Control Systems (BACS) designate the mechanisms that are used to automate buildings’ operations such as climate control, lightning and access control. As such, traditional BACS encompass extensively automated buildings managed in an integrated manner, with the support of Supervisory Control and Data Acquisition (SCADA) systems and specialized industry standards such as BACnet and KNX. More recently, the increasing adoption of IP-connected, IoT-like devices for automating single tasks led to a substantial increase in the number of automated building functions (especially for the smart home domain), although rarely with extensive or integrated automation levels. The interconnection with the building local area network (LAN) and even the Internet, comes with the cost of a wider exposition to attacks, that can either begin inside of the building or be initiated from anywhere outside of it.In contrast with other domains that recently received substantial attention (e.g. industrial control and automation systems), the security of BACS has been addressed in a somehow more superficial and less structured manner. Nevertheless, recent security incidents, combined with the fact that these systems are becoming more interconnected with the building networks and the Internet, are raising security concerns.This paper provides a systematic survey of recent research and industry developments related with the security and safety of building automation and control systems. It also presents an overview of the existing threats and known attacks against BACS, as well as open issues and future research directions.