What is it?
Building Automation and Control Network (BACnet) is a common building automation system protocol that offers Alarm and event monitoring, remote device management and computer file and terminal access. The default port for BACnet traffic is 47808
Why is it a risk?
Because early building automation systems relied on dedicated wiring and networks, there were no native security options. Over time, consumers wanted to leverage their investment in Internet infrastructure to control their buildings remotely.
Attacks on unprotect BACnet installations can result in attackers taking control of Heating and Ventilation equipment, lighting, temperature controls, fuel pumps and etc.
How can you mitigate the risk?
BACnet/SC has been introduced to add encryption and other security measures to all BACnet devices.
Because early BACnet devices did not have built-in security, an incremental approach is required.
The BACnet International Journal article linked below, “BACnet Security: The Big Picture,” explains how to migrate incrementally toward a secure BACnet installation.
Resources:
BACnet Security: The Big Picture [PDF]
https://bacnetinternational.org/wp-content/uploads/sites/2/2022/07/BIJ-18-BACnetSC-Article.pdf