Trane Technologies authored and published this paper on May 2, 2022. Building Automation Systems (BAS) offer significant operational advantages for commercial building owners and occupants. They provide the applications and interfaces that make it easier to effectively manage indoor environmental quality (IEQ) and optimize energy efficiency. As connected systems, they share many of the same cyber risks as traditional IT assets. The paper provides an introduction to the best practices in BAS cybersecurity. These best practices fall into three main categories. These include Isolation from other systems; Secure Access – both on-site and remote; Operation and Maintenance – establishing (and sticking to) set protocols and maintaining a regular system and software maintenance schedule to maintain security over the long term. With due diligence, the risks are manageable.
Keywords: Access Controls, Blade/Edge Technology, Computer/Network Hardware, Cybersecurity/Privacy, Data Networking, Identification Systems, Intelligent Building, Internet of Things (IoT), Large Building Controls/Automation, Protocols/Standards, Software Development, System Integrator, Virtual Private Network (VPN), Ethernet, USB Cellular Module, Firewall