BACnet Secure Connect Reference Implementation
BACnet Secure Connect (BACnet/SC) is an addendum to the BACnet protocol released by the ASHRAE BACnet Committee. It is a secure, encrypted communication datalink layer that is specifically designed to meet the requirements, policies, and constraints of minimally managed to professionally managed IP infrastructures.
BACnet/SC is an important addition to the toolbox of product designers developing more secure building automation products and systems. It does not replace existing BACnet options but complements them. In the end, it is one piece of the larger industry effort to address the growing need for cybersecurity in building systems.
Security is a hot button in the buildings industry and with the increased interest in BIoT (Building Internet of Things), Building Automation System manufacturers are under pressure to get their people and products up-to-speed on this new technology. BACnet International created a Reference Implementation and System Test Bench to help suppliers gain in-house technical knowledge as well as enhance the interoperability of their products with other BACnet/SC devices.
These tools can shorten the BACnet/SC learning curve and dramatically reduce time spent on test system configuration and operation. The Reference Implementation is available for free in open source on Source Forge.
Some Technical Insights
BACnet/SC allows two BAS devices to establish a highly secure and encrypted connection between each other, over which conventional BACnet messages can be sent and received. The need for using standardized and often already present IP network infrastructures for BACnet communication is increasing, and this security is a critical piece in the networking of building technologies.
BACnet/SC is a new option for getting system information and control commands from one device to another, just like BACnet/IP and BACnet MS/TP. It does basically the same thing as BACnet/IP and MS/TP … that is transporting information and commands among devices. The key difference is that BACnet/SC encrypts the information being sent so that no device on the network can determine the content of secure messages unless they have the appropriate encryption keys. The encryption process and the certificates that make it work are like those used in smartphone banking apps when they communicate with a bank.
BACnet/SC, defined in Addendum 135-2016 bj, uses WebSockets and TLS to implement peer authentication, message encryption, and reliable connection-oriented communication between BACnet/SC devices. BACnet/SC can be implemented on any IPv4 or IPv6 network.
BACnet/SC is particularly appropriate for applications that are sensitive to cybersecurity issues. The obvious examples are military and government, but it might be equally applicable to high-value manufacturing, process control and similar facilities.
To learn more about BACnet/SC:
- Nov 2020: BI Journal, Issue 18: BACnet/SC: The Big Picture by David Fisher
- BACnet Secure Connect: ‘A Secure Infrastructure for Building Automation’ by Dave Fisher, Bernhard Isler, and Mike Osborne (White Paper)
- April 2019: Jim Butler’s Article “Introduction to BACnet/SC” in Automated Buildings