NIST Time|NIST Home|About NIST|Contact NIST

HomeAll Years:AuthorKeywordTitle2005-2010:AuthorKeywordTitle

BACnet Wide Area Network Security Threat Assessment.

pdf icon BACnet Wide Area Network Security Threat Assessment. (324 K)
Holmberg, D. G.

NISTIR 7009; 20 p. July 2003.

Available from:

: National Technical Information Service (NTIS), Technology Administration, U.S. Department of Commerce, Springfield, VA 22161.
Telephone: 1-800-553-6847 or 703-605-6000;
Fax: 703-605-6900; Rush Service (Telephone Orders Only) 800-553-6847;
Order number: PB2003-105807


building control system; network; security; BACnet; protocol; threat; vulnerability


This technical report addresses inter-networked building automation and control systems (BAS or BCS) using the BACnet protocol [ANSI/ASHRAE, 2001]. The report deals with threats from known sources due to communication connections to the corporate LAN and the public internet as well as physical threats to the building automation equipment and attached computers. Weaknesses of the protocol, BACnet 2001, and of the physical implementation will be examined. The BACnet system security environment is discussed followed by detailed threat analysis and possible countermeasures. The objective is to have a document that summarizes the threats toward and weaknesses of a BACnet network. This document can in turn be used for Common Criteria (CC) Protection Profile (PP) development and for guidance in selecting security solutions.