Michael N. Johnstone
Edith Cowan University, Australia
Building Automation, State Modeling, Security, Heating Ventilation, Air Conditioning.
Enterprise Information Systems
Information Systems Analysis and Specification
Information Technologies Supporting Learning
Security and Privacy
Building automation systems, or building management systems, control services such as heating, air-conditioning
and security access in facilities. A common protocol used to transmit data regarding the status
of components is BACnet. Unfortunately, whilst security is included in the BACnet standard, it is rarely
implemented by vendors of building automation systems. This lack of attention to security can lead to vulnerabilities
in the protocol being exploited with the result that the systems and the buildings they control can be
compromised. This paper describes a proof-of-concept protocol attack on a BACnet system and examines the
potential of modeling the basis of the attack.