Method for electronic security assessment of a building automation system and building automation system
By introducing controllers and cloud services into building automation systems for electronic security scanning and assessment, the problems of detecting and repairing security vulnerabilities in the system have been solved, and the system's network security and real-time assessment capabilities have been improved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- TRANE INTERNATIONAL INC
- Filing Date
- 2021-12-29
- Publication Date
- 2026-06-09
AI Technical Summary
Existing building automation systems suffer from security vulnerabilities that are difficult to detect and fix effectively, especially in terms of security assessment of controller and electronic device networks.
By introducing controllers and cloud-based services into building automation systems, electronic security scanning and assessment of controller and electronic device networks can be achieved, including determining firewall protection, verifying configurations and port security, and providing risk scores and remediation recommendations for security vulnerabilities.
It enables real-time security assessment and vulnerability remediation of building automation systems, reducing the frequency of security scans and public exposure, and improving the network security of the system.
Smart Images

Figure CN114697069B_ABST
Abstract
Description
Technical Field
[0001] This disclosure generally relates to a building automation system. More specifically, this disclosure relates to the network security management of electronic devices within a building automation system. Background Technology
[0002] Building automation systems are computerized networks of electronic devices that can be configured to control one or more systems, such as, but not limited to, the building's mechanical, electrical, lighting, and security systems. Building automation systems can be configured to control a building's heating, ventilation, air conditioning, and cooling (HVACR) systems and related components. Users, such as, but not limited to, facility managers and building maintenance engineers, typically interact with the building automation system via one or more computers networked with various device controllers and sensors. Users can also interact with the building automation system via one or more mobile devices, such as, but not limited to, cellular phones, tablets, etc. Summary of the Invention
[0003] This disclosure generally relates to building automation systems. More specifically, this disclosure relates to the network security management of electronic devices within building automation systems.
[0004] The embodiments disclosed herein provide methods and systems including a user interface to provide users (such as facility administrators, building maintenance engineers, technicians, etc.) with reports on whether any communication ports on one or more controllers of a building automation system are accessible from the Internet, potentially indicating security vulnerabilities. Users can initiate external scan requests through, for example, the user interface of the controller or building automation system. The controller is configured to forward the request to a cloud service. The cloud service can perform external scans on the controller and / or building automation system. The controller and the cloud service can perform additional security assessments on the controller and / or building automation system to evaluate security vulnerabilities. The controller can generate reports based on the security assessments and provide a recommended list for resolving security vulnerabilities in the controller and / or building automation system, allowing users to take further action (e.g., remediate the security vulnerabilities).
[0005] The embodiments disclosed herein can provide security assessments, for example, during controller installation. Users can obtain security assessment reports almost in real time (e.g., before leaving the installation site / campus). The provided security assessments can reduce the public exposure of the controller to security scans (e.g., by reducing the frequency of security scans).
[0006] A method is provided for performing an electronic security assessment of a building automation system. The building automation system includes a network of controllers and electronic devices connected electronically. The method includes: a controller requesting an electronic security scan of its dataset from a cloud-based service via a secure channel; and the cloud-based service initiating a real-time electronic security scan of the controller based on the controller's dataset. The method also includes: the cloud-based service electronically assessing security vulnerabilities in the building automation system, the assessment including one or more of the following: determining whether the controller is protected by a firewall or other network security device; verifying the controller's service configuration; verifying the controller's Ethernet and Wi-Fi configurations; determining the controller's open communication ports; determining whether any routers, bridges, or other broadcast devices communicating with the controller are protected by firewalls or other network security devices; verifying the security certificates of the controller's open communication ports; and verifying server communications of the building automation system. The method also includes the cloud service verifying the exit points of the building automation system. The method also includes an electronic assessment by the controller of security vulnerabilities in a network of electronic devices electronically connected to the controller, the assessment including one or more of the following: probing the network of electronic devices, determining whether the network of electronic devices is protected by a firewall or other network security device, verifying the Ethernet and Wi-Fi configurations of the network of electronic devices, and identifying open communication ports of the network of electronic devices. The method also includes determining a recommended list for addressing security vulnerabilities in the building automation system based on the electronic assessment of security vulnerabilities in the building automation system and the electronic assessment of security vulnerabilities in the network of electronic devices.
[0007] A building automation system is provided. The system includes a controller, multiple electronic devices, and a network. The multiple electronic devices communicate electronically with the controller via the network. The controller is configured to request an electronic security scan of the controller using the controller's dataset from a cloud-based service via a secure channel. The cloud-based service is configured to initiate a real-time electronic security scan of the controller using the controller's dataset and to electronically assess security vulnerabilities in the building automation system. This assessment includes one or more of the following: determining whether the controller is protected by a firewall or other network security device; verifying the controller's service configuration; verifying the controller's Ethernet and Wi-Fi configurations; determining the controller's open communication ports; determining whether any routers, bridges, or other broadcast devices communicating with the controller are protected by a firewall or other network security device; verifying the security certificates of the controller's open communication ports; and verifying server communication of the building automation system. The cloud-based service is also configured to verify the exit points of the building automation system. The controller is also configured to electronically assess security vulnerabilities in the network of electronic devices electronically connected to the controller, including one or more of the following: probing the electronic devices; determining whether the electronic devices are protected by a firewall or other network security device; verifying the Ethernet and Wi-Fi configurations of the electronic devices; and determining the open communication ports of the electronic devices. The controller is also configured to determine a recommended list of security vulnerabilities in building automation systems based on security vulnerabilities in electronically assessed building automation systems and security vulnerabilities in electronically assessed networks of electronic devices. Attached Figure Description
[0008] Reference is made to the accompanying drawings, which form part of this disclosure and illustrate embodiments in which the systems and methods described herein may be practiced.
[0009] Figure 1 A schematic diagram of a system including a building automation system according to an embodiment is shown.
[0010] Figure 2 An example is shown. Figure 1 A schematic diagram of the system control unit.
[0011] Figure 3A A flowchart of a method for conducting an electronic security assessment of a building automation system, according to an embodiment, is shown.
[0012] Figure 3B An example is shown. Figure 3A A diagram illustrating passive self-assessment.
[0013] Figure 4AA flowchart is shown of a method for performing an electronic safety assessment of one or more electronic devices that are electronically connected to a controller of a building automation system, according to an embodiment.
[0014] Figure 4B An example is shown. Figure 4A A diagram illustrating the equivalent assessment.
[0015] Figure 5 A flowchart is shown of a method for a controller to perform an electronic security assessment of a building automation system according to an embodiment.
[0016] Figure 6 A flowchart is shown of a method for performing an electronic security assessment of a building automation system using cloud services, according to an embodiment.
[0017] Figure 7 A flowchart of a method for conducting electronic security assessments of multiple building automation systems, according to an embodiment, is shown.
[0018] The same reference numerals always denote the same parts. Detailed Implementation
[0019] The following definitions apply throughout this disclosure. As defined herein, the term "firewall" can refer to a system (e.g., a hardware system, a software system, or a combination of both) designed to prevent unauthorized access to or from a private network. Firewalls typically establish a barrier between trusted networks and untrusted networks (such as the Internet). Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet. Firewalls can also refer to network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules.
[0020] As defined herein, the term "BACnet" can refer to a communication protocol used in building automation and control (BAC) networks that utilizes the standards of the American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE), the American National Standards Institute (ANSI), and the International Organization for Standardization (ISO) 16484-5. BACnet allows building automation and control systems to communicate for applications such as HVACR, lighting control, access control, and / or fire detection systems and related equipment. The BACnet protocol provides a mechanism for exchanging information among computerized building automation devices.
[0021] As defined herein, the term "BBMD" can refer to a BACnet / IP broadcast management device used to distribute BACnet broadcast messages in a BACnet / IP network consisting of interconnected Transmission Control Protocol / Internet Protocol (TCP / IP) subnets. A BBMD can forward BACnet / IP broadcast messages sent by devices connected to its subnet to a peer BBMD. The term "BDT" can refer to a broadcast distribution table that serves as a list of BBMDs on the network.
[0022] As defined herein, the term "exit" or "exit filtering" can refer to monitoring and potentially restricting outbound information flow from one network to another. For example, information from a private network (e.g., the BACnet network, etc.) to the Internet can be controlled and restricted. Data sent from a private network is inspected via routers, firewalls, or similar edge devices. Data that does not comply with security policies is not allowed to leave the private network—it is denied "exit." Exit filtering can help ensure that unauthorized or malicious traffic never leaves the private network.
[0023] As defined herein, the term "cipher" or "cipher suite" can refer to a set of algorithms that helps secure network connections via Secure Sockets Layer (SSL) or Transport Layer Security (TLS). A cipher suite can provide basic information about how secure data is transmitted when using Secure Hypertext Transfer Protocol (HTTPS), Secure File Transfer Protocol (FTPS), Simple Mail Transfer Protocol (SMTP), and other network protocols. The term "certificate" can refer to a digital certificate used to authenticate servers and / or clients on a network using, for example, a cipher suite.
[0024] As defined herein, the terms "real-time" or "instantaneous" can refer to various operations in computing or other processes that must guarantee a response time within a predetermined or specified time (duration), which is typically a relatively short period. Real-time processes are generally processes that occur within a predetermined time, including steps with the longest duration, and are fast enough to influence the environment in which the process occurs.
[0025] It will be understood that different embodiments of cybersecurity management for building automation systems are described in U.S. Patent Application Publication No. 2020 / 0213344, the entirety of which is incorporated herein by reference.
[0026] Specific embodiments of this disclosure are described herein in conjunction with the accompanying drawings; however, it will be understood that the disclosed embodiments are merely examples of this disclosure, which may be embodied in various forms. Well-known functions or constructions are not described in detail to avoid obscuring this disclosure with unnecessary detail. Therefore, the specific structural and functional details disclosed herein should not be construed as limiting, but only as the basis for the claims and as a representative basis for teaching those skilled in the art to apply this disclosure in various ways in virtually any suitable detailed structure. In this specification and the accompanying drawings, the same reference numerals denote elements that can perform the same, similar, or equivalent functions.
[0027] The scope of this disclosure should be determined by the appended claims and their legal equivalents, and not by the examples given herein. For example, the steps set forth in any method claim may be performed in any order and are not limited to the order presented in the claims. Furthermore, unless specifically described herein as “critical” or “essential,” no element is essential to the practice of this disclosure.
[0028] Figure 1 This is a schematic diagram of a system 10 including a building automation system 100 according to an embodiment. The building automation system 100 includes a computer 103 dedicated to performing the methods described herein. The computer 103 is connected to a network 101. In one embodiment, the computer 103 may be hardwired to the network 101. In another embodiment, the computer 103 may be wirelessly connected to the network 101.
[0029] Network 101 uses communication standards or protocols to link the various subsystems of the entire building automation system 100. For example, network 101 links system control unit (system controller) 102a, unit control devices (unit controllers) 102b, unit control devices (unit controllers) 102c, and other devices 102d, 102e, and 102f. Network 101 can provide system-wide user access and control from computer 103. Network 101 can also connect to the cloud via a wireless connection such as a cellular connection. In an embodiment, system control unit 102a may be referred to as the main controller of the building automation system. In an embodiment, unit controller 102b is configured to control, for example, device 102d. Unit controller 102c is configured to control, for example, device 102e. The main controller is configured to communicate with the unit controllers (102b, 102c) and is configured to directly or indirectly (e.g., through unit controllers 102b and / or 102c) control any or all devices in the building automation system 100.
[0030] In this embodiment, network 101 may utilize a variety of different communication protocols. Examples of communication protocols suitable for network 101 include, but are not limited to, TCP / IP, BACnet, LonTalk, Modbus, ZigBee, Zwave, Wi-Fi, the Standard Interface for Multi-Platform Link Evaluation (SIMPLE), Bluetooth, Secure Shell (SSH), etc.
[0031] Computer 103 can represent a variety of electronic devices. For example, computer 103 can have a display device and an input device. In embodiments, computer 103 can be a desktop computer, laptop computer, tablet computer, cellular phone (e.g., smartphone, etc.), personal digital assistant, local display, smart device supporting kiosk mode (e.g., television, tablet computer, etc.), or other suitable electronic devices.
[0032] Building automation system 100 is connected to the Internet 105 via electronic communication. A network security device 106 is included between the Internet 105 and the network 101 of building automation system 100. It should be understood that the network security device 106 may not be present in this embodiment. In such an embodiment, the following is based on... Figures 3A to 7 The proposed approach might be to add a network security device 106. This network security device 106 could be, for example, a firewall, a cellular router, a bridge, etc., which protects and safeguards the building automation system 100 from unwanted intrusions via the Internet 105.
[0033] The illustrated embodiment includes a mobile device 110 connected to the building automation system 100 via, for example, the Internet 105 through a network security device 106. The mobile device 110 may alternatively be referred to as a user equipment. The mobile device 110 is not part of the building automation system 100. The mobile device 110 may be connected to the building automation system 100 via a local wireless connection 112. The local wireless connection 112 may be established after the network security device 106, allowing the mobile device 110 to connect to one or more components or devices 102a-102f of the building automation system 100 without requiring communication between the mobile device 110 and the building automation system 100 to pass through the network security device 106. For example, this can improve the communication speed between the mobile device 110 and the building automation system 100. In this embodiment, the mobile device 110 may be connected to the building automation system 100 via a wired connection.
[0034] Mobile device 110 can connect to building automation system 100 via Internet 105 using, for example, cellular, 3G, 4G, 5G or other wireless communication protocols. Mobile device 110 can connect to building automation system 100 via local wireless connection 112 using, for example, Wi-Fi, Bluetooth or other wireless communication protocols. Mobile device 110 can connect to building automation system 100 using, for example, a combination of Internet 105 and local wireless connection 112.
[0035] Figure 2 According to the embodiments Figure 1 A schematic diagram of the system control unit 102a. System control unit 102a typically represents a component used in building automation system 100. Figure 1 The hardware aspects of the controller. System control unit 102a is an example and not intended to be limiting.
[0036] The system control unit 102a includes a processor 150, a memory 155, a network input / output 160, and a storage device 165. It should be understood that the system control unit 102a may include one or more additional components.
[0037] Processor 150 can retrieve and execute programming instructions stored in memory 155 and / or storage device 165. Processor 150 can also store and retrieve application data residing in memory 155. Processor 150 can be a single processor, multiple processors, a coprocessor, or a single processor with multiple processing cores. In some embodiments, processor 150 can be a single-threaded processor. In some embodiments, processor 150 can be a multi-threaded processor.
[0038] Interconnect 170 is used to transfer programming instructions and / or application data between processor 150, memory 155, storage device 165, and network input / output 160. Interconnect 170 may be, for example, one or more buses.
[0039] The system control unit 102a includes a relatively limited amount of storage device 165. The main function of the system control unit 102a is to operate the building automation control system 100.
[0040] This typically includes memory 155 to represent random access memory, such as, but not limited to, static random access memory (SRAM), dynamic random access memory (DRAM), flash memory, suitable combinations thereof, etc. In some embodiments, memory 155 may be volatile memory. In some embodiments, memory 155 may be non-volatile memory.
[0041] Network input / output 160 may include wired and wireless connections. Network input / output 160 is configured to transmit data via network 101. In embodiments, network input / output 160 may also be configured to transmit data via the Internet 105. In embodiments, network input / output 160 may transmit data via network 101 via a wireless connection using Wi-Fi, Bluetooth, BACnet, LonTalk, Modbus, ZigBee, Zwave, or other suitable wireless communication protocols. In embodiments, network input / output 160 may transmit data via wired connections, fiber optic cables, etc. It should be understood that network input / output 160 may communicate via network 101 or via the Internet 105 through appropriate combinations of the aforementioned wired and wireless communication methods. Network 101 may also connect to the cloud via a wireless connection such as a cellular connection.
[0042] In some embodiments, the system control unit 102a may include one or more other features. For example, in some embodiments, the system control unit 102a may include a coprocessor configured to drive a motherboard display.
[0043] The aspects described herein can be embodied as a system, method, or computer-readable medium. In embodiments, the described aspects can be implemented in hardware, software (including firmware, etc.), or a combination thereof. Some aspects can be implemented in a computer-readable medium, including computer-readable instructions executable by a processor. Any combination of one or more computer-readable media can be used.
[0044] Computer-readable media can include computer-readable signal media and / or computer-readable storage media. Computer-readable storage media can include any tangible medium capable of storing a computer program for use by a programmable processor to perform the functions described herein by manipulating input data and generating output. A computer program is a set of instructions that can be used directly or indirectly in a computer system to perform a specific function or determine a specific result.
[0045] Examples of computer-readable storage media include, but are not limited to: floppy disks; hard disks; random access memory (RAM); read-only memory (ROM); semiconductor storage devices, such as, but not limited to, erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), flash memory, etc.; portable compact disc read-only memory (CD-ROM); optical storage devices; magnetic storage devices; other similar devices; or suitable combinations of the foregoing.
[0046] Computer-readable signal media may include propagated data signals having computer-readable instructions. Examples of propagated signals include, but are not limited to, optical propagation signals, electromagnetic propagation signals, etc. Computer-readable signal media may include any computer-readable medium, but not a computer-readable storage medium capable of propagating a computer program for use by a programmable processor to perform the functions described herein by manipulating input data and generating output.
[0047] Some implementations can be provided to end users through cloud computing infrastructure. Cloud computing typically includes providing scalable computing resources as a service over a network (e.g., the Internet).
[0048] Figure 3A A flowchart of a method 300 for conducting an electronic security assessment of a building automation system according to an embodiment is shown. Figure 3B An example is shown. Figure 3A A diagram illustrating passive self-assessment 320.
[0049] The operation flowchart 300 may include one or more operations, actions, or functions depicted by one or more boxes 305, 310, 315, 320, 325, 330, and 335. Although shown as discrete boxes, the various boxes may be divided into additional boxes, combined into fewer boxes, or eliminated, depending on the desired implementation. In an embodiment, method 300 may be controlled by system control unit 102a. Figure 1 and Figure 2 The method 300 may be performed by a controller (referred to as a "controller") in the building automation system 100 and / or a controller in the cloud that provides the cloud service or application (referred to as a "cloud service" for simplicity). In another embodiment, method 300 may be performed by any controller (also referred to as a "controller") in the building automation system 100 and / or the cloud service. For example, method 300 may be performed by one of the unit controllers 102b and 102c in the building automation system 100 and / or the cloud service.
[0050] Method 300 may typically include electronically assessing various information about the controller itself and / or its associated ports (e.g., communication ports, etc.) to generate risk scores, risk reports, and recommended actions to remedy any security vulnerabilities discovered. Therefore, Method 300 can be considered an electronic security self-assessment of the controller (referred to as “passive self-assessment”).
[0051] The processing flow of method 300 can begin at box 305. At 305, the user (facility administrator, building maintenance engineer, technician, etc.) logs into the controller via a user interface (e.g., the controller's graphical user interface). The user can log in via, for example, computer 103 (…). Figure 1 ), mobile devices 110 Figure 1Login controller, etc. In the illustrated embodiment, 305 is shown as dashed as optional because the user may already be logged into the controller. Box 305 can be followed by box 310.
[0052] At box 310, a user can request an external (i.e., external to the controller) security scan via a user interface. The controller is configured to acquire its own dataset. The dataset includes, for example, the controller's Internet Protocol (IP) address, or any other suitable data about the controller (e.g., devices connected to the controller, the controller's settings / configuration, the controller's ports, routers connected to the controller, lists, software, firmware, applications, etc.). The controller is also configured to establish a secure, trusted, encrypted connection to a specific IP address (of the cloud service) on the Internet, making the connection between the controller and the cloud service a secure channel. Data communication between the controller and the cloud service is not publicly disclosed on the Internet. The controller is also configured to forward security scan requests from users, along with the acquired dataset, to the cloud service via the secure channel. Box 310 may be followed by box 315.
[0053] At point 315, the cloud service is configured to perform security scans on the controller based on the controller's dataset (e.g., the controller's IP address) (e.g., a network scan searching the controller and its ports via the internet). For example, as... Figure 3B As shown in box 320A, the cloud service is configured to determine whether the controller (and / or the controller's wired and wireless communication ports) is subject to network security devices (e.g., Figure 1 Protection of network security device 106 in the building automation system. In embodiments, this may include evaluating the Internet Protocol (IP) address of the controller (and / or the controller's wired and wireless communication ports). For example, if the IP address of the centralized controller is a private IP address (or a range of private IP addresses), the controller may be protected by the network security device. If the IP address of the centralized controller is a public IP address, the controller may not be protected by the network security device, which may indicate a security risk because the controller may be exposed to public access. The cloud service may be able to determine that a network security device such as network security device 106 does not exist in the building automation system. The cloud service may notify the controller that the security scan operation has been completed, and the controller may obtain the determination result via a secure channel, and / or store the result in the controller's memory (e.g., Figure 2 The memory (155) is used for displaying to the user, for example, via a user interface. This can be achieved via, for example... Figure 1 Mobile devices 110 Figure 1 The user interface is displayed on the screen of the computer 103's monitor or any other suitable display device. Box 315 may be followed by box 320 (see details for box 320). Figure 3BBox 320 can be followed by box 325.
[0054] At point 325, the controller (and / or cloud service) determines a risk score based on the information obtained at point 320. In one embodiment, the assessments at 320 may be included as components of the risk score. In one embodiment, the risk score may be represented by a critical point (e.g., critical risk, moderate risk, information, etc., which may be an indirect score), and one or more assessments at 320 may have a single score represented by the degree of criticality. In another embodiment, the risk score may be weighted such that one or more assessments at 320 are the primary factors in determining the risk score. In one embodiment, the risk score may be numerical. In one embodiment, the risk score may be provided to the user. In another embodiment, the risk score may be a factor in providing one or more recommendations to the user, but not displayed to the user. For example, recommendations may be retrieved from the controller's memory based on the risk score.
[0055] At 330, the controller (and / or cloud service) is configured to determine the existence of a vulnerability based on the assessment at 320. The controller can identify vulnerabilities specific to the assessment. For example, if no network security device 106 is identified at 320 (e.g., there is no firewall between building automation system 100 and the Internet 105), the controller can indicate the existence of a security vulnerability. In embodiments, the existence of a security vulnerability can be determined based on, for example, best practices for mitigating the risk of cyberattacks (e.g., industry standards, company guidelines, policies, etc.).
[0056] At point 335, the controller (and / or cloud service) is configured to provide the user with one or more remediation recommendations. In embodiments, the recommendations may be based on best practices in cybersecurity (e.g., industry standards, company guidelines, policies, etc.). In embodiments, there may be a single recommendation for each type of security vulnerability. For example, in an embodiment where the controller determines that no security device 106 or communication port is unprotected by a firewall, the recommendation may include network security device 106 or the configuration settings may be modified to make the communication port protected by a firewall. In embodiments, one or more defined rules may exist, indicating what recommendations should be provided based on the identified vulnerability. In embodiments, the user needs to confirm the security assessment report generated by the controller (e.g., for public and security opt-out purposes).
[0057] Risk scores, vulnerabilities, and recommendations can be presented to the user through the user interface or retrieved / downloaded from the controller's memory. Method 300 can be executed in response to the user's selection to perform an e-security assessment. Therefore, method 300 can be an on-demand method for identifying security vulnerabilities.
[0058] In this embodiment, method 300 can be scheduled to run periodically, such as, but not limited to, daily, weekly, monthly, etc. In such an embodiment, the scheduling of method 300 can be selected based on determining the time during which the controller uses relatively little bandwidth. An example of such time could be the period when the building in the building automation system is not occupied. In this embodiment, method 300 does not affect the normal functioning of the controller.
[0059] It will be understood that the security assessment results can be stored (e.g., stored in the controller's memory or stored in the cloud by a cloud service). In such an embodiment, when method 300 is executed again, the method can be used to highlight changes since the last execution of method 300. When a change occurs relative to a previously passed state (e.g., a determined security assessment), the controller can be configured to (e.g., via the controller's user interface) prompt the user or display an alert.
[0060] In an embodiment, method 300 may also be additionally configured to automatically modify its own security settings in response to the identification of a security vulnerability, instead of providing a recommendation at 335. In an embodiment, the modification may follow best practices typically recommended to users (e.g., industry standards, company guidelines, policies, etc.). In an embodiment, method 300 may include recommending the modified settings to the user, who can then choose to accept and complete the modification, or choose not to accept and retain the controller's current settings. In an embodiment, the user may be required to accept and complete the modification to continue using the system.
[0061] like Figure 3B As shown, box 320 includes one or more of boxes 320A to 320H (see Figure 1). Figure 3A (Description of box 320A in the description of box 315). It will be understood that boxes 320A to 320H can be performed by, for example, cloud services.
[0062] Box 320B may refer to the cloud service verifying the controller's service configuration (e.g., smart service configuration) by, for example, verifying the controller's IP address and other information of the controller (e.g., from 320A and 320C to 320H) to meet or match the predetermined requirements of the service configuration.
[0063] Box 320C can refer to one or more Ethernet configuration settings, one or more Wi-Fi settings, or combinations thereof for the cloud service authentication controller.
[0064] Box 320D may refer to a port on the cloud service scanning controller that is identified as open to the internet (which may indicate a security risk) (e.g., a communication port such as TCP / IP, BACnet, LonTalk, Modbus, ZigBee, Zwave, Wi-Fi, SIMPLE, Bluetooth, or SSH port).
[0065] It will be understood that, in the embodiments, when a security scan request is sent from the controller to the cloud service, boxes 320A, 320C, and 320D can be executed by the cloud service in real time.
[0066] Box 320E may refer to cloud service verification of routers and bridges connected to the controller in the same network (or subnet) 101 to determine whether the routers and / or bridges are directly connected to the Internet (which may indicate a risk due to public accessibility) or whether they are protected behind network security device 106.
[0067] Box 320F may refer to cloud service verification of BBMD and BDT devices (including other controllers and other electronic devices connected to the controller) connected to the controller in the same network (or subnet) 101 to determine whether these devices are directly connected to the Internet (which may indicate a risk due to public accessibility) or whether they are protected behind network security device 106.
[0068] Box 320G may refer to the cloud service's verification and authentication of the controller's HTTPS port, and the password and certificate settings of the controller and / or building automation system. For example, the cloud service may scan the controller's ports and determine whether the controller communicates with the Internet via Hypertext Transfer Protocol (HTTP, a less secure protocol that may indicate a risk) or via a secure Hypertext Transfer Protocol (HTTPS, a more secure protocol), and whether the controller uses a less secure cipher (e.g., TLS 1.0 or TLS 1.1, which may indicate a risk) or a more secure cipher (e.g., TLS 1.3) for Boxes 320C and 320D.
[0069] Box 320H can refer to cloud services that verify server communication (e.g., enterprise server communication) by determining whether the server's Domain Name System (DNS, which may be part of the service configuration requirements in Box 320B) name is valid.
[0070] For boxes 320E and 320F, the controller is configured to obtain information or data (e.g., IP addresses, broadcast masks, network and subnet data, broadcast lists indicating which electronic devices the controller broadcasts to, etc.) about routers, bridges, BBMD and BDT devices, other controllers, and devices connected to the controller. For boxes 320G and 320H, the controller is configured to obtain information or data about ports, certificates, and servers. It will be understood that for boxes 320A, 320C, and 320D, the controller's dataset, along with external scan requests, is transmitted by the controller via the Internet through a secure channel, for example, in real time, to a cloud service, and the cloud service performs real-time security assessments or verifications on boxes 320A, 320C, and 320D while performing real-time external scans on, for example, the controller and / or the controller's communication ports. For boxes 320B and 320E to 320H, the user requests such security assessments or verifications from, for example, the user interface of the controller, so that the data obtained by the controller in boxes 320B and 320E to 320H can be sent to the cloud service, and the cloud service can perform security assessments or verifications on 320B and 320E to 320H in a step independent of external scanning.
[0071] It will be understood that, in this embodiment, box 320 may include a cloud service verifying and determining whether the software and / or firmware on the controller is up-to-date (not being up-to-date may indicate a risk). It will also be understood that the cloud service can provide the controller with different network scan profile settings to suit different industry needs (e.g., food, manufacturing, federal agencies, healthcare, education, etc.). In this embodiment, the cloud service may be configured to perform large-scale security assessments to verify all endpoints of the controller and / or building automation system.
[0072] Figure 4A A flowchart of a method 400 for performing an electronic security assessment of one or more electronic devices that are electronically connected to a building automation system according to an embodiment is shown. Figure 4B An example is shown. Figure 4A A schematic diagram of the equivalent assessment 420.
[0073] The operation flowchart 400 may include one or more operations, actions, or functions depicted by one or more boxes 405, 420, 425, 430, and 435. Although shown as discrete boxes, the various boxes may be divided into additional boxes, combined into fewer boxes, or eliminated depending on the desired implementation. In an embodiment, method 400 may be controlled by system control unit 102a. Figure 1 and Figure 2Method 400 may be executed by any controller (also referred to as a "controller") in the building automation system 100. For example, method 400 may be executed by one of the unit controllers 102b and 102c in the building automation system 100.
[0074] Method 400 typically includes: electronically assessing various information about devices connected to the controller, generating risk scores, risk reports, and recommended actions to remedy any security vulnerabilities discovered. Therefore, Method 400 can be considered an electronic security peer assessment (assessing the security risks of controller peers).
[0075] Processing flow 400 can begin at box 405, which is similar to Figure 3A Box 305. Box 405 can be followed by box 420 (in... Figure 4B (See detailed description below). Box 420 may refer to the controller performing a peer assessment on other devices connected to the controller in the same network / subnet 101. Box 420 may be followed by Box 425, which is similar to... Figure 3A Box 325. Box 425 can be followed by box 430, which is similar to... Figure 3A Box 330. Box 430 can be followed by box 435, which is similar to... Figure 3A Box 335.
[0076] Risk scores, vulnerabilities, and recommendations can be presented to the user through the user interface or retrieved / downloaded from the controller's memory. Method 400 can be executed in response to the user's selection to perform an electronic security assessment. Therefore, method 400 can be an on-demand method for identifying security vulnerabilities.
[0077] In this embodiment, method 400 can be scheduled to run periodically, such as, but not limited to, daily, weekly, monthly, etc. In such an embodiment, the scheduling of method 400 can be selected based on determining the time during which the controller uses relatively less bandwidth. An example of such time could be the period when the building in a building automation system is not occupied. In this embodiment, method 400 does not affect the normal functioning of the controller.
[0078] It should be understood that the security assessment results can be stored (e.g., in the controller's memory). In such an embodiment, when method 400 is executed again, the method can be used to highlight changes since the last execution of method 400. When a change occurs relative to a previously passed state (e.g., a determined security assessment), the controller can be configured to (e.g., via the controller's user interface) prompt the user or display an alert.
[0079] In an embodiment, method 400 may also be configured such that, in response to the identification of a security vulnerability, the controller automatically modifies its own security settings instead of providing a recommendation at 435. In an embodiment, the modification may follow best practices typically recommended to users (e.g., industry standards, company guidelines, policies, etc.). In an embodiment, method 400 may include recommending the modified settings to the user, who can then choose to accept the settings and complete the modification, or choose not to accept the settings and retain the controller's current settings. In an embodiment, the user may be required to accept and complete the modification to continue using the system.
[0080] like Figure 4B As shown, box 420 includes one or more of boxes 420A to 420D. Box 420A may refer to the controller probing or querying information or data from routers, bridges, other controllers, and / or other electronic devices (referred to as "connected devices") connected to the controller in the same network / subnet 101 (e.g., the BACnet network).
[0081] Box 420B (similar to) Figure 3A The 320A can refer to a controller determining that the connected device is subject to network security devices (e.g., Figure 1 The network security device 106 in the device is either protected or unprotected (if it is not protected, this may indicate a security risk).
[0082] Box 420C (similar to) Figure 3A The 320C can refer to one or more Ethernet configuration settings, one or more Wi-Fi settings, or combinations thereof, for the controller to verify the connection of the device.
[0083] Frame 420D (similar to) Figure 3A 320D can refer to the controller scanning connected devices for ports that are identified as open to the Internet (which may indicate a security risk), such as communication ports like TCP / IP, BACnet, LonTalk, Modbus, ZigBee, Zwave, Wi-Fi, SIMPLE, Bluetooth, or SSH ports.
[0084] It will be understood that when executing boxes 420A to 420D, the controller obtains data from the connected device without violating the predetermined network security settings of network 101.
[0085] Figure 5 A flowchart is shown of a method 500 for a controller to perform an electronic security assessment of a building automation system according to an embodiment.
[0086] The operation flowchart 500 may include one or more operations, actions, or functions depicted by one or more boxes 505, 520, 525, 530, and 535. Although shown as discrete boxes, the various boxes may be divided into additional boxes, combined into fewer boxes, or eliminated depending on the desired implementation. In an embodiment, method 500 may be controlled by system control unit 102a ( Figure 1 and Figure 2 Method 500 may be executed by any controller (also referred to as a "controller") in the building automation system 100. For example, method 500 may be executed by one of the unit controllers 102b and 102c in the building automation system 100.
[0087] Method 500 can typically include the controller electronically assessing various information about itself, generating risk scores, risk reports, and recommended actions to remedy any security vulnerabilities discovered. Therefore, Method 500 can be considered an electronic security proactive self-assessment (the controller proactively assessing its own security risks).
[0088] Processing flow 500 can begin at box 505, which is similar to Figure 3A Box 305. Box 505 can be followed by box 520. Box 520 can refer to the controller performing an active self-evaluation. Box 520 can be followed by box 525, which is similar to... Figure 3A Box 325. Box 525 can be followed by box 530, which is similar to... Figure 3A Box 330. Box 530 can be followed by box 535, which is similar to... Figure 3A Box 335.
[0089] At 520, the controller initiates an active electronic assessment. In an embodiment, block 520 may include the controller performing an electronic analysis of password strength / policy (e.g., whether a password policy is enabled, and / or whether the password is vulnerable). This analysis may include, for example, any method of viewing the password strength associated with the controller and / or building automation system 100. Standards surrounding password policies may also be viewed at 520. For example, standards may include guidelines for what is required in passwords (weak password policies may indicate security risks) (e.g., numbers, characters, symbols, password length, etc.).
[0090] Risk scores, vulnerabilities, and recommendations can be presented to the user through the user interface or retrieved / downloaded from the controller's memory. Method 500 can be executed in response to a user's selection to perform an electronic security assessment. Therefore, Method 500 can be an on-demand method for identifying security vulnerabilities.
[0091] In this embodiment, method 500 can be scheduled to run periodically, such as, but not limited to, daily, weekly, monthly, etc. In such an embodiment, the scheduling of method 500 can be selected based on determining the time during which the controller uses relatively little bandwidth. An example of such time could be the period during which the building in the building automation system is not occupied. In this embodiment, method 500 does not affect the normal functioning of the controller.
[0092] It will be understood that the security assessment results can be stored (e.g., in the controller's memory). In such an embodiment, when method 500 is executed again, the method can be used to highlight changes since the last execution of method 500. When a change occurs relative to a previously passed state (e.g., a determined security assessment), the controller can be configured to (e.g., via the controller's user interface) prompt the user or display an alert.
[0093] In an embodiment, method 500 can also be configured such that, in response to the identification of a security vulnerability, the controller automatically modifies its own security settings instead of providing a recommendation at 535. In an embodiment, the modification may follow best practices typically recommended to users (e.g., industry standards, company guidelines, policies, etc.). In an embodiment, method 500 may include recommending the modified settings to the user, who can then choose to accept the settings and complete the modification, or choose not to accept the settings and retain the controller's current settings. In an embodiment, the user may be required to accept and complete the modification to continue using the system.
[0094] Figure 6 A flowchart of a method 600 for performing an electronic security assessment of a building automation system using cloud services, according to an embodiment, is shown.
[0095] The operation flowchart 600 may include one or more operations, actions, or functions depicted by one or more boxes 605, 610, 620, 625, 630, and 635. Although shown as discrete boxes, the various boxes may be divided into additional boxes, combined into fewer boxes, or eliminated, depending on the desired implementation. In an embodiment, method 600 may be performed by a controller and / or a cloud service.
[0096] Method 600 can typically include cloud services electronically assessing various information about controllers and / or building automation systems, with the controllers generating risk scores, risk reports, and recommended actions to remedy any security vulnerabilities discovered. Therefore, Method 600 can be considered an electronic security cloud assessment (cloud service assessment of security risks).
[0097] Processing flow 600 can begin at box 605, which is similar to Figure 3ABox 305. Box 605 may be followed by box 610. At 610, the controller obtains information and data about the egress point (e.g., firewall, egress settings, controller ports, and connected devices in the same network 101) and passes the data to the cloud service. Box 610 may be followed by box 620.
[0098] At point 620, the cloud service tests (e.g., through verification, querying, etc.) and confirms the egress settings of the egress point, and sends the security assessment results (e.g., whether the egress settings are violated, which may indicate a security risk) back to the controller. It will be understood that egress settings can remedy other risks (e.g., public IP addresses). For example, even if a device or controller has a public IP address, a firewall configuration (e.g., the egress) provides security protection, so the public cannot access the device or controller from the internet. In another scenario, even if a device or controller has a private IP address (behind a firewall), if the firewall configuration (e.g., the egress) forwards data from the port to the internet, the device or controller can still be exposed to the public / internet (which may indicate a security risk).
[0099] Box 620 can be followed by box 625, which is similar to... Figure 3A Box 325. Box 625 can be followed by box 630, which is similar to... Figure 3A Box 330. Box 630 can be followed by box 635, which is similar to... Figure 3A Box 335.
[0100] Risk scores, vulnerabilities, and recommendations can be presented to the user through the user interface or retrieved / downloaded from the controller's memory. Method 600 can be executed in response to a user's selection to perform an electronic security assessment. Therefore, Method 600 can be an on-demand method for identifying security vulnerabilities.
[0101] In this embodiment, method 600 can be scheduled to run periodically, such as, but not limited to, daily, weekly, monthly, etc. In such an embodiment, the scheduling of method 600 can be selected based on determining the time when the controller and / or cloud service use relatively little bandwidth. An example of such time could be the period when the building is unoccupied in a building automation system. In this embodiment, method 600 does not affect the normal functionality of the controller.
[0102] It will be understood that the security assessment results can be stored (e.g., in the controller's memory). In such an embodiment, when method 600 is executed again, the method can be used to highlight changes since the last execution of method 600. When the previously passed state (e.g., the determined security assessment) changes, the controller can be configured to (e.g., via the controller's user interface) prompt the user or display an alert.
[0103] In an embodiment, method 600 can also be configured such that, in response to the identification of a security vulnerability, the controller automatically modifies its own security settings instead of providing a recommendation at 635. In an embodiment, the modification may follow best practices typically recommended to users (e.g., industry standards, company guidelines, policies, etc.). In an embodiment, method 600 may include recommending the modified settings to the user, who can then choose to accept the settings and complete the modification, or choose not to accept the settings and retain the controller's current settings. In an embodiment, the user may be required to accept and complete the modification to continue using the system.
[0104] Figure 7 A flowchart of a method 700 for conducting electronic security assessments of multiple building automation systems according to an embodiment is shown.
[0105] Method 700 may typically include initiating an external scan of multiple controllers across multiple building automation systems. For example, the controller vendor may manage a cloud service, where any owner of the controller may opt to join the cloud service. In such an embodiment, if an owner has opted to join the cloud service, the vendor may initiate method 700 for performing an electronic security assessment of the controller.
[0106] Method 700 begins at 750, where a user can initiate an audit / evaluation of multiple registered controllers. As described above, the multiple registered controllers may include those controllers that have been identified as having opted to join the cloud service. In one embodiment, at 750, the audit of multiple registered controllers may include all registered controllers. In another embodiment, at 750, the audit of multiple registered controllers may include fewer than all registered controllers. For example, a user may be able to select the region or location to focus on (e.g., city, state, etc.).
[0107] At point 755, the cloud service or controller causes at least one of methods 300, 400, 500, and 600 to be executed against the registered controller. In an embodiment, at point 755, all methods can be executed against the registered controller.
[0108] At point 760, the cloud service or controller can output a vulnerability summary, including a list of vulnerabilities in the registered controller. For example, this report can be used to inform building administrators or maintenance technicians in the relevant locations that controllers on the network may have security vulnerabilities that may require remediation.
[0109] The embodiments disclosed herein provide methods that can be initiated from, for example, a controller's user interface (or web interface) and provide real-time feedback on the security assessment of an installation (e.g., a controller or building automation system). Some tools can be used to discover controllers (e.g., exposed to the public or the internet) some time after installation (e.g., on a weekly basis) to determine if there are risks that need to be mitigated. This results in discovery delays and significantly increases the complexity of the process due to incompatibility with the controller's user interface. In addition to the inherent security risks from the controller being exposed to the internet, there may be additional costs if technicians have to return to the installation site to properly secure the installation.
[0110] The embodiments disclosed herein can provide (e.g., a controller's) user interface to offer users a security assessment report regarding whether any port on the controller is accessible from or exposed to the internet. Users can also initiate external network scan requests via the user interface, and the controller can forward the requests to a cloud service performing the scan. The controller can display the security assessment results to the user. Based on the results, users can take further action (e.g., remediate security issues).
[0111] The embodiments disclosed herein provide installers (e.g., technicians) of controllers (or building automation systems) with a feasible way to determine whether a controller is exposed to the internet, which can indicate unacceptable and / or unnecessary security risks to the installation. Through the embodiments disclosed herein, installers can ensure that the controller is correctly configured and isolated from the internet before leaving the installation site. This ensures proper installation and reduces backhauls to resolve subsequently discovered problems. External network scans (e.g., via cloud services) can be performed on a scheduled, on-demand, or configuration-change-based basis. The embodiments disclosed herein can also obtain customer consent based on audit findings and mitigation plans or strategies.
[0112] All aspects:
[0113] It should be understood that any one of aspects 1 to 12 and any one of aspects 13 to 20 can be combined with each other.
[0114] Aspect 1. A method for conducting an electronic security assessment of a building automation system, the building automation system comprising a network of controllers and electronic devices connected by electronic communication, the method comprising:
[0115] The controller requests an electronic security scan of the controller using the controller's dataset from a cloud-based service via a secure channel.
[0116] The cloud service initiates a real-time electronic security scan of the controller based on the dataset of the controller;
[0117] The security vulnerabilities of the building automation system are assessed electronically using the cloud service. The assessment of the security vulnerabilities of the building automation system includes one or more of the following: determining whether the controller is protected by a firewall or other network security device; verifying the service configuration of the controller; verifying the Ethernet and Wi-Fi configuration of the controller; determining the open communication ports of the controller; determining whether any routers, bridges or other broadcast devices communicating with the controller are protected by a firewall or other network security device; verifying the security certificates of the open communication ports of the controller; and verifying the server communication of the building automation system.
[0118] The cloud service verifies the exit point of the building automation system;
[0119] The controller electronically assesses security vulnerabilities in a network of electronic devices connected to it via electronic communication. This assessment includes one or more of the following: probing the network, determining whether the network is protected by a firewall or other network security device, verifying the network's Ethernet and Wi-Fi configurations, and identifying open communication ports on the network.
[0120] Based on security vulnerabilities in the building automation system assessed electronically and security vulnerabilities in the electronic device network assessed electronically, a recommended list for addressing the security vulnerabilities in the building automation system is determined.
[0121] Aspect 2. The method according to Aspect 1, wherein determining whether the controller is protected by a firewall or other network security device, verifying the Ethernet and Wi-Fi configuration of the controller, and determining the open communication ports of the controller are performed in real time by the cloud service during the electronic security scan of the controller.
[0122] Aspect 3. The method according to Aspect 1 or Aspect 2, wherein verifying the service configuration of the controller, determining whether any router or bridge or other broadcast device communicating with the controller is protected by a firewall or other network security device, verifying the security certificate of the open communication port of the controller, and verifying that the server communication of the building automation system is performed by the cloud service independently of the electronic security scan of the controller.
[0123] Aspect 4. The method according to any one of Aspects 1 to 3 further includes the controller verifying the password policy of the building automation system.
[0124] Aspect 5. The method according to any one of Aspects 1 to 4 further includes determining the recommended list for addressing security vulnerabilities in the building automation system based on verifying the exit points of the building automation system.
[0125] Aspect 6. The method according to any one of Aspects 1 to 5, wherein the controller is a system control unit that serves as the main controller of the building automation system.
[0126] Aspect 7. The method according to any one of Aspects 1 to 5, wherein the controller is a unit controller in the building automation system.
[0127] Aspect 8. The method according to any one of Aspects 1 to 7, wherein the dataset of the controller includes the IP address of the controller.
[0128] Aspect 9. The method according to any one of Aspects 1 to 8 further includes determining a risk score based on electronically assessing security vulnerabilities in the building automation system.
[0129] Aspect 10. The method according to aspect 9 further includes sending the risk score and the recommended list for addressing security vulnerabilities in the building automation system to a display device for display.
[0130] Aspect 11. The method according to any one of Aspects 1 to 10, wherein the method is scheduled to be executed periodically.
[0131] Aspect 12. The method according to any one of Aspects 1 to 11, wherein the electronic device network is connected electronically via the BACnet protocol.
[0132] Aspect 13. A building automation system, comprising:
[0133] Controller;
[0134] Multiple electronic devices; and
[0135] The network, through which the plurality of electronic devices and the controller communicate electronically,
[0136] The controller is configured to request an electronic security scan of the controller using the controller's dataset from a cloud-based service via a secure channel.
[0137] The cloud-based service is configured as follows:
[0138] Initiate an electronic security scan of the controller based on the dataset of the controller;
[0139] The security vulnerability assessment of the building automation system is conducted electronically. The assessment includes one or more of the following: determining whether the controller is protected by a firewall or other network security device; verifying the controller's service configuration; verifying the controller's Ethernet and Wi-Fi configuration; determining the controller's open communication ports; determining whether any routers, bridges, or other broadcast devices communicating with the controller are protected by a firewall or other network security device; verifying the security certificates of the controller's open communication ports; and verifying the building automation system's server communication.
[0140] Verify the exit point of the building automation system.
[0141] The controller is also configured to electronically assess security vulnerabilities in the network of electronic devices connected to the controller via electronic communication. The assessment of security vulnerabilities in the network of electronic devices includes one or more of the following: probing the electronic devices, determining whether the electronic devices are protected by firewalls or other network security devices, verifying the Ethernet and Wi-Fi configurations of the electronic devices, and identifying the open communication ports of the electronic devices.
[0142] The controller is also configured to determine a recommended list for addressing security vulnerabilities in the building automation system based on security vulnerabilities in the building automation system assessed electronically and security vulnerabilities in the electronic device network assessed electronically.
[0143] Aspect 14. The system according to Aspect 13, wherein determining whether the controller is protected by a firewall or other network security device, verifying the Ethernet and Wi-Fi configuration of the controller, and determining the open communication ports of the controller are performed in real time by the cloud service during the electronic security scan of the controller.
[0144] Aspect 15. The system according to aspect 13 or aspect 14, wherein the service configuration of the controller is verified, it is determined whether any router or bridge or other broadcast device communicating with the controller is protected by a firewall or other network security device, the security certificate of the open communication port of the controller is verified, and the server communication of the building automation system is verified to be performed by the cloud service independently of the electronic security scan of the controller.
[0145] Aspect 16. The system according to any one of Aspects 13 to 15, wherein the controller is further configured to verify the password policy of the building automation system.
[0146] Aspect 17. The system according to any one of Aspects 13 to 16, wherein the controller is configured to determine the recommended list for addressing security vulnerabilities of the building automation system based on empirically verified exit points of the building automation system.
[0147] Aspect 18. The system according to any one of Aspects 13 to 17, wherein the controller is a system control unit that serves as the main controller of the building automation system.
[0148] Aspect 19. The system according to any one of Aspects 13 to 18, wherein the dataset of the controller includes the IP address of the controller.
[0149] Aspect 20. The system according to any one of Aspects 13 to 19, wherein the controller is further configured to determine a risk score based on security vulnerabilities of the building automation system assessed electronically.
[0150] The terminology used in this specification is intended to describe particular embodiments and not to be limiting. Unless explicitly stated otherwise, the terms "a," "an," and "the" also include the plural forms. When used in this specification, the terms "comprising" and / or "including" specify the presence of the stated features, integers, steps, operations, elements, and / or components, but do not exclude the presence or addition of one or more other features, integers, steps, operations, elements, and / or components.
[0151] Regarding the foregoing description, it should be understood that detailed changes can be made without departing from the scope of this disclosure, particularly in terms of the construction materials used and the shape, size, and arrangement of parts. This specification and the described embodiments are merely exemplary, and the true scope and spirit of this disclosure are indicated by the following claims.
Claims
1. A method for conducting an electronic security assessment of a building automation system, the building automation system comprising a network of controllers and electronic devices connected via electronic communication, the method comprising: The controller requests an electronic security scan of the controller using the controller's dataset from a cloud-based service via a secure channel. The cloud service initiates a real-time electronic security scan of the controller based on the controller's dataset; The security vulnerabilities of the building automation system are assessed electronically using the cloud service. The assessment of the security vulnerabilities of the building automation system includes one or more of the following: determining whether the controller is protected by a firewall or other network security device; verifying the service configuration of the controller; verifying the Ethernet and Wi-Fi configuration of the controller; determining the open communication ports of the controller; determining whether any routers, bridges or other broadcast devices communicating with the controller are protected by a firewall or other network security device; verifying the security certificates of the open communication ports of the controller; and verifying the server communication of the building automation system. The cloud service verifies the exit point of the building automation system; The controller electronically assesses security vulnerabilities in a network of electronic devices connected to it via electronic communication. This assessment includes one or more of the following: probing the network, determining whether the network is protected by a firewall or other network security device, verifying the network's Ethernet and Wi-Fi configurations, and identifying open communication ports on the network. Based on the electronic assessment of security vulnerabilities in the building automation system and the electronic network of the electronic devices, a recommended list for addressing the security vulnerabilities in the building automation system is determined.
2. The method of claim 1, wherein determining whether the controller is protected by a firewall or other network security device, verifying the Ethernet and Wi-Fi configuration of the controller, and determining the open communication ports of the controller are performed in real time by the cloud service during the electronic security scan of the controller.
3. The method of claim 1, wherein verifying the service configuration of the controller, determining whether any router or bridge or other broadcast device communicating with the controller is protected by a firewall or other network security device, verifying the security certificate of the open communication port of the controller, and verifying that the server communication of the building automation system is performed by the cloud service independently of the electronic security scan of the controller.
4. The method according to claim 1 further includes verifying the password policy of the building automation system by the controller.
5. The method of claim 1, further comprising determining the recommended list for addressing security vulnerabilities in the building automation system based on verifying the exit points of the building automation system.
6. The method according to claim 1, wherein the controller is a system control unit serving as the main controller of the building automation system, or the controller is a unit controller in the building automation system.
7. The method of claim 1, wherein the dataset of the controller includes the IP address of the controller.
8. The method of claim 1, further comprising determining a risk score based on an electronic assessment of security vulnerabilities in the building automation system.
9. The method of claim 8, further comprising sending the risk score and the recommended list for addressing security vulnerabilities in the building automation system to a display device for display.
10. The method of claim 1, wherein the method is scheduled to be executed periodically.
11. The method of claim 1, wherein the electronic device network is connected electronically via the BACnet protocol.
12. The method of claim 1, wherein said electronically assessing, by the cloud service, the building automation system for security vulnerabilities comprises: Determine whether the controller is protected by a firewall or other network security device, verify the service configuration of the controller, verify the Ethernet and Wi-Fi configuration of the controller, determine the open communication ports of the controller, determine whether any routers, bridges or other broadcast devices communicating with the controller are protected by firewalls or other network security devices, verify the security certificate of the open communication ports of the controller, and verify the server communication of the building automation system; The electronic assessment of security vulnerabilities of the network of electronic devices connected to the controller via electronic communication by the controller includes: probing the network of electronic devices, determining whether the network of electronic devices is protected by a firewall or other network security devices, verifying the Ethernet and Wi-Fi configurations of the network of electronic devices, and identifying the open communication ports of the network of electronic devices.
13. A building automation system, comprising: Controller; Multiple electronic devices; as well as The network, through which the plurality of electronic devices and the controller communicate electronically, The controller is configured to request an electronic security scan of the controller using the controller's dataset from a cloud-based service via a secure channel. The cloud-based service is configured as follows: Initiate the electronic security scan of the controller in real time based on the dataset of the controller; The security vulnerability assessment of the building automation system is conducted electronically. The assessment includes one or more of the following: determining whether the controller is protected by a firewall or other network security device; verifying the service configuration of the controller; verifying the Ethernet and Wi-Fi configuration of the controller; determining the open communication ports of the controller; determining whether any routers, bridges, or other broadcast devices communicating with the controller are protected by a firewall or other network security device; verifying the security certificates of the open communication ports of the controller; and verifying the server communication of the building automation system. as well as Verify the exit point of the building automation system. The controller is also configured to electronically assess security vulnerabilities in the network of electronic devices connected to the controller via electronic communication. The assessment of security vulnerabilities in the network of electronic devices includes one or more of the following: probing the electronic devices, determining whether the electronic devices are protected by firewalls or other network security devices, verifying the Ethernet and Wi-Fi configurations of the electronic devices, and identifying the open communication ports of the electronic devices. The controller is also configured to determine a recommended list for addressing security vulnerabilities in the building automation system based on security vulnerabilities in the building automation system assessed electronically and security vulnerabilities in the electronic device network assessed electronically.
14. The building automation system of claim 13, wherein determining whether the controller is protected by a firewall or other network security device, verifying the Ethernet and Wi-Fi configuration of the controller, and determining the open communication ports of the controller are performed in real time by the cloud service during the electronic security scan of the controller.
15. The building automation system of claim 13, wherein verifying the service configuration of the controller, determining whether any router or bridge or other broadcast device communicating with the controller is protected by a firewall or other network security device, verifying the security certificate of the open communication port of the controller, and verifying that the server communication of the building automation system is performed by the cloud service independently of the electronic security scan of the controller.
16. The system of claim 13, wherein the controller is further configured to verify the password policy of the building automation system.
17. The system of claim 13, wherein the controller is configured to determine the recommended list for addressing security vulnerabilities in the building automation system based on empirically validated exit points of the building automation system.
18. The system of claim 13, wherein the controller is a system control unit serving as the main controller of the building automation system, and / or the dataset of the controller includes the IP address of the controller.
19. The system of claim 13, wherein the controller is further configured to determine a risk score based on security vulnerabilities of the building automation system assessed electronically.
20. The system of claim 13, wherein the assessing the security vulnerabilities of the building automation system comprises: The system determines whether the controller is protected by a firewall or other network security device, verifies the controller's service configuration, verifies the controller's Ethernet and Wi-Fi configuration, determines the controller's open communication ports, determines whether any routers, bridges, or other broadcast devices communicating with the controller are protected by firewalls or other network security devices, verifies the security certificates of the controller's open communication ports, and verifies the building automation system's server communication. The assessment of security vulnerabilities in the network of the electronic device includes: probing the electronic device, determining whether the electronic device is protected by a firewall or other network security device, verifying the Ethernet and Wi-Fi configuration of the electronic device, and identifying the open communication ports of the electronic device.