July/August/September 2019 I 39
Cybersecurity's Path in the Future of BACnet
"I don't know any system out there that's impenetrable," claims Kevin Mitnick, perhaps
the most notable hacker of all time who in the early 1990s was on the FBI's Most
Wanted List for breaking into the computer systems of numerous government agencies
and over 40 major corporations. Having hacked more for fun than malicious intent
and having served a five-year prison sentence, Mitnick is now a respected security
consultant for companies and governments worldwide. He warns that "People need
to know. The internet of things (IoT) is exploitable, just like any other device."
1
BACnet, an ANSI/ASHRAE and global ISO standard (16484-5:2017) once focusing
primarily on the heating, ventilation, and air conditioning (HVAC) system, has entered
the world of IoT, internet protocol (IP), and IT and operational technology (OT) network
convergence. Throughout the years, BACnet has expanded to cover lighting controls,
security and access control systems (ACS), smart meters, elevator controls, gas analyzers,
uninterruptible power supplies (UPS) and many other building automation system (BAS)
applications. The over 25 million BACnet devices deployed worldwide
2
are easy points
of entry for even a novice hacker.
By Daniel Tan and
Jeff Downton