Open Protocols and Security Systems

The security market has not adopted many standards to communicate between manufacturers. The primary focus of standard protocols in security systems has been at the card and reader level (ABA, Wiegand) and the biometric level (BioAPI, BAPI, CDSA/HRS, CBEFF, X9.84, M1) but not at the device and system levels. This has been a protectionist move on the part of security vendors. The manufacturers have been successful in countering the end-users desire for competitive project bidding with the fear of potential security holes in the system.

There is justification for the argument they are using. When BACnet and LonMark were developed, security applications were not initially considered, and protecting the data was not part of the design. The open protocols mentioned in this paper are open to anyone using a compatible tool. Any person can plug into vendor A’s network, and potentially take control of all of vendor A’s devices. This hole is unacceptable for security applications. Life safety systems have felt comfortable using BACnet, since they can present critical data as “read-only”; and the fire panels make the critical decisions on their own and typically don’t need to be re-programmed on a regular basis.

With an access control system, decisions and programming are constantly being made from a workstation that needs to securely communicate the instructions and updates to the field panels. An access control system is programmed whenever a card record or a door schedule is changed. Information about who enters or leaves a facility is highly sensitive and should be available to only the appropriate operators. The same is true for viewing live and recorded CCTV images.

The BACnet committee (ASHRAE SSPC-135) is approaching deficiencies in security systems in two ways. First the Network Security working group (WG-NS) has been actively developing user-based security and outlining standard encryption methods for BACnet as a means to secure the network. The other enhancement to BACnet currently in development by the Life Safety and Security working group (WG-LSS) is access control objects and services. As with all ASHRAE committees, these security enhancements are being made with a collaborative effort between end-users and security manufacturers. The result will be an application-focused design that will allow security devices from BACnet manufacturers to interoperate using current and newly created rich services.

—From a Solutions White Paper by Andover Controls titled, "BACnet without Limits".