User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

Cybersecurity Basics

Introduction

14 | 85

A6V11646120_enUS_b_40

1 Cybersecurity Basics

1.1 Introduction

Cybersecurity includes all mechanisms for defending IT systems (such as computers,

devices like primary controllers or web servers of a building automation system)

against loss of system and information confidentiality, integrity and availability through

unauthorized access, disruption, modification, destruction or retrieval of Unrestricted

information as well as the usage of information gained without authorization through

fraud and other criminal acts. Cybersecurity can be implemented according to the

requirements set out by different industry and national standards that usually define

various protection levels depending on the usage of the system and the acceptable

risk level.

So far, the large majority of Cybersecurity breaches have been attacks on traditional

computer systems, such as internet, intranet or home networks. Damages caused

include denial of service, theft of critical private and business information, the

defrauding of bank accounts and credit cards and, most recently, so-called

ransomware.

In contrast, there have been fewer attacks on industrial controllers, such as building

automation controllers because they mostly run on proprietary operating systems, the

hardware has limited functionality and they are rarely connected to other networks.

Recently, industrial controllers have started to adopt mainstream computer standards

in order make them cheaper and more powerful; they are also very often connected to

other customer networks and the internet which, in turn, makes them more vulnerable

to attackers. Moreover, interconnections can be used to launch an attack from the

corporate network to the automation one and vice versa.

Therefore, it becomes important to provide an adequate level of security together with

modern building technology solutions.

1.2 Threat and Risk Terminology

The following is a brief glossary of common terminology used in Cybersecurity.

An asset is a material or immaterial entity that must be protected. It is important to list

the relevant assets and understand their values (for the business and potential

attackers) in order to define the correct level of protection.

A vulnerability is a weakness or lack of protection of a system that can be exploited.

Examples are hardcoded passwords, network services that do not properly verify their

inputs, self-made cryptography algorithms, and so on.

The exposure defines how easily an attacker can get access to the system in order to

perform malicious actions. Typically, the exposure is high if the system is connected to

the internet and can thus be reached from remote.

A threat is any potential damage that can result from the exploitation of vulnerability

by a threat agent, for example, a hacker can spot and use a hardcoded password to

gain access to a system.

The impact is the amount of damage that is suffered by assets in case there is a

Cybersecurity incident. In some cases, it is possible to estimate the extent of the

damage, even in monetary terms, such as the costs of replacing devices. However,

more often, the damage involves a loss of reputation and other intangible assets that

are difficult to calculate.

A risk is the probability that the threat agent would find and exploit the vulnerability

weighted with the relative impact on the business, for example, a hacker can find the

default admin password in some documentation: if the password was not properly