Lesson 2D – Commercial Building Automation
This lesson describes the components of commercial Building Automation Systems (BAS), a very common implementation of industrial control systems (ICS), and related security issues.
- Define Building Automation Systems (BAS)
- Identify the components of a BAS
- Describe the functions of a BAS and the vulnerabilities that are associated with those functions
- Explain how BAS can be secured
- Identify factors that will influence innovation in the BAS space over the next one to two decades
- K0309: Knowledge of emerging technologies that have potential for exploitation by adversaries.
- K0335: Knowledge of current and emerging cyber technologies.
- K0437: Knowledge of general SCADA system components.
- K0612: Knowledge of what constitutes a “threat” to a network.
- S0001: Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
- S0027: Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
- S0034: Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
- S0085: Skill in conducting audits or reviews of technical systems.
- S0228: Skill in identifying critical target elements, to include critical target elements for the cyber domain.
- S0278: Skill in tailoring analysis to the necessary levels (e.g., classification and organizational).
- A0001: Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
- A0034: Ability to develop, update, and/or maintain standard operating procedures (SOPs).