The BACnet standard (ANSI/ASHRAE Standard 135) has included optional network security functionality since it was originally published in 1995, and there was a major change to that functionality published in 2010. However, BACnet’s network security functionality has never been widely implemented in commercial building automation products. Building owners have often deployed VLANs, VPNs, and physically separate networks to make it more difficult for the operation of building automation systems to be disrupted (intentionally or unintentionally) by other network-connected devices.
An ongoing project within the BACnet committee has resulted in a proposal for a new BACnet data link that is built on the WebSocket and TLS protocols, which are widely used Internet technologies. (TLS is commonly used to secure the communication between web browsers and web servers.) As specified in the proposal, TLS would enable industry-standard encryption and certificate-based device authentication in BACnet-based systems that employ the new data link. BACnet routers would be used to enable interoperability with devices that communicate using one of the other BACnet data links.
The document that contains the specification for the proposed new data link is in public review through July 16, 2018, and it can be downloaded here.
Comments will be approved before showing up.