INF.14 Building Automation

Description

Introduction

Building Automation (BA, English: Building Automation and Control Systems, BACS) fully or partially automates the cross-trade operation of buildings and provides the technical infrastructure for this purpose. Essential technical functions of a building are provided by the building services equipment (BSE), which is operated, maintained, and further developed through the services of technical building management (TBM). BA is thus a central tool of TBM for implementing the defined objectives for building operations. It encompasses all products and services for the comprehensive, automated operation of BSE. Criteria for the objectives can be functionality, energy efficiency and sustainability, safety, availability, or comfort. BA can be scaled to services for buildings, building complexes, properties, or property portfolios. The term “building” is used uniformly for all of these below. Exceptions are explicitly noted.

BA performs, among other things, automation tasks such as automated measuring, controlling, and regulating (MCR) as well as tasks for monitoring, service and diagnosis, optimization, operation, and management for the BSE of a building.

BA is provided within a building for one or, where applicable, multiple demand organizations, for example tenants. For this purpose, BSE is usually controlled separately for different BA areas, for example for demand organizations or for parts of a building.

In a building, BA can be implemented by multiple parallel BA systems depending on the BSE used. A BA system represents the technical realization of BA and can also be used across multiple buildings within a building complex or a property. Different BA systems can cooperate but can also be operated completely independently of each other.

While BSE was often not operated in a comprehensively automated manner in the past, BA systems are increasingly being used today for higher-level, cross-trade control of BSE. For this purpose, technologies that were originally only used in information technology (IT) and industrial process control and automation technology (Operational Technology, OT) are increasingly being employed, e.g., communication via the internet and cloud services.

Objective

The objective of this building block is to establish information security as an integral component in the planning, implementation, and operation of BA.

Scope and Modeling

The building block INF.14 Building Automation is to be applied to the BA of an institution as soon as BSE in buildings is controlled by means of BA. The building block is to be applied only to the interfaces of BA to BSE installations; the BSE installations with their internal networks and network structures are not the focus of this building block.

The building block INF.14 Building Automation addresses systems and services that must be considered and fulfilled when BA, possibly consisting of multiple BA systems, is planned, set up, and operated. Specific circumstances that apply to networks and network components of BA are also addressed.

The following content is also relevant and is addressed elsewhere:

• The general requirements for BA and BSE that do not primarily address aspects of comprehensive, automated measuring, controlling, and regulating are addressed in the building block INF.13 Technical Building Management. This must always be considered alongside.
• Requirements for general infrastructure, particularly buildings and rooms or workplaces, are addressed in the building blocks of the INF Infrastructure layer (e.g., building block INF.1 General Building).
• If parts of the BA required for an institution are provided by another institution, e.g., by service providers in the role of building operators (operating organization), the building block OPS.2.3 Outsourcing Use must be applied for the provision and operation of BA.
• Specific requirements for BA components that can also be used in the area of industrial IT or OT are addressed in the building blocks of the IND Industrial IT layer (see e.g., building block IND.2.3 Sensors and Actuators or building block IND.2.7 Safety Instrumented Systems).
• The building block NET.1.1 Network Architecture and Design addresses the fundamental aspects for networks as applicable in BA and industrial IT alongside office IT. General requirements for securing network components are addressed in the building blocks in NET.3 Network Components (e.g., building block NET.3.1 Routers and Switches).
• Furthermore, all suitable organizational and technical building blocks for servers and applications are to be applied. For example, for remote access to BA components, the building block OPS.1.2.5 Remote Maintenance is to be applied.
• If the networking of buildings is cloud-based, the building block OPS.2.2 Cloud Usage is additionally to be applied.

Threat Landscape

Since IT-Grundschutz building blocks cannot address individual information domains, typical scenarios are used to illustrate the threat landscape. The following specific threats and vulnerabilities are of particular relevance for the building block INF.14 Building Automation.

Inadequate Planning of BA

BA serves the coordinated, comprehensive control of BSE installations. Inadequate planning of BA can thus lead to material or financial damage and, in the worst case, to personal injury.

This can occur, for example, when, due to inadequate redundancy planning, the central control system of an access control installation fails and persons are trapped in an airlock.

The described threat situation in BA is further exacerbated by the complexity of planning. Here, heterogeneous groups of BSE installations (trades) as well as a large number of different service providers and BA areas must be taken into account.

Faulty Integration of BSE Installations into BA

BA controls BSE installations comprehensively. If even one installation is incorrectly or inadequately integrated, the functionality of the entire BA can be impaired.

For example, incoming messages can be misinterpreted or messages do not reach BA, so that BA reacts incorrectly or not at all. If, for example, the information from the access control installation is not received correctly or at all, heating and shading for the corresponding rooms may possibly not be controlled appropriately.

Use of Insecure Systems and Protocols in BA

In the BSE installations controlled by BA, components are frequently used that, for example due to their age, no longer receive updates, have vulnerabilities, or no longer correspond to the current state of the art. This often results from inadequate quality in the development and maintenance processes of manufacturers or from software that uses insecure protocols due to insufficient computing and storage capacity.

In addition, manufacturers frequently do not provide patches, so that insecure BA-relevant components are also used over a very long period of time. The threat is amplified by the fact that in BA, access to such components must be enabled.

Faulty Configuration of Building Automation

Depending on which areas of BA are incorrectly configured, this can lead to impairments in operational processes, unauthorized physical access to protected areas, damage to systems up to building and personal injury.

Examples of this include:

• Incorrectly configured air conditioning, which can lead to overheating and failure of IT systems or, in appropriate weather conditions, even to impairments to the health of persons.
• Systems of building technology that are not configured in a coordinated manner can lead to personal and system damage if, for example, power and extinguishing systems are not operated in a coordinated manner.
• Incorrectly configured access systems can also lead to personal injury if doors cannot be opened in an emergency.

The threat is particularly relevant for BA because, due to a lack of testing options, an incorrect configuration can often not be detected before going live. This can also occur with an incorrect update or a faulty update process that renders a BA system unusable.

Manipulation of Interfaces from Independent BSE Installations to Building Automation

Manipulated interfaces between BA systems and coupled BSE installations can lead to incorrect responses in BA.

An example of this is that a manipulated message from a fire alarm system can cause all doors to be opened automatically, thereby granting unauthorized persons access to the building.

Inadequately Protected Access Points to BA

BA encompasses a large number of components that provide, exchange, and receive cross-installation information, e.g., for locating personnel or for room automation. The devices communicate via LAN and WLAN, but also via other wireless technologies such as Bluetooth.

If such network access points are not adequately protected, DoS attacks can be carried out through them. BA systems can also be manipulated or sabotaged and, if applicable, even the entire IT infrastructure of the institution can be reached. Manipulated BA systems can then cause increased data volumes up to an overload of networks and components. Data exfiltration or the introduction of malware is also possible via an inadequately protected access point.

Inadequately Secured Control Elements of BA

If easily accessible control elements of BA are inadequately secured, BA can be attacked through them. Examples of this are wall-mounted control elements or control elements used by gatehouse personnel, with which e.g., remote doors or gates can be opened.

If access to such control elements is inadequately protected, e.g., through missing authentication, unauthorized access can be enabled.

Inadequately protected connections of control elements, such as LAN or USB interfaces, can also provide unauthorized access.

Inadequately Secured Mobile Communications Connections

Particularly in the field and automation level, BA components must frequently be used that are connected to the respective manufacturer or to service providers such as a weather service via a mobile communications interface. If these interfaces and the communication are inadequately protected and permanently active, they provide unauthorized persons or during attacks with access to the BA network.

Requirements

The following are the specific requirements of the building block INF.14 Building Automation. The Information Security Officer (ISO) is responsible for ensuring that all requirements are met and verified in accordance with the established security concept. The ISO must always be involved in strategic decisions.

Additional roles are defined in the IT-Grundschutz Compendium. They should be filled where meaningful and appropriate.

Exactly one role should be Primarily responsible. There may also be Additional responsibilities. If one of these additional roles is primarily responsible for fulfilling a specific requirement, that role is listed in square brackets after the requirement heading. The use of singular or plural does not imply anything about the number of persons filling these roles.

Basic Requirements

The following requirements MUST be met as a priority for this building block.

INF.14.A1 Planning of Building Automation (B) [Planners]

For the trades controlled by Building Automation (BA), it MUST be determined how BA can be designed securely.

BA MUST be considered already during the planning of new construction, conversion, extension, and renovation of a building. Therefore, BA MUST be taken into account in the planning and construction processes, including in connection with Building Information Modeling (BIM), for all BA-relevant components and BSE installations.

Within the scope of BA planning, the BA systems to be established MUST be specified. It MUST be determined to what extent BSE installations are to be automatically controlled via the BA system.

BA SHOULD be planned so that as few different BA systems as well as communication protocols and interfaces as possible are used for coupling and integrating BSE installations. Secure and standardized protocols and interfaces SHOULD be used. For a decision regarding the necessary systems, protocols, and interfaces, the expected functionality SHOULD be weighed against the potentially increased effort for operational and information security.

The planning SHOULD be documented, regularly and additionally updated as needed, and adapted to the state of the art.

Furthermore, the planning SHOULD be regularly and additionally compared with the current configuration as needed (target-actual comparison).

INF.14.A2 Establishment of a Commissioning and Interface Management for BA (B)

Due to the large number of BSE installations and components in buildings that are connected in BA systems, the procedure for commissioning the involved BSE installations and BA-relevant components MUST be coordinated with each other and defined comprehensively. This procedure MUST be implemented in a coordinated manner to ensure a fully functional building.

Likewise, clear interfaces between the operating organizations of BA and BA-relevant components as well as the operating organizations of BSE installations MUST be defined.

Commissioning and interface management MUST be documented. Both regularly and additionally as needed, the specifications MUST be reviewed and, if necessary, adjusted. In particular, when changes are made within BA systems, the specifications MUST be adapted.

INF.14.A3 Secure Connection of BSE Installations and BA Systems (B)

For all BSE installations, BA systems, and BA-relevant components, it MUST be determined whether actions may be triggered by other BSE installations, BA systems, or BA-relevant components. If such integration is permissible, it SHOULD be regulated which automated actions may be triggered by which information from a BA system.

If a BSE installation cannot or may not be integrated into a BA system, but is to be coupled to a BA system, it MUST be determined which information from the BSE installation is to be reported to the BA system.

Both the integration of BSE installations into a BA system and the feedback-free coupling of BSE installations to BA systems MUST be adequately secured. The connection of BA systems to each other MUST also be adequately secured.

For this purpose, in particular the process and function chains within a BA system or between BA systems MUST be adequately planned. In doing so, all transitions between trades and technologies MUST be taken into account.

These process and function chains MUST be comprehensively tested and adjusted in the event of malfunction.

The specifications MUST be fully documented. Both regularly and additionally as needed, it SHOULD be checked whether the documentation is still up to date. In the event of deviations, the cause of the deviations MUST be investigated and remedied.

INF.14.A4 Consideration of Alarm Systems in BA (B) [Planners]

Alarm systems including security systems MUST be coupled to BA systems in a feedback-free manner. They MUST NOT be integrated into a BA system.

For network-based connection, physically separate network components and physically separate segments MUST be used. If wireless networks are used for coupling, such BSE installations MUST be designated as primary users for the frequency bands used. Certified mechanisms SHOULD be used for communication via wireless networks.

INF.14.A5 Documentation of BA (B)

For BA, the large number of different components and access points MUST be documented. The documentation MUST be reviewed and updated regularly and when changes are made within BA.

In particular, all deactivated physical communication interfaces, protocols, and access points or access options for BA MUST also be documented. Furthermore, all interactions and dependencies of BA-relevant components as well as BSE installations that are integrated into or coupled with BA systems MUST be documented. The available and used security properties of the protocols used SHOULD be documented.

The documentation SHOULD be coordinated across all BA systems with regard to contents and their data structures.

INF.14.A6 Separation of BA Networks (B) [Planners, IT Operations]

BA networks MUST be at least logically separated from office networks and other networks of the institution. All communication between BA systems and other IT systems MUST be controlled and regulated. For this purpose, corresponding components with security functions, at minimum with firewall functionality, MUST be provided at all transitions of such segmentation.

If BA is centrally established for a building complex or a property, the cross-building BA communication via LAN, WLAN, WAN, wireless network, or internet connections MUST also be separated at the network level.

Standard Requirements

Together with the basic requirements, the following requirements represent the state of the art for this building block. They SHOULD generally be met.

INF.14.A7 Establishment of a Security Policy for BA (S)

Based on the general security policy of the institution and the comprehensive security policy for TBM, the security requirements for BA, i.e., for all BA systems, SHOULD be specified in a BA security policy. This policy SHOULD be known to all persons involved in planning, procurement, implementation, and operation of BA systems and SHOULD form the basis for their work. The contents and the implementation of the required policy contents SHOULD be regularly reviewed, adapted if necessary, and the results of the review documented in a traceable manner.

The security policy SHOULD also specify requirements for development and testing for the use of BA systems.

INF.14.A8 Requirements Specification for BA Systems (S)

Based on the BA security policy, a comprehensive requirements specification SHOULD be created for BA and a separate requirements specification for each BA system. From the requirements, all essential elements for the architecture and design of the respective BA system and the coupling of BA systems SHOULD be derivable.

The requirements specification SHOULD be documented and regularly and additionally adapted to the state of the art as needed. Furthermore, the implementation of requirements SHOULD be regularly reviewed.

In BA, ONLY components SHOULD be used that provide authentication at minimum via a changeable login name and a changeable password.

INF.14.A9 Development of a BA Concept (S)

Based on the BA security policy and the requirements specifications, a comprehensive BA concept SHOULD be developed for BA. Derived from this, detailed concepts SHOULD be developed for all BA systems. The concepts SHOULD adequately address at minimum the following points:

• all BSE installations integrated into the respective BA system
• all BSE installations coupled with the respective BA system
• all BA-relevant components with the respective communication connections

The concepts SHOULD describe all technical and organizational requirements. The created concepts SHOULD be regularly reviewed and, if necessary, updated.

INF.14.A10 Formation of Independent BA Areas (S) [Planners]

In BA, BA areas SHOULD be planned and implemented in such a way that dependencies between BA areas are minimized and BA areas can be controlled independently. A fault in one BA area SHOULD have no or only minor effects on other BA areas.

In particular, buildings within a building complex or a property SHOULD be separately controllable.

The established BA areas SHOULD also be correspondingly visible in the BA management system.

INF.14.A11 Securing Freely Accessible Ports and Access Points of BA (S) [Planners]

The connection of components, particularly of unauthorized, unknown components and third-party devices, SHOULD be controlled and restricted, especially at freely accessible Ethernet ports, USB ports, and other interfaces of BA.

The connection of an unauthorized or unknown component SHOULD be included in event logging. Direct IP-based communication from such components with BA systems SHOULD be prevented (see INF.14.A13 Network Segmentation in BA).

For freely accessible LAN or WLAN access points, network access control in accordance with IEEE 802.1X or comparable security mechanisms SHOULD be used. With this, inadequately authenticated and authorized components SHOULD be positioned in separate network segments.

Freely accessible interfaces for temporary maintenance purposes, such as USB ports on BA components, SHOULD only be activated when needed.

INF.14.A12 Use of Secure Transmission Protocols for BA (S)

For configuration, maintenance, and control of BA-relevant components based on Ethernet and IP, secure protocols SHOULD be used if communication does not take place via trusted network segments.

Outside of trusted network segments, communication via Ethernet and IP between BA systems SHOULD be encrypted. Encryption SHOULD be carried out using the currently applicable encryption mechanisms.

INF.14.A13 Network Segmentation in BA (S) [Planners]

Within the BA network, network segmentation SHOULD be implemented that appropriately separates individual BA systems, individual BSE installations, or individual groups of BSE installations within a BA system from each other.

For the transitions between segments, corresponding rules SHOULD be defined and components with security functions, at minimum stateful packet filters, SHOULD be used for implementation.

INF.14.A14 Use of BA-Appropriate Access Protection (S)

For BA, an identity and authorization management system SHOULD be used in accordance with building block ORP.4 Identity and Authorization Management that adequately implements the requirements of BA. For this purpose, a BA-specific authentication solution or a suitable replication of a central authentication solution of the institution SHOULD be implemented depending on requirements. All BA-relevant components SHOULD be included in the authentication solution to the extent possible.

Operators of BA systems, operators of BSE installations, and also demand organizations SHOULD be adequately considered in the role and authorization concept with regard to BA. This SHOULD be planned and coordinated with particular care when BA is provided across institutional boundaries.

All BA-relevant components, including components of the field level and control elements, SHOULD be able to implement suitable functions for securing access. Components that do not offer access protection or for which the access parameters specified by the manufacturer cannot be changed SHOULD NOT be used.

INF.14.A15 Securing BA-Specific Networks (S)

If security mechanisms for communication are available in BA-specific networks such as BACnet, these SHOULD be used. At minimum, mechanisms for authentication and encryption SHOULD be used.

For BA-specific networks that cannot implement adequate security mechanisms, consideration SHOULD be given to migrating them to a BA-specific network with adequate security mechanisms.

In general, communication with BA-specific networks SHOULD be controlled and, if necessary, regulated by coupling elements with security functions.

INF.14.A16 Securing Wireless Communication in BA Networks (S) [Planners]

In BA networks based on wireless communication such as EnOcean, the security mechanisms of the respective radio technology SHOULD be used to secure communication. In particular, adequate authentication and encryption at the air interface SHOULD be implemented. If this is not possible for the corresponding end devices, the communication for these end devices SHOULD be controlled at the transition to wired networks, e.g., by a component with firewall functionality.

Furthermore, possible interference with the propagation of radio waves, for example due to shadowing, SHOULD be taken into account when planning BA networks.

INF.14.A17 Securing Mobile Communications in BA Networks (S) [Planners]

If mobile communications are used within the scope of BA, the security mechanisms of the respective mobile communications networks SHOULD be used for such BA networks.

If public mobile communications networks such as 5G or Sigfox are used in BA, uncontrolled direct IP-based communication with BA-relevant components SHOULD be prevented.

BA components SHOULD only be equipped with a dedicated connection to a public mobile communications network if this is essential for their operation. For this purpose, it SHOULD be examined and determined for which BA components a connection to public mobile communications networks is necessary.

If separation of BA networks is not possible in the public mobile communications network, e.g., with 5G with slicing, decoupling of IP communication by an Application Layer Gateway (ALG) SHOULD take place in the communication path.

If mobile communications technologies are used in BA as part of the public mobile communications infrastructure of a mobile communications company, one or more virtual mobile communications networks that are exclusively available to BA SHOULD be realized using the means of the respective mobile communications technology.

If self-contained private mobile communications networks are established locally on campus in BA using mobile communications technologies such as LTE and 5G, the transition between these mobile communications networks and other networks SHOULD be secured by a coupling element with firewall functionality. Segmentation into multiple virtual mobile communications networks SHOULD also be implemented for private mobile communications networks.

INF.14.A18 Secure Connection of BA-External Systems (S)

Communication between BA systems and BA-external systems SHOULD only be possible via defined interfaces and with defined IT systems. Communication SHOULD be authenticated and encrypted.

The possible interfaces to BA-external systems SHOULD be restricted to the necessary minimum.

INF.14.A19 Use of Dedicated Address Ranges for BA Networks (S) [Planners]

Dedicated address ranges SHOULD be used for BA that differ in particular from the address ranges of office IT and OT. For these address ranges, it SHOULD be determined from which ranges static addresses are assigned and which BA-relevant components receive static addresses.

If network areas connected to BA such as BSE installations use identical address ranges (replication of installation configurations), these MUST be positioned in separate segments to prevent address conflicts. In this case, cross-segment communication MUST be secured by appropriate mechanisms, for example by using an ALG or Network Address Translation (NAT).

INF.14.A20 Avoidance of Broadcast Communication in BA Networks (S) [Planners]

In BA networks, the broadcast load on OSI Layer 2 or OSI Layer 3 for uninvolved systems and components SHOULD be minimized to avoid overloading. For this purpose, communication SHOULD be switched to group-specific multicasts or this SHOULD be appropriately taken into account in segmentation planning.

INF.14.A21 Display of the Validity of Information in BA Systems (S)

A BA system SHOULD visualize whether the displayed information regarding time, location, value, state, or event is based on information received according to plan. Information displaying simulated or “frozen” values SHOULD be recognizable or trigger an alarm depending on the protection needs of the BSE installations.

INF.14.A22 Ensuring Autonomously Functioning BA Systems and BSE Installations (S) [Planners]

Within a BA system, it SHOULD be ensured that BSE installations can also function autonomously independently of the connection to the BA system in accordance with their protection needs. In particular, BA systems SHOULD be configured so that there are no operationally preventing dependencies on TBM, other BA systems, or BSE installations. A BSE installation SHOULD also remain operational and perform its function for a certain period in accordance with the respective protection needs in the event of failure of the connection to BA.

INF.14.A23 Use of Physically Robust Components for BA (S) [Planners]

Depending on the deployment conditions of components in BA, correspondingly physically robust components SHOULD be used that are specifically designed or designated for harsh environmental conditions. If adequately robust components are not available, corresponding compensatory measures SHOULD be taken.

INF.14.A24 Time Synchronization for BA (S)

All components and BSE installations connected in a BA system SHOULD use a synchronized time to ensure automated measuring, controlling, and regulating (see also building block OPS.1.2.6 NTP Time Synchronization). BA systems that are connected to each other SHOULD also use a synchronized time. If BA extends across building complexes or properties, time synchronization SHOULD be ensured for all buildings.

If communication with real-time requirements is necessary within a BA system, PTP or a comparable mechanism SHOULD be used for time synchronization instead of NTP.

INF.14.A25 Dedicated Monitoring in BA (S)

For all components that are operationally relevant for BA, a suitable monitoring concept SHOULD be created and implemented. In doing so, the availability and significant parameters of BA-relevant components SHOULD be continuously monitored. Error states and the exceeding of defined threshold values SHOULD be automatically reported to the operating organization.

BA SHOULD generate at minimum alarms when BSE installations fail or important functions for automated controlling and regulating are not available. Furthermore, it SHOULD be determined for which particularly security-relevant events and for which additional events automatic alarm messages are generated.

Status messages and monitoring data SHOULD ONLY be transmitted via secure communication paths.

INF.14.A26 Logging in BA (S)

In addition to the building block OPS.1.1.5 Logging, status changes to BA-relevant components and security-relevant events SHOULD be logged. Additionally, all write configuration accesses to BSE installations and, where applicable, BA-relevant components as well as all manual and automated changes to the states of these SHOULD be logged.

It SHOULD be determined which logging data is consolidated on a central logging instance.

Logging data SHOULD ONLY be transmitted via secure communication paths.

INF.14.A27 Consideration of Interactions between BA Components in Emergency Planning (S)

It SHOULD be analyzed in a traceable manner initially and at regular intervals how BA and the derived plans and concepts affect emergency planning. In particular, it SHOULD be determined how interactions with other BSE installations, BA-relevant systems, and TBM can be minimized in the event of failure of BSE installations or BA-relevant components due to technical defect or attack. As part of emergency planning, it SHOULD also be determined which maintenance personnel are responsible for the affected BSE installations and BA-relevant systems and through which reporting channels they can be reached. Furthermore, it SHOULD be determined which authorizations the maintenance personnel have for rectifying emergencies.

The emergency planning SHOULD also specify how emergency operation of BSE installations that may be required is ensured in the event of failure of BA systems. In doing so, a restart sequence SHOULD be defined for all BSE installations and BA systems including all BA-relevant components and documented in the corresponding restart plans.

Requirements for High Protection Needs

The following are exemplary proposals for requirements for this building block that go beyond the level of protection representing the state of the art. The proposals SHOULD be considered when protection needs are elevated. The specific determination is made within an individual risk analysis.

INF.14.A28 Physical Separation of BA (H) [Planners]

With elevated protection needs, BA networks SHOULD be implemented as physically separated zones in accordance with building block NET.1.1 Network Architecture and Design.

Depending on the protection needs, a dedicated, restrictively regulated internet access SHOULD be provided for connections to external clouds, for example.

Likewise, depending on the protection needs of BA systems, connections to untrusted networks, and if applicable also connections to institution-owned office or OT networks, SHOULD be prevented.

INF.14.A29 Separation of Individual BSE Installations (H)

To secure individual BSE installations with elevated protection needs within a BA system, such BSE installations SHOULD be positioned in separate network segments. To control communication, firewall functions SHOULD be positioned directly in front of the installation network.

INF.14.A30 Provision of a BA-Specific Time Server for Time Synchronization (H)

With elevated protection needs, a dedicated BA time server SHOULD be provided for BA or also for individual BA systems, which is directly coupled to an atomic or radio clock (Stratum 0) and to which further downstream BA time servers may be connected.

Additional Information

BA-Specific Technical Terms Used

System Automation (English: System Automation and Control, SAC)

System Automation (SA) is a part of a BA system and realizes automation for the energy-efficient, economical, and safe operation of BSE installations. System automation controls the BSE installation and its state variables via actuators. These are in turn recorded by the sensors of the BSE installation.

Control and Display Devices (English: Control and Display Device, CDD)

According to DIN EN ISO 16484-2, the term control and display devices (also called control station or control room) encompasses all facilities for users that function as an interface to the operating and management functions of a BA system.

BA Area (English: BACS Area)

A BA area encompasses one or more rooms of similar use, which can be distributed horizontally, vertically, or in a mixed manner and encompasses multiple BA segments.

Examples: a corridor, a floor, a building wing, a production hall.

BA Management (English: Management Building Automation and Control Systems, M-BACS)

BA Management (BA-M), also referred to as building control technology, assumes tasks for information processing for the management of BA as a component of a BA system, for example functions for higher-level energy management, maintenance management, fault management, but also room booking management.

BA Segment (English: BACS Segment)

A BA segment designates the smallest spatial unit considered for which BA functions are applicable. A BA segment is not to be confused with a network segment that is separated from the rest of the network via security elements.

BA-Specific Networks (English: BACS-specific Networks)

A BA-specific network describes a network that uses cabling that is usually not based on Ethernet technologies, e.g., KNX bus system, or that uses specific protocols not based on IP and Ethernet according to IEEE 802.3, e.g., BACnet. Specific protocols may be required due to requirements for real-time communication or a reduced protocol scope.

BA System (English: Building Automation and Control System, BACS)

A BA system represents, according to VDI 3814-1, the technical realization of BA and encompasses the following parts:

• BA Management
• System Automation
• Room Automation

System Automation and Room Automation consist, analogous to Operational Technology (OT), of the (functional) levels automation level (e.g., system controllers) and field level (e.g., actuators and sensors).

Building Automation (English: Building Automation and Control Systems, BACS)

Building Automation (BA) encompasses, according to VDI 3814-1, all products and services for the objective-oriented automated operation of Building Services Equipment (BSE).

Alarm System (English: Alarm System)

Alarm systems (AS) are BSE installations that can detect and report dangers such as burglary, fire, and smoke. They detect dangers through interaction with sensors or control units and generate alarm messages that are sent to a central component.

Trade

In the construction industry, a trade generally encompasses the work attributable to a self-contained area of construction services. It is a functional area that can in particular encompass various BSE installations.

Example: Air conditioning systems (cost group 430 in DIN 276), which includes ventilation systems, air conditioning systems, and refrigeration systems.

Integration of Systems or Installations

An integration of systems or installations means, according to VDI 3814, that integrated systems or installations exchange information with BA Management and can thereby mutually influence each other.

A system integration within the scope of BA is to be distinguished from embedded systems. These are intelligent elements embedded in other systems that largely invisibly assume monitoring, control, processing, or regulatory functions within the embedding system.

Coupling of Systems or Installations

A coupling of systems and installations means, according to VDI 3814-2-2, that the coupled systems (fire alarm system or burglar alarm system) send their information to BA without thereby restricting or losing their autonomy. A system or installation coupling is thus fundamentally feedback-free.

Examples: Fire alarm system or burglar alarm system.

Control Station (English: Control Center)

A control station (see also Control and Display Devices) is a technical tool for visualizing current processes, states, and situations of BA processes.

Property (English: Property)

A property encompasses, according to VDI 3814-1, one or more, usually locally adjacent buildings.

Local Override (English: Local Override, LOR)

A local override (LO), formerly also called emergency control device, represents, according to VDI 3814-1, the interface to BA-relevant components that enables restricted operation independent of automation devices with priority display, switching, and/or setting. An example is the manual priority operation of fans.

Demand Organization

A demand organization is, according to DIN EN ISO 41011, an organizational unit within or outside the institution that is authorized to make corresponding requirements for BSE, BA, or TBM for its needs and to bear the costs for fulfilling the requirements.

Examples: Tenants within a building, owners of a building, service providers within an institution, e.g., cafeteria.

Room Automation (English: Room Automation and Controls, RAC)

Room Automation (RA) is a component of a BA system and realizes all tasks of cross-installation automation in the room under consideration, e.g., the operation of the technology installed in the room.

Feedback-Free Connection

A feedback-free connection of a BSE installation to BA means that the BSE installation provides information to BA, but cannot be influenced by BA on the basis of this information. The installation remains autonomous.

Building Services Equipment (English: Building Services, BS)

Building Services Equipment (BSE) encompasses, according to VDI 4700 Sheet 1, all technical facilities installed in the building and associated therewith, as well as use-specific facilities and technical facilities in outdoor areas and furnishings. Certain components of BA are also to be attributed to BSE, e.g., real-time-capable Industrial Ethernet switches.

Technical Building Management (English: Technical Building Management, TBM)

Technical Building Management (TBM) encompasses, according to DIN 32736, all services that serve to maintain the technical function and availability of a building. TBM thus assumes for BSE the operation, maintenance, modernization, and documentation of components and defines all necessary processes.

BSE Installation

A BSE installation describes the totality of all technical components working together to fulfill certain functions. Examples according to DIN 276 “Costs in Construction” are heat supply systems, ventilation systems, or lighting systems. Installations are integrated into a BA system or coupled with BA systems in BA.

Abbreviations

Good to Know

Referenced standards and documents:

DIN EN ISO 16484 - Building Automation Systems (BA)

• DIN EN ISO 16484-1 - Building Automation Systems (BA), Part 1: Project Planning and Execution, DIN/EN/ISO, March 2011, available from Beuth-Verlag
• DIN EN ISO 16484-2 - Building Automation Systems (BA), Part 2: Hardware, DIN/EN/ISO, October 2004, available from Beuth-Verlag
• DIN EN ISO 16484-3 - Building Automation Systems (BA), Part 3: Functions, DIN/EN/ISO, December 2005, available from Beuth-Verlag
• DIN EN ISO 16484-5 - Building Automation Systems (BA), Part 5: Data Communication Protocol (BACnet), DIN/EN/ISO, December 2017, available from Beuth-Verlag

DIN 32736 - Building Management — Terms and Services, Deutsches Institut für Normung, August 2000, available from Beuth-Verlag

DIN EN ISO 41011 - Facility Management — Vocabulary, DIN/EN/ISO, April 2019, available from Beuth-Verlag

DIN 276 - Costs in Construction, Deutsches Institut für Normung e.V., December 2018, available from Beuth-Verlag

VDI 4700 Sheet 1 - Terms of Construction and Building Technology, Verein Deutscher Ingenieure e.V., October 2015, available from Beuth-Verlag

VDI 3814 - Building Automation (BA)

• VDI 3814 Sheet 1 - Building Automation (BA) — Fundamentals, Verein Deutscher Ingenieure e.V., January 2019, available from Beuth-Verlag
• VDI 3814 Sheet 2.1 - Building Automation (BA) — Planning — Needs Planning, Verein Deutscher Ingenieure e.V., January 2019, available from Beuth-Verlag
• VDI 3814 Sheet 2.2 - Building Automation (BA) — Planning — Planning Content, System Integration and Interfaces, Verein Deutscher Ingenieure e.V., January 2019, available from Beuth-Verlag
• VDI 3814 Sheet 2.3 - Building Automation (BA) — Planning — Operating Concept and User Interfaces, Verein Deutscher Ingenieure e.V., September 2019, available from Beuth-Verlag
• VDI 3814 Sheet 3.1 - Building Automation (BA) — Planning — BA Functions — Automation Functions, Verein Deutscher Ingenieure e.V., January 2019, available from Beuth-Verlag
• VDI 3814 Sheet 4.1 - Building Automation (BA) — Methods and Tools for Planning, Execution, and Handover — Identification, Addressing, and Lists, Verein Deutscher Ingenieure e.V., January 2019, available from Beuth-Verlag
• VDI 3814 Sheet 4.2 - Building Automation (BA) — Methods and Tools for Planning, Execution, and Handover — Needs Planning, Planning Content, and System Integration, Verein Deutscher Ingenieure e.V., January 2019, available from Beuth-Verlag
• VDI 3814 Sheet 4.3 - Building Automation (BA) — Methods and Tools for Planning, Execution, and Handover — BA Automation Diagram, BA Function List, BA Function Description, Verein Deutscher Ingenieure e.V., November 2020, Draft, available from Beuth-Verlag
• VDI 3814 Sheet 6 - Building Automation (BA) — Qualification, Roles, and Competencies, Verein Deutscher Ingenieure e.V., April 2020, Draft, available from Beuth-Verlag

VDMA 24774 - IT Security in Building Automation, VDMA e. V., February 2021, available from Beuth-Verlag