skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: A critical review of cyber-physical security for building automation systems

Journal Article · · Annual Reviews in Control
ORCiD logo [1];  [2];  [1];  [1];  [3];  [4];  [5];  [6];  [6]; ORCiD logo [1]
  1. Texas A&M University, College Station, TX (United States)
  2. Raytheon Technologies Research Center, East Hartford, CT (United States)
  3. Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)
  4. Drexel University, Philadelphia, PA (United States)
  5. Northwestern University, Evanston, IL (United States)
  6. Arizona State University, Tempe, AZ (United States)
+ Show Author Affiliations

Modern Building Automation Systems (BASs), as the brain that enable the smartness of a smart building, often require increased connectivity both among system components as well as with outside entities, such as the cloud, to enable low-cost remote management, optimized automation via outsourced cloud analytics, and increased building-grid integrations. As smart buildings move towards open communication technologies, providing access to BASs through the building's intranet, or even remotely through the Internet, has become a common practice. However, increased connectivity and accessibility come with increased cyber security threats. BASs were historically developed as closed environments with limited cyber-security considerations. As a result, BASs in many buildings are vulnerable to cyber-attacks that may cause adverse consequences, such as occupant discomfort, excessive energy usage, and unexpected equipment downtime. Therefore, there is a strong need to advance the state-of-the-art in cyber-physical security for BASs and provide practical solutions for attack mitigation in buildings. However, an inclusive and systematic review of BAS vulnerabilities, potential cyber-attacks with impact assessment, detection & defense approaches, and cyber resilient control strategies is currently lacking in the literature. This review paper fills the gap by providing a comprehensive up-to-date review of cyber-physical security for BASs at three levels in commercial buildings: management level, automation level, and field level. The general BASs vulnerabilities and protocol-specific vulnerabilities for the four dominant BAS protocols (i.e., BACnet, KNX, LonWorks, and Modbus) are reviewed, followed by a discussion on four attack targets and seven potential attack scenarios. Furthermore, the impact of cyber-attacks on BASs is summarized as signal corruption, signal delaying, and signal blocking. The typical cyber-attack detection and defense approaches are identified at the three levels. Cyber resilient control strategies for BASs under attack are categorized into passive and active resilient control schemes. Open challenges and future opportunities are finally discussed.

Research Organization:
Texas A&M Engineering Experiment Station, Bryan, TX (United States)
Sponsoring Organization:
USDOE Office of Energy Efficiency and Renewable Energy (EERE), Energy Efficiency Office. Building Technologies Office
Grant/Contract Number:
EE0009150
OSTI ID:
2331291
Alternate ID(s):
OSTI ID: 1975451
Journal Information:
Annual Reviews in Control, Vol. 55; ISSN 1367-5788
Publisher:
International Federation of Automatic Control - ElsevierCopyright Statement
Country of Publication:
United States
Language:
English

References (51)

Modeling and evaluation of cyber-attacks on grid-interactive efficient buildings journal December 2021
Understanding the physical and economic consequences of attacks on control systems journal October 2009
Privacy-enhanced architecture for occupancy-based HVAC Control conference January 2017
On the security of security extensions for IP-based KNX networks conference May 2014
A Survey of Control Technologies in the Building Automation Industry journal January 2005
Extracting fuzzy attack patterns using an online fuzzy adaptive alert correlation framework journal April 2016
A Taxonomy for the Security Assessment of IP-Based Building Automation Systems: The Case of Thread journal September 2018
Application of data-driven attack detection framework for secure operation in smart buildings journal June 2021
Active Model Discrimination with Applications to Fraud Detection in Smart Buildings * *This work is supported in part by an Early Career Faculty grant from NASA’s Space Technology Research Grants Program and DARPA grant N66001-14-1-4045. journal July 2017
Resilient Model Predictive Control of Cyber–Physical Systems Under DoS Attacks journal July 2020
Secure the Internet, one home at a time journal July 2016
Leveraging operational technology and the Internet of things to attack smart buildings journal June 2020
A survey of Cyber Attack Detection Strategies journal January 2014
A risk analysis of a smart home automation system journal March 2016
Context aware intrusion detection for building automation systems journal August 2019
Security in Building Automation Systems journal November 2010
Resilient Control in Cyber-Physical Systems: Countering Uncertainty, Constraints, and Adversarial Behavior journal January 2020
Hardware Trojans: Lessons Learned after One Decade of Research journal December 2016
Study of Autoencoder Neural Networks for Anomaly Detection in Connected Buildings conference December 2018
Resilient control under Denial-of-Service: Robust design journal May 2017
A Framework for Attack-Resilient Industrial Control Systems: Attack Detection and Controller Reconfiguration journal January 2018
Fault-tolerant optimal control of a building HVAC system journal March 2015
The Evolution of Factory and Building Automation journal September 2011
Security and Availability Models for Smart Building Automation Systems journal December 2017
A review of machine learning in building load prediction journal March 2021
ZigBee Device Verification for Securing Industrial Control and Building Automation Systems book January 2013
Modeling, analyzing and predicting security cascading attacks in smart buildings systems-of-systems journal April 2020
From information security to cyber security journal October 2013
Hardware and embedded security in the context of internet of things conference November 2013
Model-Based Attack Detection and Mitigation for Automatic Generation Control journal March 2014
Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems Based on Network, System, and Process Data journal July 2019
Bibliographical review on reconfigurable fault-tolerant control systems journal December 2008
A flexible and generic functional mock-up unit based threat injection framework for grid-interactive efficient buildings: A case study in Modelica journal November 2021
Security and Privacy in Cyber-Physical Systems: A Survey of Surveys journal August 2017
Two-Loop Robust Model Predictive Control for the Temperature Control of Air-Handling Units journal July 2008
Passive Fault Tolerant Control of PEMFC air feeding system journal September 2016
Automatic Deployment of Specification-based Intrusion Detection in the BACnet Protocol conference November 2017
SDN-based cyber defense: A survey journal February 2021
Leveraging Semantics for Actionable Intrusion Detection in Building Automation Systems book December 2018
Security of Building Automation and Control Systems: Survey and future research directions journal January 2022
Critical State-Based Filtering System for Securing SCADA Network Protocols journal October 2012
Securing SCADA Energy Management System under DDos Attacks Using Token Verification Approach journal January 2022
Expat conference May 2019
Denial of Service Attacks on Network-Based Control Systems: Impact and Mitigation journal May 2005
Learning-based framework for sensor fault-tolerant building HVAC control with model-assisted learning
  • Xu, Shichao; Fu, Yangyang; Wang, Yixuan
  • Proceedings of the 8th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation https://doi.org/10.1145/3486611.3486644
conference November 2021
An Attack Surface Metric journal May 2011
An Overview on Fault Diagnosis, Prognosis and Resilient Control for Wind Turbine Systems journal February 2021
Utilizing commercial heating, ventilating, and air conditioning systems to provide grid services: A review journal February 2022
Demand Response and Smart Buildings journal October 2017
Secure RTOS Architecture for Building Automation conference October 2015
A robust control strategy for combining DCV control with economizer control journal December 2002

Similar Records

Development of A Hardware-In-the-Loop (HIL) Testbed for Cyber-Physical Security in Smart Buildings
Conference · Tue Feb 07 00:00:00 EST 2023 · OSTI ID:2331291
+6 more
Maximum-impact Adversary Design for Network-based Control System: A Case Study on Grid-interactive Efficient Buildings
Conference · Tue Feb 07 00:00:00 EST 2023 · OSTI ID:2331291
CYDRES: CYber Defense and REsilient System for securing grid-interactive efficient buildings
Conference · Wed Nov 15 00:00:00 EST 2023 · Proceedings of the 10th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation · OSTI ID:2331291
+6 more

Related Subjects

97 MATHEMATICS AND COMPUTING
Cyber-physical security
Cyber attacks
Cyber vulnerabilities
Attack detection and defense
Resilient control
Building automation systems