ATLANTA — The American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE) announced that significant progress toward development of an industry consensus on standards for secure building automation and control systems has been made by the ASHRAE BACnet® committee.

The committee’s Network Security Working Group reached agreement on a proposal to use a shared-key technology to create “secure networks” within BACnet.

The agreement was made at ASHRAE’s 2003 Summer annual meeting held in Kansas City June 28 – July 2. Guidance on creating secure networks would be included in ANSI/ASHRAE Standard 135-2001, “BACnet — A Data Communication Protocol for Building Automation and Control Networks,” through future addenda.

According to ASHRAE, the group first studied a number of network threats and vulnerabilities and conducted a survey of standard network security technologies, including public key cryptography (such as RSA), Date Encryption Standard (DES), and Advanced Encryption Standard (AES) encryption algorithms, and the IPsec and Kerberos protocols.

“These enhancements will apply existing technologies to securing BACnet over the Internet and other networks,” said Dave Robin, working group convener. “It will address concerns, such as system intrusion, of information technology administrators who demand security strategies that make use of widely used industry standards.”

The BACnet committee is also working on including standardizing interfaces between building automation systems and utilities, and BACnet support for lighting control applications.

For more information, visit

Publication date: 07/21/2003