September 17, 2024
Journal Article

A Critical Review of Cyber-Physical Security for Building Automation Systems

Abstract

This review paper provides a comprehensive, up-to-date review of cyber-physical security for BASs at three levels in commercial buildings: management level, automation level, and field level. The general BASs vulnerabilities and protocol-specific vulnerabilities for the four dominant BAS protocols (i.e., BACnet, KNX, LonWorks, and Modbus) are reviewed, followed by a discussion on four attack targets and seven potential attack scenarios. The impact of cyber-attacks on BASs is summarized as signal corruption, signal delaying, and signal blocking. The typical cyber-attack detection and defense approaches are identified at the three levels. Cyber-secure resilient control strategies for BASs under attack are categorized into passive and active resilient control schemes. Open challenges and future opportunities are finally discussed.

Published: September 17, 2024

Citation

Li G., L. Ren, Y. Fu, Z. Yang, V.A. Adetola, J. Wen, and Q. Zhu, et al. 2023. A Critical Review of Cyber-Physical Security for Building Automation Systems. Annual Reviews in Control 55. PNNL-SA-179500. doi:10.1016/j.arcontrol.2023.02.004