How to secure your BEMS: simple hints and tips

BEMS security: your six-step checklist against cyber threats

Your BEMS security checklist

Like all modern technology, our building energy management systems (BEMS) are becoming smarter and more integrated than ever before. While this is beneficial to end users, it also comes with risks. Discover the security risks and follow our quick, six-step checklist to keep your BEMS – and organisation – secure.

The benefits

Your BEMS plays a crucial role in managing how your organisation uses (and saves) energy. Having a centralised point of access to view and adjust the operation of your building – or even a series of buildings – is therefore a must. It’ll help you:

Maintain a comfortable work environment for building occupants.
Maintain and monitor plant operation to ensure maximum energy efficiency.
Monitor business-critical equipment to ensure safety and accuracy (e.g. CHW circuit temperatures, leak detection, comms room temperatures, tenant sub-metering data for billing).

The risks

These benefits, however, are not without risks – and more specifically, cybersecurity risks. To protect the operation of our systems, our data and the overall privacy of our buildings, robust security measures are needed. If a breach does occur, the repercussions can be huge; at the severe end, you could be facing financial loss and reputational damage.

What can you do?

While BEMS specialists, like Kendra, can help keep your BEMS secure, there are some things you can do for yourself. A quick way to check – and improve – the security of your BEMS is to follow our checklist. It involves asking yourself six simple (but often overlooked) questions.

1. How do you control access to your BEMS?

Access to your BEMS, at device or headend level, should be password controlled and – just as importantly – every user should have their own unique login and password.

BEMS user accounts should never be shared. That means you should avoid group accounts, such as a ‘maintenance engineers’, which can be accessed by multiple individuals. By keeping user accounts separate, you can audit which actions have been undertaken by which individual.

Regularly reviewing active user accounts is good practice. It’ll help you keep user lists up to date and remove any ‘dead’ logins.

Conventional rules around password complexity do, of course, apply – so make sure nobody is using the name of the organisation, or their pet names!

2. Do all stakeholders have appropriate user permissions?

Each user should have permissions that are appropriate to their role and skill set. Giving users more permissions than necessary to carry out their day-to-day work increases the likelihood of unwanted – and potentially damaging – changes being made.

3. What network infrastructure supports your BEMS?

Nowadays, it’s common for BEMS devices to sit on an IP network. Depending on the application or building, this can take various forms. We would always recommend that your BEMS is supported by a dedicated IP network, which is physically isolated from any other form of IT systems within your building.

4. Is your BEMS internet facing?

In today’s increasingly connected world, stakeholders want to access to their BEMS remotely. As a result, there’s a growing requirement for BEMS interfaces to be connected to the internet. That’s why we strongly advise you to assess the security of your connection, if you’ve not done so already. This may sound obvious, but it’s a measure that can – and does – get overlooked.

5. Is physical access appropriately controlled?

Again, you might think controlling physical access to your BEMS goes without saying, but the most basic security measures can often slip under the radar. So, just to make sure you haven’t missed anything, ask yourself these three things:

Are your BEMS devices and headends protected by a level of access control?
Are the plant rooms kept locked?
Is there key card access to the room containing the headend?

If the answer to any of the above is ‘no’, these areas can easily be addressed. It’ll add that extra layer of security and hopefully provide some peace of mind.

6. Are you up to date?

We strongly advise you to double check that you’ve got the latest versions of Windows and BEMS software installed. By doing the little things, like ensuring your system is as up to date as possible, you won’t miss any all-important bug fixes.

Contact us

We hope you found these tips useful. Here at Kendra, system security is a top priority when designing BEMS solutions and we’re always here to help you assess – and improve – the security of your systems.

Get in touch for BEMS security support – or even if you have any questions – we’d love to hear from you.