SAUTER Blockchain Technology for Building Automation
With the rise of bitcoin, the digital Internet currency, blockchain technology has suddenly become more than just hype. Internet giants are planning their own digital cryptocurrencies and threatening the traditional world of key currencies and banks. Alongside these megatrends, SAUTER is taking a different approach and is aiming for a more “peaceful” use of blockchain technology – to protect the data and processes used in building automation.
A blockchain is a decentralised database that maintains a steadily growing list of records. With Bitcoin, this database is extended with every transaction, thus building a chain that is constantly having new elements or blocks added (hence the term blockchain). When a block is complete, a new one is created containing the digital fingerprint of the previous block. If someone deletes only a single element in this data blockchain, the fingerprint of the affected block changes and thus the whole blockchain would break up into the individual links of the chain.
A special feature of Bitcoin is that each transaction is checked again before it is written to the Blockchain. Every computer in the Bitcoin network can see that subscriber A wants to transfer bitcoins to subscriber B. The computers in the network then check whether the transaction complies with the rules and whether A also has enough bitcoins. When, and only when, all participating computers agree that the transaction is valid, it is then entered in the blockchain with the chain permanently securing it against forgery.
However, the validation and viability testing process is extremely CPU-intensive. The IPO of a number of large Bitcoin companies made it possible to determine their power consumption and extrapolate this for the entire bitcoin network. The conclusion was that the bitcoin cryptocurrency now requires around 46 terawatt-hours of electricity per year for its computer operations. This energy demand causes about 22 megatonnes of carbon dioxide to be emitted yearly. This equates approximately to the CO2 footprint of Hamburg or the whole of Sri Lanka.
SAUTER deploys blockchain technology in its own unique way – linking its automation stations in a building network and creating a blockchain ring. The computing resources used and the extra communication data that results are extremely modest. There is no such excessive power consumption, just an increase in data security!
Cybersecurity in the age of IoT (Internet of Things)
SAUTER has described the security levels attained by modulo 6 for networks and system components in the modulo 6 Guideline for Cybersecurity. This specification allows the current security level to be determined for plants that may require special protection and, if required, to increase these through targeted measures.
Blockchain ring formed by automation stations
modulo 6 has had a high level of protection built-in from the beginning. The automation station offers a completely separate network interface from the building network. This creates a type of firewall between the internet and building network. Encryption, authentication and access protection are guaranteed by proven security technologies (TLS 1.3, IEC802.1X, etc.) and the network interfaces are already well protected against DOS attacks at automation level. Therefore, processes can be observed, limited, isolated or even stopped if needed. modulo 6 is also equipped for the BACnet/SC (BACnet Secure Connect) security standard. This means that SAUTER have more than adequately covered IEC basic requirements 1, 2 and 4–7. Only for requirement 3, i. e. ensuring system integrity, did SAUTER think that existing measures were still unsatisfactory. System integrity could also be described as the “intactness of data” or “protection against unauthorised modification of data”. Examples of this might include changing audited measurement and process data or interference in automation programs. Such data modifications could even be caused by the company’s own service staff – unknowingly and completely by accident.
When we think about the bitcoin and blockchain principle, we initially visualise the security of data transactions or payments. Beneath this dynamic transaction level, however, is a static, distributed blockchain-secured database – a kind of “ledger set in stone of all existing transactions”. SAUTER is now translating this principle into the world of networked building automation and developing its own Blockchain process. The idea is simple: The static data of the automation stations in the network form a kind of Blockchain ring. Each automation station generates its digital fingerprint. This is based on its own data and on a fingerprint of the previous station in the blockchain ring. The block data typically consists of programs, firmware and process and network parameters. Simply put, each station uses its own data to form a block in the blockchain. If the integrity of the data in a station is infringed (deleting or changing a single bit is all that it takes), the blockchain collapses immediately.
In the event of a breach of the blockchain’s integrity, the SAUTER’s systems responses are:
a) Trigger an alarm
b) Trigger alarm and isolate affected station (and assume emergency signal state, for example)
c) Trigger alarm, isolate affected station and initiate automatic self-repair
Action c) requires the creation of a digital twin for every station during commissioning. These twins (a copy of all static data) are saved in an encrypted database. They can then be stored on a dedicated automation station, local computer or in a data centre/the cloud.
An advanced procedure for the SAUTER blockchain allows us to distribute the twins randomly among the existing stations. This completely negates the need for an additional database computer.
The self-repair process is particularly useful, especially during routine servicing. If an automation station is replaced, the data validated during commissioning is guaranteed to be transferred uncompromised.
The procedure has now been submitted as a patent and passed an international patent search. SAUTER has thus achieved a unique security level for the important system integrity requirement stipulated by IEC 62443.
BACnet Secure Connect
BACnet/SC makes it possible to establish secure communication links between BACnet devices both via the cloud and within systems. With TLS 1.3 (Transport Layer Security), BACnet/SC employs the latest security technology and is easily integrated into existing modern IT infrastructures. The crucial point for the building technology industry is that BACnet/SC retains all the functionalities of BACnet/IP. It is also backwards-compatible with all existing BACnet implementations and devices. This does, however, involve significant outlay for manufacturers in developing BACnet/SC-capable equipment. Furthermore, handling encrypted communication means processors have to work harder and the devices must have the computing power to manage it. On 19 November 2019, BACnet/SC was released in addendum bj for ASHRAE standard 135-2016.
Security Levels as per IEC 62443
“With the development of its new building automation system, modulo 6, SAUTER has opened the doors to the cloud and IoT technology. As buildings are connected to the IoT and the cloud, system and network security are becoming a major challenge. To overcome this, SAUTER has based the cybersecurity concept for modulo 6 on the new international standard for industrial automation, IEC 62443. The IEC standard defines seven fundamental requirements and four security levels for cybersecurity” – Dr Felix Gassmann, Head of Technology at SAUTER
Security Level 1:
Security Level 2:
Deliberate attempts with basic resources
Security Level 3:
Intentional attempts, but with more advanced knowledge and more extensive resources (e.g. hackers specialised in building automation with extensive financial resources, or a contract)
Security Level 4:
Targeted attacks, but with specific knowledge and substantial resources (government-mandated secret services, for example, Mossad attack with Stuxnet on Iranian uranium centrifuges)
As the leading provider of solutions for building automation technology in Green Buildings, SAUTER ensures good climate conditions and a sense of well-being in sustainable environments. SAUTER is a specialist in developing, producing and marketing products and systems for energy-efficient total solutions, and offers a comprehensive range of services to ensure the energy-optimised operation of buildings. SAUTER products, solutions and services enable high energy efficiency throughout the entire life-cycle of a building – from planning and construction through to operation – in office and administrative buildings, research and educational facilities, hospitals, industrial buildings and laboratories, airports, leisure facilities, hotels and data centres. With over 100 years’ experience and a track record of technological expertise, SAUTER is a proven system integrator that stands for continuous innovation and Swiss quality. SAUTER provides users and operators with an overview of energy flows and consumption, and therefore of the development of the costs involved.
Let’s talk about your project!