Penn State secures building automation, IoT traffic with microsegmentation

It was time to get a handle on BACnet traffic at Penn State.

BACnet is a communications protocol for building automation and control (BAC) systems such as heating, ventilating and air conditioning (HVAC), lighting, access control and fire detection. Penn State standardized on BACnet because of its openness.

“Any device, any manufacturer – as long as they talk BACnet, we can integrate them,” says Tom Walker, system design specialist in the facility automation services group at Penn State. “It’s a really neat protocol, but you have to know the quirks that come with deploying it, especially at scale.”

One quirk is that BACnet is prone to broadcast storms. And with hundreds of BACnet systems running across multiple campuses, openly traversing the network, Penn State was worried about degrading performance in other parts of the network and exposing potential security vulnerabilities.