Why a new transportation model?<\/h3>\n\n
BACnet (Building Automation and Control Networks) has been the dominant open standard for building automation since 1995\u2014standardized under ANSI\/ASHRAE 135 and ISO 16484-5. The classic transport variants BACnet\/IP<\/strong> and BACnet MS\/TP<\/strong> were designed at a time when security was not yet a primary design goal: Communication takes place unencrypted, without authentication, often over flat Layer 2 broadcast segments. Routing between networks is ensured by BACnet Broadcast Management Devices (BBMD). This is often no trivial task.<\/p>\n\n In modern IT\/OT converged networks, this is a structural problem. Attacks on building management systems are no longer the exception\u2014they are well-documented, on the rise, and in some cases easy to carry out when devices are exposed on the network. The shift from isolated automation networks to integration into enterprise infrastructures significantly increases this attack surface.<\/p>\n\n The recommended minimum revision for BACnet\/SC<\/strong> is 24<\/strong>. Starting with this revision, vendor-independent certificate exchange is defined. BACnet\/SC replaces UDP-based transport with WebSocket connections over TLS 1.3<\/strong>. The result is an encrypted, authenticated, connection-oriented network that supports standard IT firewall concepts and can be routed across network boundaries.<\/p>\n\n What changes is the communication. Instead of peer-to-peer communication, a client-server communication architecture is used, in which clients are referred to as \u201cnodes\u201d and servers as \u201chubs,\u201d with encryption taking place between the node and the hub.<\/p>\n\n The hub is the central hub for all communication between nodes and is therefore also a single point of failure. To prevent the failure of the central node from becoming a problem, ASHRAE has introduced a redundant node, the \u201csecondary hub.\u201d The secondary hub is activated when the primary hub fails. <\/p>\n\n Installing two valid certificates (Issuing Certificate and Operational Certificate) enables communication between the node and the hubs. With Avelon, you can easily create a new controller via the graphical front end, download the certificates, and install them on the controller (usually via the web). This establishes encrypted communication.<\/p>\n\n One of the most significant changes introduced in Revision 24 is the open, vendor-neutral certificate exchange<\/strong>. In proprietary systems with lower revisions, certificate exchange is tied to the manufacturer\u2014this creates vendor lock-in and makes multi-vendor deployments unnecessarily complex.<\/p>\n\n Avelon Systems rotates certificates on a cyclical basis well before their expiration dates, ensuring that a temporarily deactivated control cabinet does not cause delays or incur costs.<\/p>\n\n \ud83d\udd12 BACnet Secure Connect (BACnet\/SC)<\/strong> \u2013 encrypted, TLS-based communication for maximum cybersecurity in networked systems <\/p>\n\n \ud83d\udd11 Vendor-neutral certificate exchange<\/strong> \u2013 open interoperability across system boundaries, without reliance on proprietary solutions, starting with Revision 24<\/p>\n\n Avelon Systems Certified by T\u00dcV S\u00dcD for BACnet BACnet Secure Connect (SC) provides encryption for the BACnet protocol, a leading standard in building automation. BACnet ensures openness, interoperability, and independence within buildings. A technology that has long been standard in online banking has now been adopted in building automation: encryption using TLS. Why a new […]<\/p>\n","protected":false},"author":1,"featured_media":24122,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[18],"tags":[],"class_list":["post-24123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"acf":[],"_links":{"self":[{"href":"https:\/\/avelon.com\/en\/wp-json\/wp\/v2\/posts\/24123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/avelon.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/avelon.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/avelon.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/avelon.com\/en\/wp-json\/wp\/v2\/comments?post=24123"}],"version-history":[{"count":1,"href":"https:\/\/avelon.com\/en\/wp-json\/wp\/v2\/posts\/24123\/revisions"}],"predecessor-version":[{"id":24124,"href":"https:\/\/avelon.com\/en\/wp-json\/wp\/v2\/posts\/24123\/revisions\/24124"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/avelon.com\/en\/wp-json\/wp\/v2\/media\/24122"}],"wp:attachment":[{"href":"https:\/\/avelon.com\/en\/wp-json\/wp\/v2\/media?parent=24123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/avelon.com\/en\/wp-json\/wp\/v2\/categories?post=24123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/avelon.com\/en\/wp-json\/wp\/v2\/tags?post=24123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}How BACnet\/SC Works<\/h2>\n\n
Certificates and Onboarding<\/h2>\n\n
Cyclical Certificate Exchange<\/h2>\n\n
Summary<\/h2>\n\n
![\"\"](\"https:\/\/avelon.com\/wp-content\/uploads\/2026\/04\/POST_BACnetSC_TUEV-1024x768.webp\")
<\/figure>\n","protected":false},"excerpt":{"rendered":"