US 11,818,162 B2
Network security management for a building automation system
Udhaya Kumar Dayalan, Lino Lakes, MN (US); Brian Meyers, Woodbury, MN (US); and Mangayarkarasi Sivagnanam, White Bear Lake, MN (US)
Assigned to TRANE INTERNATIONAL INC., Davidson, NC (US)
Filed by TRANE INTERNATIONAL INC., Davidson, NC (US)
Filed on Oct. 3, 2022, as Appl. No. 17/937,622.
Application 17/937,622 is a continuation of application No. 17/136,883, filed on Dec. 29, 2020, granted, now 11,463,470.
Prior Publication US 2023/0034131 A1, Feb. 2, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G05B 15/02 (2006.01)
CPC H04L 63/1433 (2013.01) [G05B 15/02 (2013.01); H04L 63/0209 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for performing an electronic security assessment of a building automation system, the building automation system including a controller and a network of electronic devices connected in electronic communication, the method comprising:
the controller requesting an electronic security scan of the controller with a data set of the controller via a secured channel;
initiating the electronic security scan of the controller based on the data set of the controller in real-time;
electronically assessing security vulnerabilities of the building automation system, including one or more of determining whether the controller is protected by a firewall or other network security device, validating a service configuration of the controller, validating an Ethernet and Wi-Fi configuration of the controller, determining open communication ports of the controller, determining whether any routers or bridges or other broadcast devices communicating with the controller are protected by the firewall or other network security device, validating security certificates of the open communication ports of the controller, and validating a server communication of the building automation system;
validating egress points of the building automation system;
electronically assessing security vulnerabilities of the network of electronic devices connected in electronic communication with the controller, including one or more of probing the network of electronic devices, determining whether the network of electronic devices is protected by the firewall or other network security device, validating an Ethernet and Wi-Fi configuration of the network of electronic devices, and determining open communication ports of the network of electronic devices; and
determining a recommendation list for resolving security vulnerabilities of the building automation system based on the electronically assessing security vulnerabilities of the building automation system and the electronically assessing security vulnerabilities of the network of electronic devices.