Modern Building Automation Systems (BASs), as the brain that enables the smartness of a smart building, often require increased connectivity both among system components as well as with outside entities, such as optimized automation via outsourced cloud analytics and increased building-grid integrations. However, increased connectivity and accessibility come with increased cyber security threats. BASs were historically developed as closed environments with limited cyber-security considerations. As a result, BASs in many buildings are vulnerable to cyber-attacks that may cause adverse consequences, such as occupant discomfort, excessive energy usage, and unexpected equipment downtime. Therefore, there is a strong need to advance the state-of-the-art in cyber-physical security for BASs and provide practical solutions for attack mitigation in buildings. However, an inclusive and systematic review of BAS vulnerabilities, potential cyber-attacks with impact assessment, detection & defense approaches, and cyber-secure resilient control strategies is currently lacking in the literature. This review paper fills the gap by providing a comprehensive up-to-date review of cyber-physical security for BASs at three levels in commercial buildings: management level, automation level, and field level. The general BASs vulnerabilities and protocol-specific vulnerabilities for the four dominant BAS protocols are reviewed, followed by a discussion on four attack targets and seven potential attack scenarios. The impact of cyber-attacks on BASs is summarized as signal corruption, signal delaying, and signal blocking. The typical cyber-attack detection and defense approaches are identified at the three levels. Cyber-secure resilient control strategies for BASs under attack are categorized into passive and active resilient control schemes. Open challenges and future opportunities are finally discussed.

翻译：现代建筑自动化系统作为实现智能建筑智慧性的“大脑”，通常需要增强系统组件之间以及与外部实体（例如通过外包云分析实现优化自动化、增强建筑与电网集成）的连接性。然而，更高的连接性和可访问性也带来了更大的网络安全威胁。建筑自动化系统最初作为封闭环境开发，网络安全考量有限。因此，许多建筑中的建筑自动化系统容易遭受网络攻击，可能导致居住者不舒适、能源过度消耗以及设备意外停机等不良后果。因此，亟需推进建筑自动化系统网络物理安全领域的技术水平，并为建筑中的攻击缓解提供实用解决方案。然而，当前文献中缺乏对建筑自动化系统漏洞、潜在网络攻击及其影响评估、检测与防御方法以及网络弹性安全控制策略的全面系统性综述。本综述论文填补了这一空白，从商业建筑的管理层、自动化层和现场层三个层面，对建筑自动化系统的网络物理安全进行了全面且最新的回顾。首先梳理了建筑自动化系统的通用漏洞及四种主流协议的特有漏洞，随后讨论了四个攻击目标和七种潜在攻击场景。网络攻击对建筑自动化系统的影响总结为信号篡改、信号延迟和信号阻断。在三个层面分别识别了典型的网络攻击检测与防御方法。针对受攻击建筑自动化系统的网络弹性安全控制策略被分为被动和主动弹性控制方案两类。最后讨论了开放挑战与未来机遇。