Skip to main content

KNX on cybersecurity

The prevalence of AV over IP means that protection against cyberattacks is more important than ever. We talk to Casto Cañavate, Marketing Manager at the KNX Association, about the safeguards within the KNX protocol as well as some steps that integrators and end-users can take to protect their systems.

Are cyberattacks increasing or decreasing?

We have witnessed attacks increase in our industry at least tenfold since 2014. That’s why it was necessary for us to invest in ensuring that KNX is a secure technology to guarantee the future of our industry.

What are the key cybersecurity features of KNX?

First, I must underscore the principle that KNX is an ‘open and secure’ technology. To guarantee this principle, we must ensure that we apply the appropriate criteria and the tools that KNX Association and the ETS tool make available to us. Being able to access facilities remotely is an advantage that KNX offers and a necessity in many cases.

Our technology follows all necessary security regulations. KNX Secure technology is standardised according to EN 50090-3-4. This means that KNX successfully blocks hacker attacks on the digital infrastructure of networked buildings, thus minimising the risk of digital break-ins.

Moreover, KNX Secure meets the highest encryption standards (according to ISO 18033-3, such as AES 128 CCM encryption) in order to achieve the highest level of data protection.

KNX Secure guarantees maximum security by offering a double protection:

  • KNX IP Secure extends the IP protocol in such a way that all transferred telegrams and data are completely encrypted
  • KNX Data Secure protects user data against unauthorised access and manipulation by means of encryption and authentication.

What are some precautions that KNX system designers should take to minimise the impact of cyberattacks?

In addition to the methods offered with KNX Secure technology, there are several other possibilities for creating safe access to a KNX installation:

  • Configure a VPN connection on the installation router. This is the best option but can sometimes be complex for regular integrators
  • Use KNX IP gateways that allow the configuration of VPN secure services such as OpenVPN, ZeroTier etc
  • Use KNX IP access devices with encrypted communication
  • Use KNX TP devices with IP (non-KNX standard) cloud connection
  • For medium to large installations, use a BMS platform with a KNX native driver that enables the secure integration and monitoring of massive KNX installations.

These methods, in combination with the use of KNX IP Secure and KNX Data Secure devices in the facilities, will prevent any additional threat scenario that may arise.

What are some day-to-day precautions that end-users should take?

It is not only important to make sure you use a KNX Secure system. Regardless of the size of the system, the user also needs to follow these steps to make sure the installation and the devices are properly secured:

  • Fix all devices so that they cannot be removed, to avoid unauthorised tampering
  • Install devices in cabinets with limited access
  • When mounting devices outside, place them at sufficient height so that others cannot reach them
  • Use special anti-theft screws to make it more difficult to unmount products
  • Use binary inputs to control switches, to prevent one person from having direct access to the network
  • Try to use a dedicated network. If it is wired, do no leave cable loosely hanging or easily accessible – make sure it is hidden.

With so many ways to secure a KNX System and an installation, there really isn’t an excuse for leaving KNX projects, whether past, present or future, open to attacks.

To learn more about KNX Secure, visit: