Cybersecurity — Zero Trust Networks

Zero Trust for Smart Buildings: Segmenting Australian Building Networks Properly

Cybersecurity 10 min read ASDV Engineering Team

A flat, converged building network is a gift to an attacker who compromises a single IP camera. IP cameras, door controllers and BMS field devices are frequently under-patched and run outdated firmware — a routine finding, not a rare one — which makes them the most likely entry point into an Australian building's network. Zero trust principles, applied deliberately to building-network design, are what stops a single compromised camera becoming a foothold that reaches the BMS, the security head-end, or the tenant network.

Identity-Based Access for Devices, Not Just People

Conventional network access control authenticates users; zero trust extends the same discipline to devices. Every ELV device on the network — camera, controller, sensor — should authenticate with its own identity (typically via 802.1X with certificate-based authentication) before being granted network access, rather than being trusted implicitly because it's plugged into a physical port inside the building. This means a rogue or spoofed device physically connected to an ELV outlet doesn't automatically gain network access the way it would on a conventional flat network.

East-West Segmentation: The Part Perimeter Firewalls Miss

  • Perimeter firewalling controls what enters the network from outside — it does nothing to stop an attacker who has already compromised one internal device from reaching others.
  • East-west segmentation, via VLANs and internal firewall rules between ELV system types, confines a compromised device to its own segment — a compromised camera on the CCTV VLAN shouldn't have a network path to the BMS VLAN or the access-control VLAN.
  • Segmentation should be designed around functional groupings (CCTV, access control, BMS, guest WiFi) with explicit, documented rules for any cross-segment traffic genuinely required (e.g. an analytics platform needing read access across multiple systems), rather than broad allow-all rules between segments for convenience.
  • Regularly audit cross-segment firewall rules against what's actually still required — rules added for a since-decommissioned integration are a common source of unnecessary lateral-movement risk on Australian building networks we've reviewed.

Design takeaway: Specify east-west segmentation and device-level identity authentication as core ELV network design requirements, not an optional security add-on — a compromised IP camera on a properly segmented network is contained to its own VLAN, not a path to the entire building's control systems.

Certificate Management: The Operational Reality Behind Zero Trust

Zero trust's device authentication depends on certificate lifecycle management — issuance, renewal, revocation — at a scale most Australian facilities management teams aren't equipped to handle manually across hundreds of ELV devices. This needs automated tooling integrated into the network access control platform from the start; specifying a zero-trust architecture without also specifying and budgeting for this operational tooling is one of the most common reasons these designs quietly degrade back toward implicit trust within a year or two of handover, as manual certificate management becomes too burdensome to sustain.

Frequently Asked Questions

Why is a flat building network a specific risk for ELV systems?

IP cameras, door controllers and BMS field devices are frequently under-patched, run outdated firmware and have weak default credentials, making them a common entry point. On a flat network, compromising any one of these devices gives an attacker a foothold to move laterally toward higher-value systems — a segmented network confines that foothold to the device's own segment.

What is east-west segmentation and why does it matter more than perimeter firewalling for ELV networks?

East-west segmentation controls traffic between devices within the network, not just traffic entering from outside. Perimeter firewalling alone doesn't stop an attacker who has already compromised one internal device from reaching others — east-west segmentation, via VLANs and internal firewall rules, is what actually limits how far a single compromised device can reach.

Can a facilities management team realistically sustain certificate-based device authentication?

Only with the right tooling — automated certificate lifecycle management (issuance, renewal, revocation) integrated into the network access control platform, rather than manual certificate handling per device. Specifying zero trust without also specifying the operational tooling to sustain it is a common reason these designs fail in year two of operation.

Need This Designed for a Real Australian Project?

Our engineering team turns articles like this into construction-ready drawings, schedules and specifications — at 40–60% below typical Australian consultancy rates.

Request a Free Quote
WhatsApp Us