Integrated and connected building control systems are becoming essential to provide a comfortable, safe, and efficient indoor environment. These systems have become more sophisticated and converged with commercial networks, as well as the internet. As a result, they are now being targeted for cyberattacks. This paper provides an overview of commercial control systems, potential cybersecurity risks to these systems, and discusses efforts underway in government and industry to protect these systems. It concludes with a discussion of the current challenges in deploying cybersecurity best practices and capabilities and presents existing gaps in capability and resources.