Cabarrus Regional Chamber of Commerce is going the extra mile to help area businesses and citizens benefit from the mammoth N.C. Research Campus going up downtown.
A week from today, the chamber will host an information session for small businesses on “How to Connect to the North Carolina Research Campus.” It will include opening remarks from Lynne Scott Safrit and a project update.
It’s easy to understand why someone would want to make that connection. During another session sponsored by the chamber last week, an official close to the project estimated it will generate about 2,200 jobs in just its first two and a half years of business — scientific jobs, support staff and other workers. That news came from Tom Sanctis, director of construction operations for Castle & Cooke.
Next week’s session, to be held in the Old Cabarrus Bank Building in the Village, is aimed at new and existing businesses and will give pointers on doing business with the campus and gaining access to leaders of the project. For more information or to register, call the chamber at 704-0782-2000, ext. 26.
Some businesses have already found their connection. The Charlotte Observer reported recently that two Charlotte entrepreneurs are in the early stages of planning services their company, Intelligent Buildings, can provide at the Research Campus. “Workers there might be able to use touch-screens to have lunch delivered to their desks; visitors can use them to find out about the tenants; and researchers can use the network to share data securely,” according to the report.
The chamber’s doing a good job, and its leaders are to be commended. Still, you get the feeling the most aggressive entrepreneurs are not sitting around waiting for a seminar.
IntelligentBuildings® is a Charlotte, NC based company co-founded by Tom Shircliff and Rob Murchison. IntelligentBuildings® provides strategic consulting and software services for real estate development and management in commercial, institutional and corporate environments.
Convergence in Action
Take action with convergence and intelligent buildings strategies, use technology for the right reasons and deal with the real roadblocks.
Sinclair: Our theme for this month is Convergence in Action. How does your message support that?
Shircliff & Murchison: Ken, we believe that “action” is a key for the industry right now. There are many ideas, strategies, certifications, technologies and theories, but the bottom line is that the industry has all the tools necessary to create intelligent, converged buildings now. Not only do we have the tools, but those tools are made up of proven, reliable technologies, protocols and procedures. Who could argue that CAT6, fiber optics, switches and routers, IP, BACnet, LONworks, Modbus and the rest are “new’? We don’t need to wait for all-IP building systems controls and devices or the perfect suite of products and services. Many traditional manufacturers, sub contractors and service providers have open-system options. Owners need to select a consultant, architect or similar advisor who will help set a convergence approach and filter all vendors through that approach.
The first two steps are:1) Develop a strategy that supports current business goals and uses your existing financial measurement criteria. Technology is not THE strategy but rather should support business goals and strategies. Owners and managers should achieve higher asset utilization and improved cost structure in addition to improved productivity – all in ways that you can describe measure and manage. You aren’t going to have a sustained effort without addressing the
business fundamentals.
2) Commit to do “something” and not “everything”. When it’s all or nothing in real estate it’s generally nothing.
Sinclair: What is the main reason why corporations, institutions and developers aren’t doing more with convergence?
Shircliff & Murchison: Organizational alignment is the reason why most projects, both new and retrofit are not more intelligent or converged. There are only a select few developers that have a true CIO and even fewer who venture outside of the “back office” technologies and into building systems proper. The same goes for corporate and institutional projects whose IT departments are typically not working closely with other internal departments such as facilities, finance, HR, planning, purchasing and others. There is a clear need for organizational alignment and eventually all out change management. Whose department is it when access controls pull data from an HR database through building systems middleware over a single switched building network and then bills back for afterhours activity? Is it HR, IT, Finance, IT or Security?
Prior to such organizational changes the important step is to have senior leadership endorse a converged, intelligent real estate strategy potentially using a facilitating influence like a consultant or progressive architect to direct the rest of the team.
Another barrier to convergence is the traditional divisional construction process which is structurally set up to keep things in silos. So, that makes it even more important for owners and executives to communicate clearly to architects and engineers that they want to pursue a convergence strategy. Use of the MasterFormat 2004 would also be a good guide and help raise important questions.
Finally, there is often a misperception that convergence means everything in the building on “one wire”. Convergence still allows for common sense. In other words, two or three networks are still a more efficient approach than a dozen. Look at the building requirements for networking and develop a practical approach to the connectivity infrastructure.
Sinclair: How can an owner pull all of this together? Do we need an overall technology GC of some sort?
Shircliff & Murchison: That may come to pass but we don’t think anyone should discount subject matter experts or current, trusted vendor relationships. Thus, it is optimal to work with your existing team so long as they are willing to be progressive and cooperate with others. It is best for owners or senior managers to make their desires known and clear. As mentioned we are not dealing with new issues or “bleeding edge” technologies. It’s only a matter of keeping focused on using “current day” as your standard.
Sinclair: What do you mean by “current day”?
Shircliff & Murchison: Two things mainly:1) Use of accepted and proven open standards for building systems and networks.Generally, this means staying away from proprietary, closed, legacy protocols. i and i limited in the U.K. states in a research report that global sales of proprietary protocols for intelligent building controls is on a steep decline, while open or IP-oriented controls sales are rising rapidly and in fact were projected to pass proprietary systems sales this year.
2) Use of contemporary IT standards and practices for building systemsnetworks.Nearly every subsystem and application for buildings utilizes a networkconsisting of cabling, controllers, switching and servers. However, sometraditional vendors are not qualified to design and install a robust, reliablenetwork. Whether converged or not those networks need to be properly designed and implemented for reliability and security.
Sinclair: How does this all support sustainability and “green” strategies – especially energy?
Shircliff & Murchison: LEED-related systems and the verification of their performance are, to put it simply about “monitoring something” and “controlling something”. That could mean daylight harvesting through shade controls, tenant sub metering, HVAC performance, lighting controls, load shedding, water usage, air quality and more. You monitor and control through some sort of network. Additionally, most of the aforementioned are directly related to energy, which might lead one to argue that convergence and networking is the foundation of an energy strategy. Thus LEED, sustainability and energy conservation are directly supported by convergence and intelligent building strategies.
Sinclair: What other issues are important for owners and senior managers to consider?
Shircliff & Murchison: Operating expenses and property management procedures should be powerful and even determining influences on strategy and the specific tactics. This can be done with a return on asset (ROA) and a return on investment (ROI) financial analysis and an evaluation of what the property and facility management requirements are and how these management procedures could be made more efficient and provide better occupant services with certain technologies. With rising energy costs and an uncertain economy, operating costs are more important than ever. There are several key technologies for both retrofit and new construction that can have significant positive impact on operating expenses, net operating income and ultimately the overall value of the building.
Okay… Your control system was installed a couple of years ago and you were handed riser diagrams, As-Builts, mechanical drawings, etc. and you were good to go. Right?
Maybe…
Up until recently the standard implementation for a controls network was created by the integrator and given either a 192.168.X.X or 10.0.X.X IP schema. In some cases the only way to access the system was from a PC on the same network. In other cases the control network did not touch the corporate network, but it was accessible remotely. This was done by purchasing a router/VPN from a big box electronic store and your ISP (internet service provider) supplied you with a public IP to access your front-end from anywhere in the world.
But is that still the way it is setup?
If it is, it is the right way? Or it may have been set up correctly, but because of zero change management and oversight, your control network and corporate network have converged or holes have been punched in your security.
The following examples are possible representations of what a control network may look like or maybe what is has become after a few years of “a change here” and “a change there”. It is important that you know your control system network configuration and keep your documentation up-to-date.
Example 1 – The control network was originally air gapped (physically separated from the corporate network) and the only access was via a public IP to front end. The public IP put the control system in jeopardy by itself. At some point in time a second network card was added to the front-end and connected directly to the corporate network. By doing this there is now a hole punched into the corporate network and it can be used as a pivot point to access company systems.
Example 2 – The control network and corporate network are air gapped. There is no physical connection between the two. However, the control system is exposed to the world with a public IP. The leaves the control system vulnerable to have infected payloads ready and waiting for anyone who accesses the system.
Example 3 – Everything in this example is behind the corporate firewall and is seemingly safe. It has been my experience in some cases that the control system front-end is highly accessible and is used to check email, social media, etc. This practice can either cause the front-end crash or a means for a threat actor to inject malware for data mining, command & control, etc.
If you haven’t reviewed your control system network architecture in a while, I suggest you do. If you don’t have change management in place, you need to. If you have any segment of your control network exposed to the world, work with IT and get it behind a high quality firewall.
The BlackHats are looking and probing and they have plenty of tools available to them to find you. Let’s not make it too easy for them.
Like self-driving cars, “smart cities” are getting a lot of attention these days. And rightfully so, considering their broad range of potential benefits, from more sustainable use of resources and enhanced resilience to improved citizen engagement, urban mobility and public safety. Realizing significant improvements in even a few of these would make building out a smart city a worthwhile goal.
The infrastructure of a smart city is fairly easy to describe. It is created through the deployment of digital information and communications technologies and built on high-speed broadband. It incorporates intelligent infrastructure in its many variations: smart grids for energy and water, virtual environments for health care and education, and intelligent systems for transportation and buildings.
However, no master design exists for a model smart city and, even if there were, strong arguments support shaping one from the ground up based on unique local needs and resources.
Making a compelling case for this strategy is Charlotte, N.C. Focused on energy use in its business district, in 2011 the city started a voluntary partnership called Envision Charlotte to link sustainability to economic growth. The concept for Envision Charlotte was to reduce energy use — and, as a result, operating costs — in commercial buildings. Real-estate owners, including the city government, used intelligent-building technologies and existing city infrastructure to create a dashboard to display real-time data. The goal was to reduce energy use in the city’s core by 20 percent over five years.
Four years into the project, Envision Charlotte is well on its way to achieving that goal. “It’s not just great for the environment and great for the citizens, but it actually is proven through the dollars,” says Envision Charlotte’s executive director, Amy Aussieker. “We know, because we put meters in the buildings, that we’re down 16 percent — it’s not just ‘I think we’re down 16.’ We’re measuring our results and using data to make decisions.” Overall savings so far tally over $17 million. The city alone reduced energy use in its facilities by 30 percent.
In a 2013 interview with FutureStructure, Tom Shircliff, Envision Charlotte’s first board chair, noted that an important factor in the project’s design was government’s role as a facilitator to encourage independent actions from a wide range of participants. Based on this approach, cities might one day become de facto platform providers and support a rich, diverse and distributed ecosystem of apps. Apple Computer has shown the success of such a model in the private sector. Perhaps local governments will foster their own smart-city analogs in the civic realm.
In the meantime, Envision Charlotte, through this public-private partnership model, continues to move forward with innovative leadership. Building on its initial success with energy use, the city has expanded its scope to include water, waste and air. And in September 2015 Envision Charlotte’s organizers took another big step with the announcement of a new nonprofit, Envision America, to tackle these issues on a national level and, as Aussieker puts it, “accelerate deployment of smart-cities technology.” To this end, Envision America hosted a workshop in January to help 10 selected cities from across the country plan their own smart-city projects.
Exporting Envision Charlotte’s smart-city success makes wonderful sense, especially when you consider that its organizers have really grasped the importance of community participation. As urban expert Peter Kageyama, author of “For the Love of Cities,” observed at Envision America’s opening workshop, people don’t care about sustaining something they don’t love. How true. There’s such a strong emotional connection to places we love, and smart cities need to be built with this objective in mind.
There have been significant changes to even the most basic building controls systems for past 30 years! While the smart building’s movement is arguably 15 years old at best, the building systems cybersecurity problem started when direct digital controls (DDC) came along.
Simply put, with the emergence of DDC: appliance, computer servers, and local area networks are a part of building controls systems. Whether, building automation, lighting controls, parking, elevators, daylight harvesting, water reclamation or dozens of other controls systems, they all work on Internet-connectable computers and networks.
To many, this doesn’t sound much like news or even that complicated of a situation. Unfortunately, millions (yes millions) of them have been designed, installed and maintained by non-IT architects, engineers, contractors and facility managers. In short, the systems changed, but the vendor community did not. So what? What does it matter and what are the risks? It matters because statistically speaking the overwhelming majority of those “Internet-connectable” systems have – NO - cybersecurity provisions and often NO-ONE is specifically in charge of cybersecurity for building controls systems, contractually or otherwise.
As to the risks, there are several key categories:Life SafetyEquipment failure Brand damageProductivity loss Network hopping Real estate owners must take the “bull by the horns” and not wait or depend on all contractors to self-police themselves. Vendors may come and go, but this is an organizational risk issue that demands a consistent, long-term approach. It starts with an assessment focused specific risk areas, an objective rating, and a clear “score.”
Then the building owner needs to prioritize, remediate and continuously monitor. Many technological advancements are dependent on innovation from leading companies, coordination from industry standards bodies, ecosystem development and even regulatory and legal changes. However, building cyber protection is not dependent on or waiting for any of these things. It’s merely a matter of building owners becoming aware and taking action.
There is a very real life-safety danger from elevators, indoor air, electricity and other critical aspects of safety in a building, say Tom Shircliff and Rob Murchison, as they present a case for a strategic approach to addressing cyber-threats on an urgent basis.
While more than 80% of all building automation systems are connected to the Internet, more than three-fourths of real estate organisations don’t have any type of building cyber-security plan. With millions of connected controls systems in every real estate segment, including commercial, corporate, campus and government, it is hard to imagine cyber-security is not a priority for all senior executives.
We live in an age, where cyber mischief, crime and even terrorism are in the news every day. Overall, cyber-crime damage will hit USD 6 trillion by 2021, and ransomware alone will cost in excess of USD 6 billion in 2018. Notwithstanding a fair amount of ostrich behaviour, real estate is not immune to these trends. However, in years past, there were dismissive comments, such as “What is the worst that can happen?” as many contemplated the set points being changed or lights flashing on and off. This perspective does not consider the very real life-safety danger from elevators, indoor air, electricity and other critical aspects of safety in a building. While life safety is paramount, there are also other consequential risks, including network-hopping from the building systems into the corporate network or other devices, lost occupant productivity, and capital equipment damage from undetected viruses and malware; and in nearly all cases, there will be brand damage for the building owner, manager and occupant organisations.
An article posted on www.engineering.com described a recent ransomware incident perpetrated on a hospital facility. The article stressed, “The hospital attack brings to light just how vulnerable buildings and institutions are to hackers.” It further noted, “… building management system (BMS) can potentially launch a cyber-attack and disable a building’s critical services.”
It’s not the fault of smart Building
There have been significant changes to even the most basic building controls systems for the past 30 years. While the Smart Buildings’ movement is arguably 15 years old, at best, the building systems cyber-security problem started when direct digital controls (DDC) came along. Simply put, with the emergence of DDC, appliances, computer servers and local area networks are a part of building controls systems. Whether building automation, lighting controls, parking, elevators, daylight harvesting, water reclamation or dozens of other controls systems, they all work on Internet-connectable computers and networks. To many, this doesn’t sound much like news or even that complicated of a situation. Unfortunately, millions – yes, millions – of them have been designed, installed and maintained by non-IT architects, engineers, contractors and facility managers. In short, the systems changed, but the vendor community did not.
Many technological advancements are dependent on innovation from leading companies, coordination from industry standards bodies, ecosystem development and even regulatory and legal changes. However, building-cyber-protection is not dependent on, or waiting for, any of these things. It’s merely a matter of building owners becoming aware and taking action.
Why is change not happening faster?
There is a palpable increase in concern and increased activity and sense of urgency in boardrooms, committee hearings and manager meetings. Why is there hesitation or timidity on the part of otherwise accomplished real estate professionals, then? Three reasons emerge:
Tech is complex: This is not only information technology (IT) but a specialised subset of IT with cyber-security. Additionally, it is not even traditional IT cyber-security but, specifically, building controls cyber-security – not what most IT experts are familiar with. It is literally a different type of technology, called operational technology (OT), which utilises different communication protocols, different equipment and different vendor types. The facilities team doesn’t know IT, and the IT staff doesn’t know OT, so it becomes a hot potato, leading to the second reason.
It’s nobody’s responsibility: This specific technology is not in the traditional strategic or tactical domain of real estate executives, and it has never been a subject that was clearly assigned to any department, budget, staff person, executive or vendor. We have seen building systems enter the digital age, and nearly all now utilise computer servers, software, protocols, local networking and Internet access; that alone has created confusion about who is responsible for high tech, connected building systems between facility management and IT. Thus, it has been stuck in a ‘no-man’s land’.
The ecosystem is fragmented: Real estate design, construction and management constitute perhaps one of the most fragmented and siloed features of any industry. Architects may subcontract the controls design to engineers, and the engineers sub-contract to an IT network designer, who then hands off to a general contractor (GC). The GC has nothing to do with ongoing operation of the building, and they then do a hard hand off to the facility managers (FM) and property managers (PM). The FM or PM would sub-contract to a controls contractor who, again, may utilise some IT resource or just make do themselves. There are many different and often misaligned incentives and levels of liability.
What should be done?
Add to these headwinds the fact that historically speaking, building controls technology has been a ‘bottom up’ issue, meaning that the OEM, contractors, engineers and service companies bubble up technological advances and suggestions to owners. However, with the Smart Buildings movement, there has been a shift to more owner driven or ‘top down’ strategy and decision making. ‘Top down’ is the key to addressing the risks associated with building controls cyber-security. Building owners must take control of the strategy and management of critical components in building cyber-security. This is a sea change and opens up a new area of execution, which can be designated into three steps:
Discovery & Assessment: Since building controls system design, implementation, management and connectivity have historically been the responsibility of anyone other than the building owner, there is relative chaos in the inventory accuracy and current state of awareness of most buildings’ cyber facts. Even the largest and most sophisticated real estate organisations are not sure what controls manufacture, version, software revision or type of Internet connection exist. It is also quite common for us as consultants to hear, “While we don’t know the inventory details, we are sure that our (system type – for example, elevator) is not connected to the Internet”, only to find it is, along with several other phantom-connected systems. Thus, the first step is a comprehensive discovery and cyber-risk assessment. The National Institute of Science and Technology (NIST), in the United States, has developed a cyber-assessment framework that has been widely accepted and used across all information technology infrastructure, and hence, we should look at building controls cyber-security through the same lens.
Priorities & Strategy: The discovery and assessment, referenced earlier, will give a much clearer picture of cyber status and allow you to develop priorities and a strategy. Priority development should give you your bearings, much like a compass; an objective ‘compass exercise’, based on the NIST framework can provide direction in the foundational areas of people, buildings and technology. Strategy should include roles and responsibilities, vendor policy and technology architecture. Roles and responsibilities – and vendor policies – should reflect that the building owner is now driving the process, because it’s the owner that will be around through many contractor and vendor changes and is also the one with the true liabilities oflife safety, financial loss and reputation damage. The technology architecture should address the basics of remote access to the building, individual system configurations and in-building networking. Remote access is simply the way that vendors or even staff connect into the building through the Internet and often includes methods such as virtual private network (VPN), but also requires vendor policy on use of remote access and their internal methods. The system configuration is about what is inside each individual system that creates risk. In other words, even if you had Fort Knox from a remote access perspective, the individual systems could have too many users, administrative permissions, old passwords and a host of other problems. Additionally, each system is connected to either a common network or multiple silo networks; hence, monitoring traffic patterns inside the building can indicate unauthorised connectivity inside the building. This type of monitoring can spot or prevent unauthorised physical connections on site as well as network-hopping.
Implantation and management: After assessing, prioritising and developing a manageable strategy, it’s time to start fixing the problem. You are now installing an infrastructure that will stay on with the building, even as systems and contractors come and go. The process is not complex and consists mostly of ‘soft’ components, such as software and services. It will not replace traditional monitoring and control systems and vendors but merely monitoring equipment and work done by those traditional vendors. The phase will also be accompanied by a vendor cyber policy for contracts and service agreements. The final element of managing the plan will include the last two aspects of the NIST framework, which are ‘respond and recover’. A proper remediation plan not only includes people, assets and action but also the subtler issue of insurance. This area is a nearly completely neglected aspect of insurance in general liability, property and casualty, and cyber-insurance riders. After nearly two years of research and interviewing the large carriers, aggregators and consultants in the insurance industry, it has become clear that building controls cyber incidents are not spelt out and that a more thoughtful process is required. Like the overall approach to building cyber-security, the insurance issue should be driven by and demanded by the building owner.
This very ‘doable’ three-step plan does not have to be expensive, because all that’s required is the focus on generally soft solutions, such as consulting services, site services and software. There is generally no need or benefit from ‘rip and replace’ of existing equipment – and building cyber- security can also become part of new design and construction standards that prevent many of the risks right up front. The hardest part of the process is identifying who in the organisation has responsibility and authority to own and carry out a plan for addressing the existing risks. This is a rare topic in real estate development and management that is not a classic return on investment (ROI) financial analysis, but a straight risk calculation, albeit with clear financial consequences for ignoring it.
While the facts speak for themselves, it has also been illuminating to see the industry chatter increasing each month as new threats, new examples and the broader cyber news stories alert owners and operators to the size and urgency of the situation. Additionally, the growing wave of effective and ever-increasing ‘big data’ solutions, such as energy-fault analytics, building operations centres, unified user interfaces (UUI) and various smart controls, reinforces raising the question of just how secure the building connections are and how secure the building data storage is.
We should all advocate at the very least, that organisations – and not vendors – identify who owns the issue internally and challenge them to take the first step of discovery and assessment of all building controls cyber risk areas.
Tom Shircliff and Rob Murchison, are the Co-founders, Intelligent Buildings (USA)
Most commercial, industrial, and retail buildings today use some level of intelligent system, most commonly in lighting, HVAC, or security. Because the technology is advancing so rapidly, it’s now possible to collect more data and use it to accomplish many more tasks.
Previously, building owners often installed building management systems piecemeal, usually starting with lighting or HVAC. With multiple automated systems, data must be collected from multiple places. Overcoming the limitations of individual systems, some owners and managers switched to partially integrated systems that combined networks and automation of specific functions. The more integrated systems generally require less manual intervention, thus enabling faster decision-making.
Many communities are considering, researching, or implementing microgrid solutions. The underlying rationale often involves complex business, operational, and economic issues. See our FREE Special Report: Understanding Microgrids. Download it now!
Over the past several years, the building industry has recognized the importance of modernizing building HVAC and lighting system designs to enable interconnection, data collection, and analysis, increasingly turning to fully integrated building management systems. Using one infrastructure to manage all the building’s systems minimizes manual intervention, increases productivity, and produces even more data.
Integrative process design is not new, states Gina Elliott, business development for emerging markets, Viconics Electronics, but now it’s adopted more for operational efficiencies because it is less compartmentalized and can work across trades: mechanical, electrical, and IT.
For years, it’s been accepted in large commercial facilities such as standalone retail stores like Costco and Home Depot, says Jamie Daubenspeck, director of facility technology at Ecova, but now there’s also a lot of adoption in medium and small commercial facilities—those that are less than 10,000 square feet in size, like convenience stores.
Elliott believes it’s more readily adopted now because of the ability for multiple systems to operate in tandem. “You can’t have different teams working independently.” She says that’s a change in the design itself.
It’s not that we’re missing much technology now, argues Tom Shircliff, co-founder and principal at Intelligent Buildings. “There’s no lack of algorithms, but the industry is fragmented so we’re a decade behind in adopting the technology.”
There’s plenty of technology and systems to make anything happen, agrees his colleague and co-founder, Rob Murchison. “The conversation has changed from systems to use-cases. We talk about scenarios and what it takes to make them happen.”
The conversation is not the only thing that has changed. Shircliff says that he no longer considers Intelligent Buildings a sustainability company. “We’re an energy efficiency company.” Of course, smart building systems are about more than just efficiency. They’re also about health and productivity, as well as sustainability. “It’s a balance, and it’s all driven by data.”
“Granular analysis is helping to revolutionize how we think about smart building design, from occupancy usage patterns to how controls systems respond to changing conditions,” says Don Kasper, vice president of operations at Ecorithm. “This deep understanding of building science and operation will help us form a basis for technologies like AI, blockchain, and cloud-based services to automate building operations and allow buildings to become a much more interactive environment.”
Energy efficiency impacts occupant comfort. As Elliott explains, smart technology does two things. Firstly, by tagging energy transactions, the building management system allows facility managers to segment devices to collect more and better data. “You see more points and have more access with edge devices, enabling you to determine the cause [of issues] faster. Tagging lets you know all the building so you can focus on improving the occupant experience.”
Tagging also provides more information on points within a device. By identifying additional devices and points, tagging allows facility managers to acquire more data. Understanding the relationships between rooms and devices and how things function can reduce false detection diagnostics. It affords building managers the ability to perform proactive maintenance. However, it also requires changes in policy regarding the amount of bandwidth needed, as well as security practices.
Previously, Elliott explains, there was no interface with IT systems, but now, most are IT-enabled. “You can access directly to the device with an IP address. That way, the manufacturer can monitor its own equipment through device-to-cloud connectivity.” IP-enabled devices can facilitate intelligent decision-making by automating point decisions and enhancing strategic insights. She says it offers more data performance, but there is a downside: when giving out IP addresses, you need to incorporate best practices regarding security and bandwidth.
The latest design trends are aimed at data-driven decision-making and are setting the stage for “some really cool technology” in the near future, Kasper foresees. “In 2018, there is a strong emphasis on open protocols, open-source software, edge analytics, and cloud-based services to begin collecting data from devices, networking disparate systems together, and creating a path forward for data-driven decision-making.”
It’s all about big data and the cloud, Murchison concurs. “If a building can capture data and make decisions, that’s a smart building.”
Now that there is new data being collected, Daubenspeck ponders, what to do with the data? So much data is now being collected, used, and accessed in different ways, it can be overwhelming.
What do we do with data? “Put it in a bucket in the basement,” says Shircliff, only half in jest. “It will be useful when you figure things out.” More realistically, he advises those new to data overload to limit themselves in the beginning. “Start with one or two things. Ask it business questions. Look at engines like a Magic 8-Ball and ask high-level business questions.”
The end-user, building owner, building manager, and manufacturer have different perspectives and different needs, Elliott points out, so they will use different data. For example, contractors are concerned with perfecting installation efficiency: audit loss, centralized programming, and configuration. “They want faster and easier installation.” From a manufacturing perspective, she says the focus is on “less time, less money.” Building managers are interested in efficiencies, productivity, and occupant experience.
Ultimately, data enables flexibility; therefore, you need a flexible design, Elliott continues. The Internet of Things (IoT) enables operational systems that deliver more accurate and useful data for improving operations and providing the best experience for occupants. “It enhances convenience when you know a user’s preferences and can set it to them. You then have happier, more productive employees.”
The Internet of Things
The IoT is a term to identify various technologies and applications that allow devices and locations to generate and share data with each other and with other information technology systems via the internet, which provides data to indicate how well they’re working, their position, and other information.
According to market research firm IHS, in 2015 more than 15.4 billion gadgets fell into this category. That number is expected to double by the end of 2020, and double again by the end of 2025.
“The Internet of Things exists and is a tremendous driver for interaction with architectural and engineering aspects of buildings,” believes Shircliff. “Even if we put aside all of the consumer and mobile technologies for a moment, the Building Internet of Things is enough for a very long list, including building controls systems, meters/sub meters, sensors, renewables, generators, and storage.”
Those Building Internet of Things (BIoT) aspects can drive a comprehensive, automated experience that supports productivity, experience, comfort, and operational efficiency. Shircliff believes that consumer and mobile IoT items such as wearables, smart phones and tablets, computers, and other electronics will increasingly join with the BIoT to create a more seamless human-to-building interaction.
The IoT is creating a shift in human interaction with the built environment, Kasper adds. “At one point, buildings were valued only for the protection from the environment and for creating an orderliness for how occupants, furniture, and even business functions were organized within a physical structure. Today, there is a shift in focus to creating a symbiotic relationship between human function, business function, and additional benefits that a building can provide.”
IoT-enabled building management systems can reduce energy usage, alert to needed maintenance and repairs, and lower administrative costs through continuous monitoring and predictive capabilities. Being able to address repairs and maintenance issues before occupants are aware that anything is wrong has been a game changer, but now data is able to do even more.
Data can track space usage patterns, identify consumer demands and occupant behavior, and enhance occupant experience, thanks to sensors that track motion, pressure, light, temperature, and flow, and can communicate through a network in real time.
As more devices are connected to each other, such as HVAC, lighting, and security, there is a more seamless user experience. “Data collected from these once disparate systems can now be used to cater comfort on an individual occupant basis or reduce energy use based on work schedules and occupant density,” elaborates Kasper. Rather than a control system tasked with creating a base level of comfort for all occupants, control systems and networked devices can deliver more precise comfort to individual tenants while reducing energy consumption.
Comfort and convenience are going to cost you—but they’re going to cost you less because the cost of sensors, data storage, and connectivity is falling. And, as the technology becomes more affordable, adoption is increasing.
While commercial buildings have been the highest adopters and users of the IoT, industry insiders forecast that smart homes will surge past them in 2018 with more than 1 billion connected technologies. “The technology used in building control systems spills over into the residential realm,” explains Daubenspeck, who observes “a lot of innovation like cloud-based technology” moving in that direction as both standalone and distributed devices begin leveraging algorithms.
A study by the Deloitte Center for Financial Services predicts that sensor deployment in the real estate sector will grow at a compounded annual rate of 78.8% from 2015 to 2020, reaching nearly 1.3 billion.
GreenBiz estimates that cities alone could spend $20 billion on sensor networks by 2020, and cites a Navigant Research report that revenue related to installations of sensor-equipped lighting, climate control equipment, thermostats, and other automation systems could quadruple over the next decade to about $732 billion. GreenBiz also states that “ABI Research predicts that revenue related to IoT-enabled smart building technologies [predominantly smart lighting and HVAC control systems] should grow to more than $8 billion in 2020.”
The IoT has had, and continues to have, a considerable impact that reaches beyond cost savings to operational efficiencies, improved occupant experience, and revenue generation opportunities. More recently, it goes beyond smart thermostats that adjust temperature and humidity levels or lights that sense a presence. Making buildings more efficient centers on data collection.
Installing sensors and automatic features has been done for years, yielding cost savings and operational efficiency by way of better energy management and lower personnel costs. “Smart thermostats, HVAC, and lighting controls are low-hanging fruit,” says Daubenspeck, adding that building managers can save 10–30% by doing “simple stuff like schedules.”
It’s easy to make the business case for IoT technology, Daubenspeck believes. “Energy is easy. You’re looking at a 12–24-month ROI. It will have a productivity impact on operations and maintenance because you can detect issues early and fix them.”
On the horizon, he envisions the opportunity to leverage smart buildings to drive common retail sales, conceiving the ability to customize the environment per customer to control things like lighting, temperature, and music. “Better lighting could improve sales!”
Customization makes customers more comfortable, but communication with them helps build relationships. Sensors in shopping malls can offer services directly to the consumer. The same technology that improves customer experience also helps business owners track retail sales via smartphones. “Our ability to interact with buildings will continue to evolve—and it will be integrated,” predicts Daubenspeck.
But—there is always a but—there can be security issues when customers are allowed to directly interact with a company’s smart systems. “You must get IT involved,” insists Daubenspeck.
In fact, IT may be involved in more ways than merely looking at the security of systems. Daubenspeck mentions one Ecova client, a global convenience store chain with headquarters in Texas that installed smart pizza ovens for improved energy efficiency and sustainability. “It was driven by IT internally,” he notes. “Corporate facility managers are not cutting-edge. You’re going to see other groups in corporate organizations push technological initiatives.”
Security, AI, and the Cloud
Smart building design has moved squarely into the electronic/data realm. While there are still progressive and evolving design elements such as materials, shapes, and sizes, the broader IT themes such as big data, cloud, IoT, artificial intelligence, and cyber security are driving, and will continue to drive, smart design. “Of those themes,” says Shircliff, “cyber security has taken a dominant position, since all the others depend on it.”
As the IoT and the idea of interconnected devices spread throughout the building industry, AI can be leveraged to do autonomous control, enhance security, and even interact with the occupants of the building. “Tesla is a great example of taking an ordinary mundane task, such as operating a vehicle, and applying AI to assist, and eventually completely control, a basic yet complex task,” elaborates Kasper. “I predict that the same will be true for operating a building’s HVAC, lighting, and security systems.”
It’s already starting to play a role in the buildings of the future. Today, companies such as Ecorithm use AI to understand how environmental conditions dynamically interact with the transience of occupancy and how a control system responds.
Artificial intelligence is the glue for all of it, Murchison believes. “In buildings, this will feel like a mix of controls systems, integrated systems sequence of operations, Amazon Alexa, and a scene from the movie Minority Report. You will be able to ask or command things about the building, in addition to it just knowing that, because you pulled in the parking deck, that you need an elevator brought down, security to let you in, ingress lighting to your desk, and heat turned on if it’s off-hours. We have nearly all of the tools to enable Minority Report, but as usual, it’s a matter of planning, willpower, use cases, and value propositions.”
It’s also a matter of more data, Elliott reiterates. “AI increases preventative and predictive maintenance, but it needs more data to look at patterns and conditions for the best scenario.” While the integration of systems allows for efficiencies by automating processes, she says tagging will help pinpoint the location of issues for “just-in-time” maintenance. The ability to analyze the data redefines the role of the building manager.
Emerging technology is redefining roles and processes. Daubenspeck talks about “bring-your-own-thermostat technology” for light bulbs, sensors, and meters that connects directly to the cloud. “It’s the future. Now you can build a solution in the cloud that is not dependent on any specific brand.” Previously, proprietary hardware platforms were the norm, but he explains that it’s more attractive to have a solution that’s not dependent on one vendor because it offers more options, fewer limits, and it might even be cheaper. “Technology will get smarter with the cloud; it understands functions and the sequence of operations. It’s a shift in business models, it’s the next step in the evolution: edge direct to cloud using agnostic devices. Closed-loop systems are in the past. This is a paradigm shift.”
Building automation systems have historically been installed with convenience in mind. Isn’t that why facility managers started using a browser instead of having to install a specific application on all the PCs that needed to access the BAS? Lower cost, greater portability, and ease of access.
Web access remotely was the next logical step for both the facility manager and the supporting vendors. Facility managers could check their systems through a web browser, and vendor cost could be reduced because they could access the system remotely through a browser and pre-diagnose or fix the issue before rolling trucks.
In the early days, IT really didn’t have or want to have anything to do with these systems, so BAS vendors took on the responsibility of running cable, installing unmanaged switches, and setting up remote access. Remote access was often accomplished either by using a public IP (a public IP is a globally unique address that can be accessed over the Internet) or forwarding a public IP to a private IP through a standard, internet service provider (ISP) router.
Public IPs were used in personal computers that ran the web service/application that enabled facility managers to view and interact with the BAS remotely. The vendor could also view, control, and reprogram the application through the public IP. Because the vendor could also program remotely, public IPs were extended to devices to facilitate programming. As a result the system was totally exposed.
At the time, being exposed was okay to both the end user and the vendor because no one was actively seeking out these systems. That’s all changed. Devices are now in the hacker’s crosshairs.
Why has this changed? The simple answer is that devices offer the path of least resistance. Hackers may or may not be looking to compromise or destroy equipment. They may be looking for another way into the company network, and they know that control networks have little or no security and that these networks are not typically monitored for threats or intrusions.
How do hackers find your BAS?
Up until 2009, search engines were not specifically looking for Internet-connected devices. In 2009, Shodan was launched. It was the first search engine dedicated to searching for Internet-connected devices, also known as the IoT (Internet of Things). The intent was to catalog the number of devices (not websites) active on the Internet. Users could search free of charge for specific devices from specific manufacturers.
A byproduct of indexing Internet-connected devices was that now the bad guys could use this tool to find devices and probe for vulnerabilities.
In 2015, Censys was created at the University of Michigan and made available to the public for free. Censys, like Shodan, crawls the Web in search of Internet-connected devices. And like Shodan, both security researchers and hackers can use it.
Censys and Shodan both index and add tags to the devices. Why tags? It makes searching easier. You don’t have to know a query language, just know the tags. If you wanted to find all the building control system devices in the world that Censys has indexed, you would enter “building control” in the search box and in less than a second you would have a list. You could do the same for any of the tags shown. The large list of tags makes searching for devices easy to do and easy to refine.
Censys provides a lot of useful information for both good guys and bad guys, including the system version, the host ID/license, the host name, and the name of the building where the device resides. It also lists the geographic location of the device, manufacturer, OS version, ISP, etc.
After a device has been found, several software applications make compromising a device relatively easy. For example, if a hacker can find a BBMD (BACnet broadcast management device), they can have full command and control without having to crack the username and password. And the tool to do this is free. Anyone can download it from SourceForge.net.
What could happen?
When the first concerns about cyber security for control systems were raised, some in the field would ask, “So what if someone turns off the lights?” Today, there is widespread understanding that hackers can cause life safety issues, financial loss, and brand damage to companies.
Let’s unpack of few of these incidents. Most of them could have been prevented.
When the subject of cyber security for control systems comes up, the obvious thing that people think of first is loss or damage to equipment. If a generator were to be attacked and destroyed there is a cost of replacing the generator. (Here’s a Department of Homeland video of a staged generator attack.) But who would think that a printer connected to a parking system could cost a company six figures? One organization had an exposed printer and someone printed, “There is a bomb in building.” Nothing was damaged, right? Wrong. The high-rise building had to be evacuated, causing work to stop, yet salaries were still being paid. Emergency personnel were dispatched. And brand damage was inevitable and as of yet not quantified.
Another common situation involves the loss of front-end access. In one case, the front-end application was crippled, causing business cessation for 48 hours. Ransomware can also block front-end access. In 2017, there were numerous ransomware attacks on control systems. These caused stoppages in some cases and investigation in others, but for both the financial impact has not been fully realized due to ongoing review. In all the cases just noted, these attacks could have easily been prevented.
Most commercial, industrial, and retail buildings today use some level of intelligent system, most commonly in lighting, HVAC, or security. Because the technology is advancing so rap- idly, it’s now possible to collect more data and use it to accomplish many more tasks.
Previously, building owners often installed building management systems piecemeal, usually starting with light- ing or HVAC. With multiple automated systems, data must be collected from multiple places. Overcoming the limitations of individual systems, some owners and managers switched to partially integrated systems that combine networks and automation of specific functions. The more integrated systems generally require less manual intervention, thus enabling faster decision-making.
Over the past several years, the building industry has recognized the importance of modernizing building HVAC and lighting system designs to enable interconnection, data collection, and analysis, increasingly turning to fully inte- grated building manage- ment systems. Using one infrastructure to manage all the building’s systems minimizes manual inter- vention, increases produc- tivity, and produces even more data.
Integrative process design is not new, states Gina Elliott, business devel- opment for emerging mar- kets, Viconics Electronics, but now it’s adopted more for operational efficiencies because it is less compart- mentalized and can work across trades: mechanical, electrical, and IT.
For years, it’s been accepted in large commercial facilities such as standalone retail stores like Costco and Home Depot, says Jamie Daubenspeck, director of facility technology at Ecova, but now there’s also a lot of adoption in medium and small commercial facilities—those that are less than 10,000 square feet in size, like convenience stores.
Elliott believes it’s more readily adopted now because of the ability for multiple systems to operate in tandem. “You can’t have different teams working independently.” She says that’s a change in the design itself.
It’s not that we’re missing much technology now, argues Tom Shircliff, co-founder and principal at Intelligent Buildings. “There’s no lack of algorithms, but the industry is frag- mented so we’re a decade behind in adopting the technology.”
There’s plenty of technology and systems to make anything happen, agrees his colleague and co-founder, Rob Murchison. “The conversation has changed from systems to use-cases. We talk about scenarios and what it takes to make them happen.
Data, Data, Data
The conversation is not the only thing that has changed. Shircliff says that he no longer considers Intelligent Buildings a sustainability company. “We’re an energy efficiency company.” Of course, smart building systems are about more than just efficiency. They’re also about health and productivity, as well as sustainability. “It’s a balance, and it’s all driven by data.”
“Granular analysis is helping to revolutionize how we think about smart building design, from occupancy usage patterns to how controls systems respond to changing con- ditions,” says Don Kasper, vice president of operations at Ecorithm. “This deep understanding of building science and operation will help us form a basis for technologies like AI,
blockchain, and cloud- based services to automate building operations and allow buildings to become a much more interactive environment.”
Energy efficiency impacts occupant comfort. As Elliott explains, smart technology does two things. Firstly, by tagging energy transactions, the building management system allows facility managers to segment devices to collect more and better data. “You see more points and have more access
with edge devices, enabling you to determine the cause [of issues] faster. Tagging lets you know all the building so you can focus on improving the occupant experience.”
Tagging also provides more information on points within a device. By identifying additional devices and points, tagging allows facility managers to acquire more data. Understanding the relationships between rooms and devices and how things function can reduce false detection diagnostics. It affords build- ing managers the ability to perform proactive maintenance. However, it also requires changes in policy regarding the amount of bandwidth needed, as well as security practices.
Previously, Elliott explains, there was no interface with IT systems, but now, most are IT-enabled. “You can access directly to the device with an IP address. That way, the manufacturer can monitor its own equipment through device-to-cloud con- nectivity.” IP-enabled devices can facilitate intelligent decision- making by automating point decisions and enhancing strategic insights. She says it offers more data performance, but there is a downside: when giving out IP addresses, you need to incor- porate best practices regarding security and bandwidth.
The latest design trends are aimed at data-driven deci- sion-making and are setting the stage for “some really cool technology” in the near future, Kasper foresees. “In 2018, there is a strong emphasis on open protocols, open-source software, edge analytics, and cloud-based services to begin collecting data from devices, networking disparate systems together, and creating a path forward for data-driven decision-making.”
It’s all about big data and the cloud, Murchison concurs. “If a building can capture data and make decisions, that’s a smart building.”
Now that there is new data being collected, Daubenspeck ponders, what to do with the data? So much data is now being collected, used, and accessed in different ways, it can be overwhelming.
What do we do with data? “Put it in a bucket in the basement,” says Shircliff, only half in jest. “It will be useful when you figure things out.” More realistically, he advises those new to data overload to limit themselves in the begin- ning. “Start with one or two things. Ask it business questions. Look at engines like a Magic 8-Ball and ask high-level busi- ness questions.”
The end-user, building owner, building manager, and manufacturer have different perspectives and different needs, Elliott points out, so they will use different data. For example, contractors are concerned with perfecting installa- tion efficiency: audit loss, centralized programming, and con- figuration. “They want faster and easier installation.” From a manufacturing perspective, she says the focus is on “less time, less money.” Building managers are interested in efficiencies, productivity, and occupant experience.
Ultimately, data enables flexibility; therefore, you need a flexible design, Elliott continues. The Internet of Things (IoT) enables operational systems that deliver more accurate and useful data for improving operations and providing the best experience for occupants. “It enhances convenience when you know a user’s preferences and can set it to them. You then have happier, more productive employees.”
The Internet of Things
The IoT is a term to identify various technologies and appli- cations that allow devices and locations to generate and share data with each other and with other information technology systems via the internet, which provides data to indicate how well they’re working, their position, and other information.
According to market research firm IHS, in 2015 more than 15.4 billion gadgets fell into this category. That number is expected to double by the end of 2020, and double again by the end of 2025.
“The Internet of Things exists and is a tremendous driver
for interaction with architectural and engineering aspects of buildings,” believes Shircliff. “Even if we put aside all of the consumer and mobile technologies for a moment, the Build- ing Internet of Things is enough for a very long list, including building controls systems, meters/sub meters, sensors, renew- ables, generators, and storage.”
Those Building Internet of Things (BIoT) aspects can drive a comprehensive, automated experience that supports productivity, experience, comfort, and operational efficiency. Shircliff believes that consumer and mobile IoT items such as wearables, smart phones and tablets, computers, and other electronics will increasingly join with the BIoT to create a more seamless human-to-building interaction.
The IoT is creating a shift in human interaction with the built environment, Kasper adds. “At one point, buildings were valued only for the protection from the environment and for creating an orderliness for how occupants, furniture, and even business functions were organized within a physical structure. Today, there is a shift in focus to creating a symbiotic relation- ship between human function, business function, and addi- tional benefits that a building can provide.”
IoT-enabled building management systems can reduce energy usage, alert to needed maintenance and repairs, and lower administrative costs through continuous monitoring and predictive capabilities. Being able to address repairs and mainte- nance issues before occupants are aware that anything is wrong has been a game changer, but now data is able to do even more.
Data can track space usage patterns, identify consumer demands and occupant behavior, and enhance occupant experience, thanks to sensors that track motion, pressure, light, temperature, and flow, and can communicate through a network in real time.
As more devices are connected to each other, such as HVAC, lighting, and security, there is a more seamless user expe- rience. “Data collected from these once disparate systems can now be used to cater comfort on an individual occupant basis or reduce energy use based on work schedules and occupant den- sity,” elaborates Kasper. Rather than a control system tasked with creating a base level of comfort for all occupants, control sys- tems and networked devices can deliver more precise comfort to individual tenants while reducing energy consumption.
Comfort and convenience are going to cost you—but they’re going to cost you less because the cost of sensors, data storage, and connectivity is falling. And, as the technology becomes more affordable, adoption is increasing.
While commercial buildings have been the highest adopt- ers and users of the IoT, industry insiders forecast that smart homes will surge past them in 2018 with more than 1 billion connected technologies. “The technology used in building control systems spills over into the residential realm,” explains Daubenspeck, who observes “a lot of innovation like cloud- based technology” moving in that direction as both standalone and distributed devices begin leveraging algorithms.
A study by the Deloitte Center for Financial Services pre- dicts that sensor deployment in the real estate sector will grow at a compounded annual rate of 78.8% from 2015 to 2020, reaching nearly 1.3 billion.
In 2015 the smart buildings solution space paradoxically generated more excitement, more progress, and yet more confusion.
The industry has clearly acknowledged the role of Information Technology (IT) in both existing and future development/management models, and we all know that our building controls run on IT. Hence, we have to manage both risk and opportunities inherent, most notably:
Rising cost structure
Skills gaps
Increasing occupant demands
Cyber security
Organizational misalignment
Realcomm has tabulated over 130 viable, commercial smart building solution types and counting. This ratchets up the noise level and adds to the chaos in the marketplace. At some point you have to ask yourself about your motivations before stabbing at 130 solutions. The general answer is simple – you are trying leverage the technology to reach your existing goals such as mitigating risk, lowering cost structure, reducing energy and operational costs, enhancing sustainability, improving occupant experience and productivity and other fundamental real estate aims. ‘Smart’ does not create new goals, but helps you reach existing goals faster and less expensively and, with lower risk.With a commercial office marketplace of 12 billion square feet in the U.S. alone and a BOMA estimated $8.45 per square foot of operating costs, the opportunity for smart strategy and solutions is enormous.
Let’s take a look back at several of the themes of 2015:
Big data analytics continued their march: The adoption of analytics picked up pace and many real estate organizations are not debating if but when. Analytics are already prominent in other industry segments such as healthcare, manufacturing, financial services, retail and even pro sports , and real estate is not immune to the cost-value ratio that big data can bring.
IoT in real estate or BIoT (Building IoT): Even though BIoT has become a phenomenon, this is not just about the distant IoT future. Many IBCon case studies and breakout sessions have illustrated portfolios that are gathering and analyzing billions of data points generated by run of the mill controls systems, not including additional added sensors. Most estimates show that by 2020, 40 percent of all data will come from sensors. In order to make an IoT environment most beneficial, the aforementioned analytics will have to leverage more automated methods to analyze volumes of data; and find new ways to apply relevant rules without manually selecting them, and then use ML (Machine Learning) to further accelerate the benefits.
Back office and front of house integration: We have seen APIs, partnerships and even M&A that indicates the back office systems such as IWMS (Integrated Work Space Management), EAM (Enterprise Asset Management) and CMMS (Computerized Maintenance Management System) are ready for energy, analytics and controls data to help drive work orders automatically, support capital planning and manage staffing levels more efficiently. We can expect this to continue in the spirit of big data, integration, interoperability and analytics. This pushes the industry more towards “data driven decision making” in both manual and automated ways.
Cyber Security: The 2015 IBcon conference in San Antonio showed us the rising intensity of cyber security, with standing room only sessions and hallway buzz spurred by the presence of numerous federal agency speakers. Testimony by leading developers and managers on this crucial topic was revelatory. Ironically, the cyber issue is not caused by smart buildings, but helped by them. Without smart buildings, there are millions of Internet-connected systems with little or no cyber security provisions, and nearly all are managed by disparate contractors, not the building owners or managers. With the increased attention cyber security has generated, we can anticipate this will only grow in importance, and 2016 will see many more case studies, solutions and organizational action. The first step should be a representative inventory of buildings to determine their “score” or the extent of possible exposure.
Organizational Alignment: This was also an issue when we were just talking about controls systems’ convergence on a common IT network, and how to buy licenses for lighting control or other point solutions. But now the advent of cloud, analytics, software driven controls, back office integration and cyber issues has introduced a new criticality for our internal decision making, budgeting and turf wars. This is part of strategy and change management and must continue to be addressed.
Let us suggest that you make a New Year’s resolution to craft a plan and framework for how to leverage ‘smart’ in your organization: with a business purpose, and then plug solution vendors into your plan (not vice versa). There are many educational opportunities available through Realcomm, IBcon, CoRE Tech, webinars, advisories and Realcomm Edge magazine. Additionally, there are numerous consulting groups that can help you establish the principles of a strategy, framework and architecture. Make 2016 the year you cut through the smart building noise!