Innovations in Comfort, Efficiency, and Safety Solutions.
The Move Beyond Building Automation Systems
to a More Secure Energy Infrastructure
EVP Technology and Operations,
Blue Pillar, Inc.
Building Automation Systems (BAS) have long been touted as the end all
be all systems for all facilities management and building operational
needs. If it is not BAS, then supervisory control and data
acquisition (SCADA) systems have been seemingly a popular choice.
The need to upgrade energy infrastructure around the world is spurring
BAS and SCADA deployments - but be wary! Industry experts Frost and
Sullivan, the Gartner Group and Forrester are warning of the increased
cyber-security threats and crippling system malfunctions. Analyst
market research collected to support the C-suite, such as heads of
operations, directors of facilities, and VPs of energy management,
point to adopting an industry-specific turnkey energy management system
that comprises several subsystems. PwC energy/power experts
report that a top priority with these heads of operations and
facilities is creating a truly secure automation and centralization of
monitoring to manage their organization’s disparate, but critical,
What they are finding is that energy and power distribution infrastructures have elaborate and sophisticated network layers and both BAS and SCADA do not possess a robust security framework that can deal with possible intrusions and malfunctions to ensure process safety and integrity. PwC reports that this is primarily due to a combination of an organization’s reluctance to invest in cyber-security, coupled with the usage of legacy systems, which bring a whole host of issues like slow reaction speeds, incompatibility and silos of isolation. Analysts have come to agree that to address such challenges, and without putting an energy infrastructure at risk, the best investment is in distributed energy asset management. Such systems have been developed from the ground up to specifically leverage the wide range of energy equipment an organization has already invested in - but does so in a safe, secure and compliant way. For instance, we developed an energy asset management system that integrates and leverages a campus of buildings’ existing energy meters no matter which brand, such as Square D, Powerlogic, GE, Itron, Ester and Siemens; Automatic Transfer Switchboards (ATS) from ASCO, Zenith, Russelectric; and generators from Caterpillar, Cummins, Kohler, Hitachi, etc. This way an organization’s existing investment can be leveraged since BAS packages are not typically vendor-agnostic and have to be configured manually from scratch. Additionally the integration of the numerous numbers of energy equipment is not at all seamless, nor secure.
Also, analysts suggest that the increasing higher input costs - stretched supply lines and the need to invest in expanded and diversified infrastructure - are putting significant impediments (and additional cost) into the value chain. For most organizations comprising large campuses, such as hospitals, factories, malls, supermarkets, industrial parks, airports terminals, military bases, universities, etc., internal power efficiency and performance has become even more vital - especially because we are in an era where there is so much infrastructure that needs to be built and smart asset management systems have naturally become a focal point.
Frost and Sullivan’s findings show that developing a better and more energy infrastructure runs parallel with the challenge of getting the most out of your existing aging energy infrastructure. Maximizing the value of both the new and the old is the name of the game. Companies need to balance cost effectiveness and risk, which is why BAS and SCADA applications are on the losing side of the coin, but still contemplated because they have been around for more than a decade and do integrate with legacy assets. However, as cyber threats and their associated risks grow, the heads of engineering, operations and facilities management are weighing in. The cost of a security breach or service disruption is ruling out the use of BAS or SCADA for automating energy infrastructures, which is putting vendors of such systems in a frenzy to find a plausible solution. For instance, the ISA Security Compliance Institute (ISCI) is emerging to formalize SCADA security testing, but it will inevitably take time before any protocol standards will be accepted as safe and secure.
"A great majority of SCADA vendors have started to address the risks of cyber threats by developing lines of specialized industrial firewall and VPN solutions for TCP/IP-based SCADA networks,” said Frost & Sullivan research analyst Katarzyna Owczarczyk in a recent statement. Across the spectrum of automation and control systems, statistics show that both BAS and SCADA systems have been specifically found to be more vulnerable to cyber-attacks. This is re-affirmed by a number of high-profile attacks recently.
Most of the protocols communicating with both BAS and SCADA have their
origins in serial communications and provide absolutely no security,
and contrary to some of the “sales” jargon out there, are simply not
foolproof, and put end-users in a vulnerable, risky position.
Whether the communications are Modbus, TCP/IP or OPC, the unfortunate
truth is that these protocols actually increase the potential
vulnerabilities within their facilities. Energy asset management
systems, unlike BAS systems, have been developed to manage the growing
complexity of distributed energy resources (DER).
The challenge for BAS lies not only within the monitoring process, but actually the optimization aspect that involves a wide array of resources integrated into a single smart digital energy network. Clearly there is an opportunity that goes beyond BAS capabilities and instead provides the ability to solve grid reliability and peak demand contingencies at the local distribution grid node level. Engineers and automation professionals familiar with BAS have begun to understand and appreciate the true value that comes with the implementation of a digital energy network and its ability to boost system efficiency, maximize the return on investment (ROI) in customer-owned generation and other DER assets, and ultimately, ensure the highest level of business operational up-time.
Another vulnerability area involved with BAS is its reliance on customization. By design, building automation software is custom—an individual has to write custom code, draw screens, and test applications to produce a working, fully functional product for the end customer. Typically, there is little overlap from one client implementation to the next, so each customer receives its own code. While this may sound appealing, its end result is just the opposite. It’s a major red flag.
To begin with, custom-coded systems are very difficult to test. Testing is usually limited to the go-live test at the end of a project, due to the complexity and limited time available for testing. Once tested and commissioned (assuming it was all clear, which is a big assumption), the next difficulty encountered is maintenance and modification. Custom code is difficult to maintain over time and leaves customers in a predicament as their infrastructure and/or system needs change. More often than not, the practical lifecycle for a fully implemented system is 2-3 years after which, due to an ever- increasing irrelevance, translates to increased risk, higher costs and time lost.
In general, customers are happy to get a solution built just for them. But if you think about it, it’s akin to deciding to build your own car instead of visiting your local car dealer. The car on that lot underwent years of design, processing, and testing prior to the manufacturer turning out a single unit. Similarly in the digital energy network environment, affordability is also achieved via scale; something you just don’t receive with either a BAS or SCADA.
The hardware most often is represented as programmable gateways or PLCs that share many of the same issues as the software itself; very custom and once implemented, very inflexible. That means if you used “Bob” for a custom PLC panel for controlling your widget maker and collecting data, and then your business requirements change (or you have a component break), you’d better hope you can find Bob! And for most organizations today, such an individual-dependent process is unacceptable.
There is a paradigm shift from BAS and SCADA to a turnkey platform of subsystems within building management and operation to securely consolidate and centrally manage the monitoring of an organization's disparate energy assets. In addition, there seems to be shift to the enterprise-wide management of energy networks allowing for better-equipped campus environment microgrids, demand response programs, and virtual power plants. Lastly, the systems that don’t require large amounts of customization and engineering reduce many of the issues involving security, time to implementation, maintainability, and cost; all of which are key factors that most organizations are grappling with today. Unfortunately, companies have invested a great deal of time and money in BAS and SCADA for managing their energy needs within their building campuses, so letting go of it can be particularly difficult. But the time is rapidly approaching when holding onto it may be even more agonizing.
About the Author
Brad Witter, Executive Vice President Technology and Operations of Blue
Pillar, Inc., manages the Digital Energy Network solution to enable
organizations to reduce energy spend and “monetize” assets through
higher participation in demand response and ancillary energy
markets. He supports customers in healthcare, commercial,
industrial and manufacturing, military, government, higher education,
datacenters and telecommunications, and off-grid/remote markets.
You can reach Brad at firstname.lastname@example.org and find additional
information about Blue Pillar at www.bluepillar.com.
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]