Should Building Managers worry about scary movies?

threatsBuilding managers thinking of films to see this winter may give some thought to a previously little known comedy largely set in North Korea.

The successful cyber-attacks on Sony, one of the world’s best known corporations, and which lives and breathes digital technology, resulted in the release of reams of sensitive information, and led  Sony to delay the opening of the film. All this may on the face of it have little to do with the nuts and bolts of building automation, but it does fire another warning shot across the industry’s bows.

We have known for some time that buildings are vulnerable to cyber-attack. Not only can they be major targets in themselves, but they often offer an easy “back” door” into an organisation’s wider IT network. The successful attack on Target stores in the USA gained access via the company’s HVAC system which in turn allowed them into the more lucrative customer data records. BSRIA research shows that, in the USA for example, over 90% of all larger buildings (i.e. those with more than half a million square feet of space – or c. 50,000 m2) have some kind of building automation and control system (BACS), and many are to some degree at risk.

What is striking is that in so many successful attacks on buildings or infrastructure the problem had less to do with the cyber-protection systems in place than with the way in which they were being maintained and operated. At Target, alerts were generated but not acted on until after much of the damage was done. The earlier attack on Google’s Australian offices in Sydney were linked to the fact that an older version of the Tridium platform was still in use.

Many organisations lack effective processes and procedures, which in turn is linked to the fact that, even within the same organisation, building services and IT tend still to work in separate, parallel worlds.

All of this is compounded by the fact that BACS systems increasingly have at least one foot in the Cloud, and often several. Almost all major suppliers of BACS and Building Energy Management Systems (BEMS) offer at least the option of cloud based analytics, and the ability to access and manage multiple buildings remotely is seen as almost a “must-have” – outside of industries which have traditionally been hypersensitive about security. The cloud brings huge technical, social and financial benefits, but also greatly increases risk, as does the general spread of IT based functionality through buildings and devices, a process that the ‘internet of things’ is set to expand exponentially.

Major suppliers of BACS systems are talking publically about ways of addressing the challenge, and companies like Lynxspring are establishing a reputation in this area. In the UK the Institute of Engineering and Technology (IET) issued a Code of Practice for Cyber Security in the Built Environment in November 2014.

This blog was written by BSRIA's Henry Lawson

This blog was written by BSRIA’s Henry Lawson

Cyber-attacks tend to be motivated by political, ideological, or financial motives, or by a combination of mischief and malice. On all these scores, major buildings remain vulnerable especially when they are associated with prominent organisations, whether private or public.

In the latest edition of BSRIA’s market briefing Threats / Opportunities for Building Automation Systems, we look further at the cyber threat and what is being done to counter it. The study also looks at other major trends that are changing the profile and prospects of building automation. These include the development of more intelligent HVAC systems, (whether Direct Expansion or VRF based), the growth of ‘smart homes’ solution which are also snapping at the heels of the BACS market at the “lower end” of commercial buildings, the growing importance of building analytics and big data, and the rise of potential new global players, especially in countries like China and India.

We will be following these and other emerging trends through the course of 2015. It should be as exciting anything that Hollywood has to offer, for rest assured: The cyber threat (and much else) is coming to a building near you soon.

 

Additional Sources:

http://techcrunch.com/2014/08/05/smart-buildings-expose-companies-to-a-new-kind-of-cyber-attack/

The Institute of Engineering and Technology (IET) guidelines.

http://www.theiet.org/resources/standards/cyber-cop.cfm

Emerging themes from Innovate UK’s BPE programme

This blog was written by Peter Tse, Principal Design Consultant for BSRIA's Sustainable Construction Group

This blog was written by Peter Tse, Principal Design Consultant for BSRIA’s Sustainable Construction Group

Back in May 2010, Innovate UK (formally TSB) embarked on four year programme, providing £8m funding to support case study investigations of domestic new build and non-domestic new build and major refurbishment projects.  In total the programme has supported 100 successful projects to provide a significant body of work, that provide insights on the performance of various design strategies, building fabric, target performances, construction methods and occupancy patterns, handover and operational practices.  This work will be shared across the industry providing evidence based information, increasing industry understanding to support closing the loop between theory and practice, ensuring the delivery of zero carbon new buildings is more readily and widely achievable.

Currently project teams are concluding their investigations and collating their findings, and dissemination of the results of the programme will begin in earnest in the first half of 2015.  However, as the programme has progressed, there are some consistent themes that are emerging.  Focussing on the non-domestic projects, I will address a couple of these emerging themes.

The first is around adopting innovative building systems to deliver low energy consumption and comfortable conditions, and unintended consequences associated with these technologies.  This covers a broad spectrum of building technologies including solar thermal, heat pumps, biomass boilers, earth tubes, rainwater harvesting, controls and natural ventilation strategies.  Innovation in its essence will have some inherent teething problems, which is often overlooked in the charge towards reaching our carbon reduction targets.  The obvious default stance is to specify proven and reliable technologies which are delivered by a team that is familiar with the technology, but our journey towards delivering true low carbon building in operation would inevitably be prolonged.

An additional level of complexity can be added with innovative systems; one healthcare facility introduced solar thermal and a combined heat and power (chp) unit, to supplement natural gas fired boilers for heating and hot water requirements. With several sources of heat complexity is added to the control strategy, trying to strike a balance between changing heat demands of the building and optimisation of the system.  This complexity, coupled with a requirement for increased operator understanding often leads to system underperformance.

The practicalities, maintenance and associated costs of innovative systems is seldom fully realised by clients.  An office reported success of the rainwater harvesting system, but were surprised at the frequency of filter changes to mitigate the system being blocked.  Another office had to regulate a fan associated with earth tube ventilation system, as running at a higher speed caused too much noise for occupants.  A school had ingress of water to an underground wood chip store rendering the biomass boiler idle for significant periods.  A hotel employed automatic external blinds which retracted in windy conditions to avoid damage, thus offering no shade to occupants during sunny, windy days.

DC-Innovative-Construction-Services-Building-Maintenance1It is clear a reality checking process is required for design decisions to mitigate such matters.  BSRIA’s Pitstopping guide, which resides within the Soft Landings framework describes a process that allows construction teams to periodically reconsider critical design issues by focusing on the perspective of the end user.  This also provides an opportunity for the client to understand the full ramifications of implementing innovative building systems for a more informed decision, and to align client expectations.

The second theme involves the process in delivering innovative technologies, with a particular a focus on commissioning and handover.  The commissioning period residing at the end of the build process is often susceptible to being squeezed.  When the decision has been taken to adopt an innovative building system, there is increased pressure during commissioning to ensure the system is operating as intended.  With the additional complexity associated with innovative technologies, it is vital the commissioning time is adequate to complete comprehensive scenario based testing; how is hot water delivered if the solar thermal does not provide a contribution, how is the building operator alerted the status of the system, how can the operator diagnose the problem, how long can the system operate without the solar thermal contribution without major detrimental effects etc.  To ease the burden on the commissioning period, it is clear commissioning should not be afterthought, but an integral part of the build process.

The commissioning period also signals a time where many of the stakeholders with tacit knowledge of the innovative building systems have changing responsibilities. It is vital this knowledge is captured for users before the opportunity is lost.  Building manuals, user guides and logbooks need to be completed so users can relate to their building environment, understand control of the environment and capture major alterations.

Figure 1 - South façade showing café, street and incubator office blockMany projects reported that guidance for both users and operators was often lacking, with several BPE teams developing guidance as part of their projects to support users.  Commonly BPE teams have also struggled to find initial design intent and operational strategy associated with innovative technologies, highlighting the importance of handover documentation.  Training of users is another key element to knowledge continuity, but several projects reported changes in staff being a core reason for innovative systems underperforming, as documentation was not kept up to date.  The value of clear concise user guidance is evident; BSRIA’s Building Manual and Building User Guides helps individuals responsible for creating building logbook and user guides.

In this blog, I’ve only addressed a couple of areas in regards to emerging themes, to hear more about findings from the programme, come hear me speak at the Energy Management Exhibition (EMEX), at Excel, London on the 20th November, 2014.  Additionally, join the BPE community at connect.innovateuk.org, and search for Building Performance Evaluation.

%d bloggers like this: