This article made available through the auspices of AutomatedBuildings.com.
Internet of Things (IoT) terminology is relatively new to the discussion as it relates to buildings, in fact, the choice of words does not really convey what it is, how you can use it, and why you should use it.
The IoT three letter acronym is really a catch-all for all devices (controllers or computers), data sources (sensors), and a data stream (historical data) that may include mobile connectivity, monitoring capabilities, standalone control capabilities operate peer to peer, or perhaps even use autonomous operation capabilities.
Experience with buildings was acquired over many years applying new technology, and along the way, knowledge was gained and standards refined. Technology alone does not solve problems but can be a helpful tool to get to a good outcome. It could be said that good outcomes = planning + technology + execution + integration. Buildings and their occupants have a low tolerance for lights turning off or heating not running, so robust reliable tried and true techniques are needed to assure the quality of service.
There can be unintended consequences of deploying IoT technology. Manufacturers and their integrators need to carefully assess their application to make sure that IoT devices do not adversely affect current systems.
Here are some key areas to consider before applying IoT:
This is probably the most overlooked requirement that all buildings need to consider. Security related to IoT should be a specification item as buildings are designed and then technologies selected. A fuller description of the different needs are beyond the scope of this article, but here are a few tips if you are tempted to deploy an uncertain technology:
- Does the manufacturer have domain expertise in IT security?
- What is inside the IoT device? (i.e. open source software, web servers, and 3rd party software)
- How often is the IoT device maintained? (i.e. does the manufacturer provide any risk mitigation)
- Does the manufacturer regularly update its end users, (i.e. contractors may be providing these, are the updates timely)?
- What are the connectivity options? (e.g. Wi-Fi, Bluetooth, Zigbee…each brings its own security paradigm)
- If the device is web based, what is the user authentication paradigm? (2-step authentication is becoming more popular as passwords can be cracked with brute force algorithms.)
- At a minimum, the systems should deploy strong passwords, with expiring credentials. Passwords should never be sent in clear text that could be easily intercepted by simple free TCP/IP scanning software.
- If remote connectivity is an option does the system deploy HTTPS (SSL) or have built-in Virtual Private Network (VPN) to secure the connection against man in the middle attacks?
- If the device has ports, like USB, can software be uploaded changing its intended purpose?
Following the deployment of IoT or any building technology, it is advisable to check and recheck periodically that IoT devices have not been connected directly to the internet. A useful tool for this is https://Shodan.IO (search engine for the IoT). It’s quite revealing to see what devices are connected and very visible.
There have been highly publicized malicious attacks like the Target hack which relate to poor user credential management. Another recent example includes IP cameras which sparked a wide-scale internet outage. Simple improvements like strong passwords with expiration dates could prevent many opportunistic attacks. Also physically restricting access to devices that contain intellectual property or valuable customer data would provide a better safeguard.
IoT devices may offer new and interesting ways to interact with building systems and provide insight into building operations. It’s important to keep in mind that the user needs to be adequately prepared to monitor, troubleshoot, and service the IoT devices. Facility managers sometimes face stretched budgets and may be unable or unwilling to commit to ongoing service contracts.
- If the IoT devices use batteries, do they have adequate warning detection and preventative maintenance?
- Are the spare parts readily available and have they been budgeted for at the time of acquisition?
- Does the manufacturer provide comprehensive training for setup, operation, and troubleshooting? Is there an added cost?
- How long does the system or technology get support for?
IoT technology can be acquired as a subscription based system often referred to as SaaS (or subscription as a service) or as an on-premise technology where the customer purchases the software or hardware outright and owns the licensing.
- Subscription models can get the users into new technology at a reduced entry price and can get feature updates very quickly as the system is maintained by the provider. For some users, their budgets may not be amenable to subscription models. In some cases, subscription prices may increase as users are added to the system.
- Subscription providers may require end-user intellectual property or sensitive data to be held outside the enterprise. For end users such as banks, healthcare, military, and government this may not be permissible.
- On-premise products are usually provided with a fixed cost for installation and startup. In some cases, this may result in unexpected product and labor costs when new software versions become available.
- Most on-premise systems store data onsite and therefore get managed by local support resources.
Choosing the right system for their next IoT project depends on the customer’s budget objectives. Whether a subscription based or on-premise technology is used for an IoT project, the systems should meet the needs of the capital expenditure budget, as well as fit with the operating expense budget.
Open & Standard Protocols
In order to get the best out of IoT, it needs to coexist with the building systems, and not act as a silo of information like a standalone system. IoT devices should interoperate with known standards and protocols used with building systems. Standards assure the systems operate in predictable ways that facilitate better security, connectivity, and integration.
Standards come in a few varieties, so here are the common ones used in buildings for the last 20 years.
- BACnet (Standard and Open Protocol) is the building automation and control protocol that is open (meaning anyone can develop for it) and standardized by ANSI Standard 135-2012 - BACnet-A Data Communication Protocol for Building Automation and Control Networks.
- >Modbus (Open Protocol), is an open standard put forward by an organization that anyone can develop on, there are rules for implementers, but no certification or standards body that governs it.
- (Manufacturer Protocol), these are manufacturer created protocols that are sometimes free and open to develop but may have licensing restrictions or costs to deploy.
Leverage existing technology
IoT technology can solve problems when deployed with domain expertise, security, an appropriate cost model, and focused on delivering good customer outcomes.
As you consider IoT products make sure you have domain expertise to realize the goals of the system. Domain experts are usually people from engineering disciplines, technologists, or certified energy managers with first-hand experience applying building technologies in the field.
Current BACnet and Modbus protocols have a lot to offer, with known risks. Users may be able to achieve new applications and improve comfort and productivity with existing systems. Direct Digital Control systems have been around for years providing the infrastructure to create innovative applications and leverage new IoT technology now, and into the future.
Steven Guzelimian has more than 25 years working in Building Automation. He is currently the President at Optergy, a company dedicated to providing building and energy management products to help create healthier and productive environments.
LinkedIn Profile https://www.linkedin.com/pub/steven-guzelimian/5/331/455