Navigant Research Blog

Intelligent Digital Systems Enabling New Strategic and Operational Paradigms

— March 20, 2017

Data in and of itself has little value. Dashboards and other business intelligence software are excellent at compiling and displaying collected data from a multitude of sources in a useable and understandable format. At times, however, these analytical tools do not go deep enough with intelligent calculations on that data to transform a business, increase efficiency, promote deep understanding and learning, and add the most value. In these instances, it can be a case of you don’t know what you don’t know—leaving important insights on the table.

A good yet simple example of this was outlined in an IBM white paper on facilities management. A commercial building designed to accommodate 1,800 people showed an occupancy rate (assigned space) of 66%. However, further study of the data using access card information showed that average daily occupancy was only 28%, leading to a better understanding of the actual space being used and paving the way for eliminating unnecessary costs associated with rather large and consistent underutilization of the facility.

Beware of Silos

In energy efficient buildings, care must be taken when assuming that smart components are always operating efficiently and in the best interests of whole building optimization. In a recent interview, an intelligent building component OEM stated that he has seen instances where the intelligent cooling and heating equipment each reported that they were operating at peak efficiency—but they were efficiently cooling and heating the building simultaneously. In this instance, the overlord building energy management system (BEMS) identified and resolved the issue. Intelligence systems operating in a silo can be as ineffective as data that has yet to be transformed into useful information.

Analyze the Analytics

Today, the general use case for data analytics is well understood and accepted. This acceptance arose in a similar fashion to a market dynamic that happened in the LED lighting industry. Ten years ago, questions arose when LEDs were specified for a construction or retrofit project. Today, questions arise if LEDs are not specified for a project. The same largely holds true now for BEMSs and other intelligent systems that generate analytics regarding building performance. With the variety of analytics engines available in the market—at all price points and complexity levels—it is assumed that some form of analytics will be included in any efficiency effort, no matter how deep or superficial the project is.

Open communication standards have enabled access to this disparate universe of intelligent and connected digital systems and the data they generate. The cross-pollination of information from these diverse data-driven systems opens a multitude of possibilities that reverberate across the entire organization with all key stakeholders, enabling new paradigms of strategy formulation and operational success.


It Happened Again: Another Leak

— March 10, 2017

A major cybersecurity vulnerability has happened again. A bug in the code of Cloudflare, a provider of content delivery networks, Internet security services, and distributed domain name services, appears to have leaked encrypted, private data from some of the company’s 4 million clients.

According to security researcher Tavis Ormandy, “private messages from well-known services, [personally identifiable information] from major sites that use Cloudflare, and even plain text application program interface requests from a popular password manager” were included in website code generated by Cloudflare’s ScrapeShield feature.

Intelligent and Vulnerable Buildings

There is no reason to believe the bug in Cloudflare will present a vulnerability to any intelligent building. Cloudflare is used for websites, not buildings. But this incident is a reminder of how easily data can leak onto the Internet, even with the best of intentions. An increasing amount of building data is being collected and stored using the Internet. Indeed, large datasets have the potential to improve energy and operational efficiencies. In Navigant Research’s Data Integration for Intelligent Buildings report, the market for the incorporation of data from commercial buildings to develop analytics platforms is forecast to grow by an order of magnitude over the next decade.

With more gateways necessary for data collection, more points are available for cyber attacks to occur. Attackers seeking entry into corporate networks look for the path of least resistance. This could be an unpatched or improperly configured gateway for a building management system. But—perhaps the more pervasive threat (as demonstrated by the Cloudflare vulnerability)—is that data stored anywhere could be leaked. The very reasons why building data promises better business operations can turn sinister in the wrong hands.

Retailers, for instance, can analyze occupancy data to create consumer heat maps to optimize store layout. But that same data could be used to estimate financial performance based on customer footfall; this non-public information could be used to boost a trader’s position on the retailer’s stock. Moreover, the same occupancy tracking could be used to facilitate theft, stalking, or even terrorism in a variety of commercial facilities, including offices, healthcare, or education buildings. Despite these potential risks and the inherent difficulty in keeping data secret, the improved energy and operational efficiencies created by better connected buildings promise to change commercial buildings for the better.


Defining Companies in the Digital Age

— December 15, 2016

Intelligent BuildingAs I mentioned in a previous blog, a company that does not have some form of automation or intelligence in its commercial building efficiency product or service will have little chance to compete in the changing market landscape. That’s a pretty strong statement, and maybe one that not everyone agrees with. It seems to be the direction that macro market trends are moving, however, and there are plenty of examples to back it up.

One of the most compelling observations about the changing face of automation and intelligence was made in a keynote address by Jeffrey Immelt, Chairman and CEO of General Electric (GE), at the Intelligent Platforms User Summit back in 2014. The comment he used to frame his speech was, “If you went to bed last night as an industrial company, you’re going to wake up this morning as a software and analytics company.”

Long Road to Change

This is easier said than done, and GE knows it. The company has been working on this strategy for over 5 years and through $1 billion in investment, and it is still not yet fully transformed. But this shift is the company’s goal. GE’s software business is growing 20% per year with a goal of $15 billion in revenue by 2020, a benchmark which would make the company a top 10 software player.

Not every participant in the field will end up as a software company; each must follow their own strengths and strategy. But it is imperative to build some form of internal capabilities to meet the demands of a new digital world. Each company has intellectual property (IP) that can only be completely understood and translated by internal resources that have boots on the ground. The job won’t get done with a software supplier or a software integrator alone. And who would trust this critical strategy solely to outsiders anyway?

The main point of my previous blog was that developing these types of intelligence and automation capabilities will not happen overnight, even by acquisition. Companies that did not have the foresight to start assessing the digital transformation years ago will be in serious catch-up mode in the years to come.


Cybersecurity and Intelligent Buildings

— September 12, 2016

Intelligent BuildingFor several years, information technology (IT) and operational technology (OT) have been converging. In commercial buildings, building automation systems (BASs) are trending toward more IT integration as building owners and facility managers see the value the technology creates. However, this increasing connection and interconnection of building systems also exposes them to malicious attacks from cybercriminals.

There have been a number of high-profile cybersecurity attacks recently, from Anthem to Sony to Target. The FBI now ranks cybercrime as one of its top law enforcement activities. Most of these attacks have focused on stealing credit card numbers, social security numbers, and other forms of personal information. But it’s important to remember that these types of attacks are not the extent of the damage that could be done. The Stuxnet worm was designed to attack programmable logic controllers and was discovered in 2010 after it had ruined almost one-fifth of Iran’s nuclear reactors. In some ways, this attack served as a proof of concept of attacks that could target building systems.

Building Vulnerabilities

Cyber attacks on computer networks are a ubiquitous and constant threat, costing victims hundreds of billions of dollars in damages each year. Organized crime groups, disgruntled employees, adversarial nation states, and even hobbyists are constantly scanning systems to identify entrances into networks. Poorly designed and maintained BAS networks can serve as access points for attacks.

Should companies really worry about the impact of a breached BAS network? It seems like the worst that a hacker could do is turn off the lights. Of course, in critical facilities (such as hospitals and data centers), disruption in building conditions can have direct operational impacts. But the threat is greater than that. A cybersecurity breach launched through a building management system (BMS) or BAS can also compromise the integrity and security of corporate networks that are operating within the building.

In 2012, security researchers Billy Rios and Terry McCorkle identified a vulnerability in the Tridium Niagara AX Framework that would allow such an attack. The team uncovered the ability to execute a directory traversal attack, which allows access to restricted directories and the ability to execute commands outside of the web server’s root directory by downloading and decrypting the file containing user credentials from the server.

In 2013, these two security researchers were able to bypass the restrictions of the BMS at Google’s Wharf 7 office in Sydney, Australia using the vulnerabilities in the Tridium Niagara AX platform. By this point Tridium had issued security patches to eliminate such vulnerabilities, but the patches were never installed in this facility. Facilities managers are accustomed to operating with equipment lifespans that reach as long as 20 years. Constantly identifying and updating building system software is a fundamental shift in thinking—and one that a sophisticated tech giant like Google apparently could not manage.

Making Buildings More Secure

Building networks were never created with security in mind, and the sophistication of hacking is evolving at an incredible pace. Traditionally, breaches of security followed a flow of infiltration to aggregation to exfiltration. However, attacks are now rarely restricted to a single system and are now designed to propagate after infiltration. Moreover, the threat isn’t just technological—it also includes social engineering by obtaining account information through spying or misrepresentation.

The IT industry has established protocols for monitoring and protecting computers and IT networks against these attacks. These protocols are well understood, as are the responsibilities that each IT stakeholder has to adequately defend a network. But these are new concepts in building systems, and there is a lack of clarity among most stakeholders. IT departments may expect facilities departments to manage cybersecurity threats of buildings systems, or vice versa. Alternatively, both groups may expect the solution vendor to provide a security solution out of the box.

The threat of cybersecurity is beginning to change attitudes and has created interesting challenges in the commercial building controls market. Awareness and education of building owners and operators remain a persistent challenge. Some are completely unaware of the potential damage a cyber attack on building systems can cause their business. However, even building owners and operators who are aware of and concerned about the vulnerabilities of their building systems are often unaware of what to do about the threat. Relatively few facilities have robust defense strategies in place.

Join Benjamin Freas at the Navigant Research webinar The IoT Transformation of Buildings on Tuesday, September 13 at 2 p.m. ET to learn more about cybersecurity risks in the buildings controls market.


Blog Articles

Most Recent

By Date


Clean Transportation, Digital Utility Strategies, Electric Vehicles, Energy Technologies, Finance & Investing, Policy & Regulation, Renewable Energy, Smart Energy Program, Transportation Efficiencies, Utility Transformations

By Author

{"userID":"","pageName":"Intelligent Building Management Systems","path":"\/tag\/intelligent-building-management-systems?page=2","date":"5\/25\/2018"}