Brad Witter, Executive Vice President, Technology and Operations , Blue Pillar, Inc. (Q4 / Fall 2013)
Building automation systems (BAS) have long been touted as the be-all and end-all systems for facilities management and building operational needs. If it is not BAS, then supervisory control and data acquisition (SCADA) systems have been seemingly a popular choice. The need to upgrade energy infrastructure around the world is spurring BAS and SCADA deployments — but be wary! Industry experts Frost and Sullivan, the Gartner Group, and Forrester are warning of the increased cybersecurity threats and crippling system malfunctions. Analysts’ market research collected to support the C-suite — including heads of operations, directors of facilities, and VPs of energy management — point to adopting an industry-specific turnkey energy management system that comprises several subsystems.
PwC energy/power experts report that a top priority with these heads of operations and facilities is creating a truly secure automation and centralization of monitoring to manage their organization’s disparate, but critical, energy assets. They are finding that energy and power distribution infrastructures have elaborate and sophisticated network layers, and both BAS and SCADA do not possess a robust security framework that can deal with possible intrusions and malfunctions to ensure process safety and integrity. PwC reports that this is primarily due to a combination of an organization’s reluctance to invest in cybersecurity, coupled with the usage of legacy systems, which bring a whole host of issues like slow reaction speeds, incompatibility, and silos of isolation.
Analysts have come to agree that to address such challenges, and without putting an energy infrastructure at risk, the best investment is in distributed energy asset management. Such systems have been developed from the ground up to specifically leverage the wide range of energy equipment an organization has already invested in — but do so in a safe, secure, and compliant way.
What’s needed is an energy asset management system that integrates and leverages a campus of buildings’ existing energy meters no matter which brand, such as Square D, Powerlogic, GE, Itron, Elster, and Siemens; automatic transfer switchboards (ATS) from ASCO, Zenith, Russelectric; and generators from Caterpillar, Cummins, Kohler, Hitachi, etc. This way, an organization’s existing investment can be leveraged, since BAS packages are not typically vendor-agnostic and have to be configured manually from scratch. Additionally, with BAS packages, the integration of the numerous pieces of energy equipment is not at all seamless, nor secure.
Maximizing the Old and the New
Also, analysts suggest that the increasing higher input costs — stretched supply lines and the need to invest in expanded and diversified infrastructure — are putting significant impediments (and additional cost) into the value chain. For most organizations comprising large campuses — such as hospitals, factories, malls, supermarkets, industrial parks, airports terminals, military bases, universities, etc. — internal power efficiency and performance has become even more vital, especially because we are in an era where there is so much infrastructure that needs to be built, and smart asset management systems have naturally become a focal point.
Frost and Sullivan’s findings show that developing a better and more secure energy infrastructure runs parallel with the challenge of getting the most out of your existing, aging energy infrastructure. Maximizing the value of both the old and the new is the name of the game. Companies need to balance cost-effectiveness and risk, which is why BAS and SCADA applications are on the losing side of the coin, but still contemplated because they have been around for more than a decade and do integrate with legacy assets.
However, as cyber threats and their associated risks grow, the heads of engineering, operations, and facilities management are weighing in. The cost of a security breach or service disruption is ruling out the use of BAS or SCADA for automating energy infrastructures, which is putting vendors of such systems in a frenzy to find a plausible solution. For instance, the ISA Security Compliance Institute (ISCI) is emerging to formalize SCADA security testing, but it will inevitably take time before any protocol standards will be accepted as safe and secure.
"A great majority of SCADA vendors have started to address the risks of cyber threats by developing lines of specialized industrial firewall and VPN solutions for TCP/IP-based SCADA networks,” said Frost & Sullivan research analyst Katarzyna Owczarczyk in a recent statement. Across the spectrum of automation and control systems, statistics show that both BAS and SCADA systems have been specifically found to be more vulnerable to cyberattacks. This is re-affirmed by a number of high-profile attacks recently.
Most of the protocols communicating with both BAS and SCADA have their origins in serial communications and provide absolutely no security and, contrary to some of the “sales” jargon out there, are simply not foolproof, putting end-users in a vulnerable, risky position. Whether the communications are Modbus, TCP/IP, or OPC, the unfortunate truth is that these protocols actually increase the potential vulnerabilities within their facilities. Energy asset management systems, unlike BAS systems, have been developed to manage the growing complexity of distributed energy resources (DER).
The Value of a Digital Energy Network
The challenge for BAS lies not only within the monitoring process, but actually the optimization aspect that involves a wide array of resources integrated into a single smart digital energy network. Clearly there is an opportunity that goes beyond BAS capabilities and instead provides the ability to solve grid reliability and peak demand contingencies at the local distribution grid node level. Engineers and automation professionals familiar with BAS have begun to understand and appreciate the true value that comes with the implementation of a digital energy network and its ability to boost system efficiency, maximize the return on investment (ROI) in customer-owned generation and other DER assets, and ultimately ensure the highest level of business operational up-time.
Another vulnerability area involved with BAS is its reliance on customization. By design, building automation software is custom — an individual has to write custom code, draw screens, and test applications to produce a working, fully functional product for the end user. Typically, there is little overlap from one client implementation to the next, so each customer receives its own code. While this may sound appealing, its end result is just the opposite — It’s a major red flag!
The digital energy network enables the management of digital energy resources in a way that lowers costs, assures compliance, and unlocks energy value.
To begin with, custom-coded systems are very difficult to test. Testing is usually limited to the go-live test at the end of a project, due to the complexity and limited time available for testing. Once tested and commissioned (assuming it was all clear, which is a big assumption), the next difficulty encountered is maintenance and modification. Custom code is difficult to maintain over time and leaves customers in a predicament as their infrastructure and/or system needs change. More often than not, the practical lifecycle for a fully implemented system is two to three years; after such time — due to an ever-increasing irrelevance — this translates to increased risk, higher costs, and time lost.
In general, customers are happy to get a solution built just for them. But if you think about it, it’s akin to deciding to build your own car instead of visiting your local car dealer. The car on that lot underwent years of design, processing, and testing prior to the manufacturer turning out a single unit. Similarly, in the digital energy network environment, affordability is also achieved via scale; something you just don’t receive with either a BAS or SCADA.
The hardware most often is represented as programmable gateways or PLCs that share many of the same issues as the software itself — very custom and, once implemented, very inflexible. That means if you used “Bob” for a custom PLC panel for controlling your widget-maker and collecting data, and then your business requirements change (or you have a component break), you’d better hope you can find Bob! And for most organizations today, such an individual-dependent process is unacceptable.
There is a paradigm shift from BAS and SCADA to a turnkey platform of subsystems within building management and operation to securely consolidate and centrally manage the monitoring of an organization's disparate energy assets. In addition, there seems to be shift to the enterprise-wide management of energy networks, allowing for better-equipped campus environment micro-grids, demand-response programs, and virtual power plants. Lastly, the systems that don’t require large amounts of customization and engineering reduce many of the issues involving security, time to implementation, maintainability, and cost — all of which are key factors that most organizations are grappling with today. Unfortunately, companies have invested a great deal of time and money in BAS and SCADA for managing their energy needs within their building campuses, so letting go of it can be particularly difficult. But the time is rapidly approaching when holding onto it may be even more agonizing.