PwC energy/power experts report that a top priority with these heads of operations and facilities is creating a truly secure automation and centralization of monitoring to manage their organization’s disparate, but critical, energy assets. They are finding that energy and power distribution infrastructures have elaborate and sophisticated network layers, and both BAS and SCADA do not possess a robust security framework that can deal with possible intrusions and malfunctions to ensure process safety and integrity. PwC reports that this is primarily due to a combination of an organization’s reluctance to invest in cybersecurity, coupled with the usage of legacy systems, which bring a whole host of issues like slow reaction speeds, incompatibility, and silos of isolation. Analysts have come to agree that to address such challenges, and without putting an energy infrastructure at risk, the best investment is in distributed energy asset management. Such systems have been developed from the ground up to specifically leverage the wide range of energy equipment an organization has already invested in — but do so in a safe, secure, and compliant way. What’s needed is an energy asset management system that integrates and leverages a campus of buildings’ existing energy meters no matter which brand, such as Square D, Powerlogic, GE, Itron, Elster, and Siemens; automatic transfer switchboards (ATS) from ASCO, Zenith, Russelectric; and generators from Caterpillar, Cummins, Kohler, Hitachi, etc. This way, an organization’s existing investment can be leveraged, since BAS packages are not typically vendor-agnostic and have to be configured manually from scratch. Additionally, with BAS packages, the integration of the numerous pieces of energy equipment is not at all seamless, nor secure.
Maximizing the Old and the New
Also, analysts suggest that the increasing higher input costs — stretched supply lines and the need to invest in expanded and diversified infrastructure — are putting significant impediments (and additional cost) into the value chain. For most organizations comprising large campuses — such as hospitals, factories, malls, supermarkets, industrial parks, airports terminals, military bases, universities, etc. — internal power efficiency and performance has become even more vital, especially because we are in an era where there is so much infrastructure that needs to be built, and smart asset management systems have naturally become a focal point.
Frost and Sullivan’s findings show that developing a better and more secure energy infrastructure runs parallel with the challenge of getting the most out of your existing, aging energy infrastructure. Maximizing the value of both the old and the new is the name of the game. Companies need to balance cost-effectiveness and risk, which is why BAS and SCADA applications are on the losing side of the coin, but still contemplated because they have been around for more than a decade and do integrate with legacy assets.
However, as cyber threats and their associated risks grow, the heads of engineering, operations, and facilities management are weighing in. The cost of a security breach or service disruption is ruling out the use of BAS or SCADA for automating energy infrastructures, which is putting vendors of such systems in a frenzy to find a plausible solution. For instance, the ISA Security Compliance Institute (ISCI) is emerging to formalize SCADA security testing, but it will inevitably take time before any protocol standards will be accepted as safe and secure.
"A great majority of SCADA vendors have started to address the risks of cyber threats by developing lines of specialized industrial firewall and VPN solutions for TCP/IP-based SCADA networks,” said Frost & Sullivan research analyst Katarzyna Owczarczyk in a recent statement. Across the spectrum of automation and control systems, statistics show that both BAS and SCADA systems have been specifically found to be more vulnerable to cyberattacks. This is re-affirmed by a number of high-profile attacks recently.
Most of the protocols communicating with both BAS and SCADA have their origins in serial communications and provide absolutely no security and, contrary to some of the “sales” jargon out there, are simply not foolproof, putting end-users in a vulnerable, risky position. Whether the communications are Modbus, TCP/IP, or OPC, the unfortunate truth is that these protocols actually increase the potential vulnerabilities within their facilities. Energy asset management systems, unlike BAS systems, have been developed to manage the growing complexity of distributed energy resources (DER).
The Value of a Digital Energy Network
The challenge for BAS lies not only within the monitoring process, but actually the optimization aspect that involves a wide array of resources integrated into a single smart digital energy network. Clearly there is an opportunity that goes beyond BAS capabilities and instead provides the ability to solve grid reliability and peak demand contingencies at the local distribution grid node level. Engineers and automation professionals familiar with BAS have begun to understand and appreciate the true value that comes with the implementation of a digital energy network and its ability to boost system efficiency, maximize the return on investment (ROI) in customer-owned generation and other DER assets, and ultimately ensure the highest level of business operational up-time. Another vulnerability area involved with BAS is its reliance on customization. By design, building automation software is custom — an individual has to write custom code, draw screens, and test applications to produce a working, fully functional product for the end user. Typically, there is little overlap from one client implementation to the next, so each customer receives its own code. While this may sound appealing, its end result is just the opposite — It’s a major red flag!
In general, customers are happy to get a solution built just for them. But if you think about it, it’s akin to deciding to build your own car instead of visiting your local car dealer. The car on that lot underwent years of design, processing, and testing prior to the manufacturer turning out a single unit. Similarly, in the digital energy network environment, affordability is also achieved via scale; something you just don’t receive with either a BAS or SCADA.
The hardware most often is represented as programmable gateways or PLCs that share many of the same issues as the software itself — very custom and, once implemented, very inflexible. That means if you used “Bob” for a custom PLC panel for controlling your widget-maker and collecting data, and then your business requirements change (or you have a component break), you’d better hope you can find Bob! And for most organizations today, such an individual-dependent process is unacceptable.
There is a paradigm shift from BAS and SCADA to a turnkey platform of subsystems within building management and operation to securely consolidate and centrally manage the monitoring of an organization's disparate energy assets. In addition, there seems to be shift to the enterprise-wide management of energy networks, allowing for better-equipped campus environment micro-grids, demand-response programs, and virtual power plants. Lastly, the systems that don’t require large amounts of customization and engineering reduce many of the issues involving security, time to implementation, maintainability, and cost — all of which are key factors that most organizations are grappling with today. Unfortunately, companies have invested a great deal of time and money in BAS and SCADA for managing their energy needs within their building campuses, so letting go of it can be particularly difficult. But the time is rapidly approaching when holding onto it may be even more agonizing.