Data security is not currently a large part of the facilities management conversation for HVAC contractors. Despite the growing data pool being collected from the sensors and building management systems being installed, contractors, facilities managers, and IT departments alike have not been too concerned with room temperature data point records. These single points of data, spread sporadically throughout the building, were unimportant blips that — even when tied together — meant little to nothing to anyone. However, an increasing sophistication in these data points, and the metadata surrounding them, are advancing the need for contractors to understand what this data is, how it can be used, and how it should be secured.
GRASPING DATA AND METADATA
Data is defined by the dictionary as a single piece of factual information used as a basis for reasoning, discussion, or calculation; information in digital form that can be transmitted or processed. When a temperature sensor takes a reading of 75°F, that is considered data. Metadata is literally defined as data that provides information about other data. The facts gathered surrounding the 75° data point — such as it was measured at 8 A.M. in the auxiliary auditorium on Dec. 15, 2018 — is a simplistic example of metadata.
“Metadata is data about data,” said Brian Oswald, managing director, CBRE/ESI, Brookfield Wisconsin. “It gives additional information and context to other information and data assets within a building or portfolio. Typically, building metadata is collected during the deployment of a CMMS [computerized maintenance management system] or building analytics application. It can also be a part of an independent building survey process.”
Mechanical systems in buildings are yielding a diverse set of data points, like temperature, on/off status, damper position, and general operating parameters. This data is required for control, monitoring, trending, and alarming mechanical systems. Its importance becomes more pronounced when businesses like Cochrane Supply & Engineering in Madison Heights, Michigan, begin developing mechanical system data to be utilized by analytic and ERP databases that can optimize how mechanical systems perform, said Scott Cochrane, president and CEO of the company.
“We are currently experimenting the use of mechanical system data and new technologies, including artificial intelligence and indoor positioning systems,” he said. “These new technologies allow us to bring new IoT functionality to mechanical systems.”
This experimentation includes the use of metadata to give flat data a context. According to Cochrane, the metadata is imperative for how a database is searched and organized.
“Take, for example, the space temperature in room 201,” he said. “Metadata tells us that room 201 is also connected to VAV Box 201, fed by AHU2, which is a VAV AHU in the west wing of the Science building on the campus in Detroit.”
Cochrane said that each word in italics is metadata for the space temperature that, if deployed correctly, can answer technician and facility manager questions, such as “Why is the temperature hot in room 201?”
“Instead of trying to study graphic displays to find the answer, the system can use the data to answer the question,” said Cochrane. “For example: Room 201 is hot because AHU2 has been overridden to the manual off mode, and the outside air for the science building is above the cooling set points.”
LEVERAGING DATA
Once a contractor understands the potential of data and metadata in the presence of analytics, the possibilities for applications become limited only to the extent of the technology and the contractor’s imagination. One of the primary benefits and trends in the data realm is the improvement of service and predictive maintenance. Instead of waiting for a system to break down or running to the site every time someone has the slightest concern, contractors can now have a heads-up view of the entire system and address issues before the system breaks or experiences downtime.
“HVAC contractors can leverage building data to provide a more efficient and effective service offering,” said Oswald. “By looking at a specific issue or asset in a holistic manner, you can correlate faults across equipment manufacturers within a client portfolio and identify trends in degradation. In addition, the HVAC contractor can play a bigger role in the capex [capital expenditure] and opex [operational expenditure] budgeting process.”
Not only does this approach save time and money for both the contractor and the building owner, but it also provides information that can be used as proof for future sales.
“Data drives decisions,” said Cochrane. “The better the data, the better decisions the contractor and user can make about operation, service, installation, life cycle optimization, and so much more. Good data planning can be utilized to report and dashboard the improved performance of the systems to help cost-justify future upgrades to smart technology.”
WHO’S RESPONSIBLE FOR CYBERSECURITY?
Data is growing, and handling and securing information is becoming increasingly important.
“Although many are somewhat aware, system integrators and contractors are also confused, scared, and frankly don’t know how to accomplish cybersecurity,” said William Behn, president of Tosibox Inc. “We see the ‘notion’ of cybersecurity being so foreign or unachievable to the average contractor that they simply close their eyes to it and move on.”
The head-in-the-sand approach, however, can be dangerous for a contractor when it comes to data security pertaining to mechanical systems, agreed Behn, Cochrane, and Oswald.
“The contractor is responsible for putting a system in a building that does not pose a cyber-risk to any other IT system or to the systems it is controlling,” said Cochrane. “This should not be taken lightly, and contractors should take careful steps when using the internet or an owner’s intranet to connect themselves to the system.”
In order to achieve these careful steps and solid cybersecurity, there are some concepts about data security that HVAC contractors should know, as well as some best practices that can be implemented throughout this process of understanding and managing data.
One of the first steps, according to Oswald, is to ensure systems are deployed in the most secure manner, following available industry standards, certifications, or guidelines. Due to the variance of security needs by client, Oswald’s company is following ISO/IEC 27001 standards for Information Security Management Systems (ISMS).
With no official security standards mandated, Cochrane has run into what he calls the Wild West approach. His company, however, is utilizing the federal standards developed by the Department of Homeland Security as a reference for best practices.
“Unfortunately, the IT community does not see HVAC, lighting, and electrical systems as a major threat, and we often do not see proper owner support to secure these systems,” said Cochrane. “However, education is working, and many clients are starting to get heavily involved in securing their operational technology assets, including all software-based solutions supporting their building services.”
Another important step of cybersecurity is knowing where the data is stored. Oswald said that contractors are responsible to work out an agreed upon data architecture for a facility. It is necessary to decide if the data will be stored in the cloud, in the BAS, or in an edge computing situation. According to Cochrane, data is typically stored in the BAS software used to control the mechanical and electrical systems. In some cases, the software actually comes with the BAS, whereas in other cases, an integration software acts as the collection center, potentially for all the building controls.
“The data files can end up on the controller, gateway, or server on a network or in a cloud, it just depends on how the software is deployed,” he said. “The fastest-growing segment we see is building to cloud. Many manufacturers and contractors have developed effective new service offerings utilizing web services that require a remote connection from their customer’s building to their cloud.”
Many high-performance buildings communicate with the cloud or outside software via an internet connection. It takes time for the signal and information to move back and forth, and it can potentially be exposed to security risks. This brings into play another concept that contractors should begin to grasp when discussing data: edge computing. Edge computing simply moves the data process and storage closer to the location where it is needed.
“By processing data closer to the source, we can greatly reduce the latency of building data and increase overall network performance,” according to Oswald.
Publication date: 7/15/2019
Want more HVAC industry news and information? Join The NEWS on Facebook, Twitter, and LinkedIn today!
Report Abusive Comment