The Role of Intelligent Building Management Systems in Improving the Performance of Buildings - Report Example

Intelligent BMS Name Institution of Affiliation Introduction Advancement in technology has resulted in modern buildings relying on different systems to run efficiently. Buildings require a lighting system that serves different occasions, ventilation, and air-conditioning that allows for proper aeration, heating system, security controls and sophisticated IT systems. Where these systems use different and incompatible software, it is difficult to establish control of the entire building. An intelligent building management system needs to be installed in this case. The system uses open-platform software to bring together these different systems to a single integrated database that can be managed from a central location. With central control, the overall use of energy can be monitored and managed better. This way it is easier to regulate unnecessary energy use and optimize the performance of the building. The paper analyzes the role of intelligent building management systems in improving the performance of buildings and explores possible ways of improving these systems. Need for Intelligent Building Management Systems The reasons for building users to choose to install intelligent Building Management Systems (BMS) are both environmental and economic. Being able to gather information from the whole building, measuring and regulating the use of energy and being able to automate systems within the building confers numerous benefits to the owner one of which is the chance to save energy. Emissions from building account for a significant percentage of greenhouse gas emissions but with the advent of intelligent BMS, the percentage of emissions is expected to drop in the future. More than 70% of the energy used in building is taken up by ventilation systems and air conditioning plus power required to run other machines in the building such as lifts, computers and security system controls (Palensky & Dietrich, 2011). The intelligent BMS can be controlled to help save energy. Lighting, for example, can be controlled using a timer or it can be set to be automatically activated and deactivated by lux level monitoring or occupancy sensor (Doukas et al., 2007). Also, infrared sensors can be used to control heating within the building, and this helps in energy saving. Additionally, energy saving helps in achieving cost reduction. Expenses related to energy costs are recurrent. Therefore, a system that helps in cutting down on this cost is a welcome change for any user (Sharples, Callaghan & Clarke, 1999). Reliability is important especially in a business environment and with variation in the quality and continuity of the power grid, it is important to have a system in place that can guarantee some consistency. Businesses are increasingly becoming reliant on digital communication and IT hence the need for an uninterrupted supply of energy. The role of the intelligent BMS, in this case, is to ensure that there is a system in place that monitors and controls the intensity of energy to ensure that variations in power intensity do not tamper with the running of systems in the building (Wong, Li & Wang, 2005). An intelligent BMS also helps enhance safety features of a building. For example, it is inclusive of features such as smoke extraction fans, fire doors, and dampers which are enabled whenever there is need for it. Additionally, security system controls help secure the building from physical entry by intruders, and they are also used to secure sensitive information from unauthorized remote access. Therefore, intelligent BMS help improve value by increasing the comfort of the occupants of the building and reducing the operational costs through energy saving. Working of the Intelligent BMS The role of the intelligent BMS is to improve the performance and control of a building by allowing disparate systems such as communication access control systems, lighting systems, and HVAC to communicate with other devices with the aid of communication protocols. However, this communication cannot always use the same protocols hence the need for further integration (Kastner et al., 2005). There are some widely used protocols that one needs to be familiar with to understand the architecture of intelligent BMS. They include; BACnet - a protocol that automates and controls networks in communication. Its usage is widespread throughout the HVAC industry and standard protocol in ISO (Bushby, 1997). Modbus - a protocol designed to be used with Programmable Logic Controllers (PLCs) (Merz, Hansemann & Hübner, 2009) LonWorks – A networking platform designed to work with control applications. It is used to network devices over radio frequency, optic fiber, twisted pair and power lines (Merz, Hansemann & Hübner, 2009). KNX – a protocol in the OSI-based network that is used for building automation (Merz, Hansemann & Hübner, 2009). Information from the controllers of BACnet, LonWorks or Modbus, are directed through a router which converts it into an open platform Internet Protocol (IP) or Ethernet. Information that comes from all the systems is shared over a LAN (Local Area Network) that is linked to the intelligent BMS. The system also has a connection to the graphic interphase which allows navigation through a browser. The interface allows for viewing of graphics, analysis, trends and reports and the user can perform functions such as alarm management and updating of lighting schedules. Also, since data is stored in the cloud, wireless devices such as phones and tablets can be used to access the data. In a commercial building the intelligent BMS allows different managers to view and control the operation of the building as outlined below; The facility manager increases the comfort of the occupants of the building. The electrical manager can ensure the quality and availability of power. The production manager can ensure the efficiency of machines within the building which optimizes costs and increases productivity. The IT manager ensures that critical applications are available. By using the intelligence BMS, the security manager protects assets and people within the building and also safeguards the business’ core functions. Hardware and Software For the intelligent BMS to function efficiently, it requires integration of network interfaces to bring together the numerous discrete components in the system. The hardware and the software systems need to be compatible and complement the function that the other performs. The network integrating the simple devices in a building needs to be run in real-time using different protocols depending on the needs of the user. There is no single standard protocol for all devices but BACnet and LonWorks are widely used and they act as the international standard protocols (Dibley, 2011). Also, there is an industry-wide acceptance of Ethernet connectivity to devices used in the intelligent BMS regardless of whether the devices are used for the primary network or as sub-network devices (Martin, Cheyer & Moran, 1999). Intelligent Building Vulnerabilities With an understanding of the hardware and software architecture of the intelligent BMS, we can explore how intelligent building systems are exposed to vulnerabilities then discuss possible ways of protecting the user against the detrimental effects of such exposures. The reason for having an intelligent BMS is so that a building and the equipment therein can be integrated so that they are monitored and controlled from a central location. The systems are susceptible to both internal and external attacks because they are designed with a focus on how efficiently they should perform their functions and little attention and design effort is put into securing them. The service focus is on maintaining operational capabilities and the building’s environment, and it does not put into consideration the protection of parts of the intelligent BMS but rather concentrates on locking rooms and enclosures within the building. Bodies such as the International Organizations for Standardization (IOS) and Intelligent Building (IB) manufacturers have put little consideration into the vulnerabilities of the IB system (Gadzneva, 2008). The focus of these bodies is to ensure that the variety of devices and facilities in the building integrate and communicate effectively without need for additional interfacing. The generic approach of making devices and software used in intelligent building systems exposes the systems to numerous vulnerabilities. Evaluation of IB systems reveals that vulnerabilities include attacks on controllers, physical access to rooms and enclosures and they may also result from over-reliance of the system on power for it to run and to power the devices. Attackers can tamper with the system so that it, for example, delays the alarm detector to facilitate undetected unauthorized access to rooms and enclosures. Also, the attacker can install malicious code into the system so that it performs undesired operations such as key logging. Once an attacker gains access to the automation level network, they have access to full monitoring capabilities but they do not have the capability to code the system so that it acts in a different way than it does normally. However, software that is dedicated for the automation has the capability to change the control of the system so it can execute commands that the attacker wants to launch. Also, freeware such as Wireshark can be used to read MS/TP protocol at the management Ethernet level. The service tool found on a controller can allow an attacker to change the automation level programming. For instance, program changes can allow an attacker to switch inputs and outputs at a specific time hence allowing the attacker to gain unauthorized access to a room or enclosure. Alternatively, the attacker can choose to switch off HVAC and disabling an alarm or several alarms. This causes service rooms to overheat and eventually leads to their complete shutdown leaving them vulnerable to unauthorized access by attackers. Controllers can be turned on and off from the side yet no anti-tamper is fitted so it is as easy for unauthorized persons to interfere with the controller as it is for authorized persons. Therefore, it is necessary to fit an anti-tamper protection for the controller to secure it. Also, controllers may have additional add-on wireless functionality. Such controllers can have a wireless adaptor plugged in covertly within the enclosure of the controller giving unlimited access to an attacker who can then tamper with the IB system as he desires. Another vulnerability of the IB system is its dependence on power. The IB system relies primarily on power supply in order to maintain its functionality since all the devices that are integrated into the system require some power for monitoring and control capabilities. The loss of utility power can be localized to a single device or a few devices, or it can affect the entire system. Therefore, when there is power outage the building and equipment such as elevators, non-emergency lighting, and HVAC are affected. Also, partial or total loss of power is associated with loss of some system capabilities which causes inefficiency to the system (Singhvi, 2005). Dealing with Vulnerabilities To afford a facility sufficient protection from IB risks, there is need to understand the context of the threat exposure. Facilities that house sensitive information should consider their threat exposure high and need to employ extra vigilance in their security protocols. Beside the contextual risk mitigation strategies there are some generic strategies that can be used to build a framework to guide the contextual strategies. These are the considerations that security managers need to make regarding intelligent BMS, and they include; Security risk management: The security manager needs to ensure that strategy used for the facility is suitable considering the situation threat assessment, the sensitivity of the system or how critical it is to protect the facility and whatever it houses. The strategy also needs to put into consideration the vulnerabilities of the system because it should respond to these specific vulnerabilities. Information system and communication protection: There is need to separate different levels of control and operations which helps increase the difficulty for attackers who attempt to infiltrate the system. Physical and environmental security: The security manager should also ensure that access to critical areas of the IB system is controlled and validated with layered protection measures if it is possible to employ such measures. Personnel security: There is need to vet persons entrusted with the operation and maintenance of the IB system including third parties. This is necessary because persons allowed access to sensitive areas of the IB system can tamper with the system in a way that makes it easy for them to execute unauthorized access. Continuity of operations: The entire IB system runs using power, so it is an invaluable element of the system. The security manager needs to ensure that the installation of the system includes emergency power backup for the critical parts of the system so that in the event of a power outage the system does not become totally vulnerable to attackers (Stecke & Kumar, 2009). Security awareness: Security is a dynamic field, so it requires that the personnel involved be kept abreast regarding developments in the field. Therefore, there is need to provide training to increase awareness about vulnerabilities to security personnel. Also, in an organization, the departments that aid in maintenance of security should be integrated to ensure that they work in unison towards common organization goals. The departments include; IT, physical security, computing, facility management and personnel security. Building Management Systems Cyber security It is not enough that a facility protects its physical premise because with technology data breaches have become a greater concern than physical entry of attackers. In a commercial setup, data breaches, and other cybercrimes can cost an organization billions in revenues and damage to the organization’s reputation can prove irreparable hence the need to establish impregnable security against cybercrimes. Practices to mitigate system vulnerabilities to cybercrimes include simple commonsense measures and more complex ones that need the expertise of a professional. The security measures are discussed below, and they revolve around; I. Password management II. Network management III. User management IV. Software management V. Vulnerability management I. Password Management Proper management of user passwords is essential to the security of BMS since most attacks on the systems are successful because the passwords have been compromised. There are two important ways to manage passwords; A. Changing default passwords Whenever a new device is installed into the BMS changing the default password should precede everything else. Shipped products come with minimal credentials to ease the process of installation, so the longer a device remains with its default credentials, the easier it is for it to be compromised. People think that it is unnecessary to change the default credentials because no one would be interested in their device but this is contrary to the truth. Devices that still hold their default credentials are easily hacked so attackers gain access to such devices and try to salvage anything that they can, or they may do it for fun and try to sabotage the device but whatever the reason may be there is need to protect devices (Fisk, 2012; Harper, 2011). B. Increasing password complexity The rationale behind increasing password complexity is similar that of changing default credentials. Today there are machines that can test billions of passwords per second so, to provide any real protection the user needs to increase both the length and combination of characters for the password. As the password length increase, it is better to come up with a passphrase rather than trying to modify the password with uppercase and lowercase characters. A passphrase usually runs more than fifteen characters so it more secure yet easier to remember. However, BMS have a history of handling complex passwords poorly so the user should consult the operator before deciding to use a complex password. II. Network management After securing the password, the user should safeguard places that a hacker is likely to target such as points of entry including; USB ports, web interface, open IP ports and devices that communicate over open protocols. Strategies that can for network management including; Securing all points of access Enabling only the minimum number of ports needed for proper system operation Securing segments that run on open BMS protocols such as BACnet with security features (Metke, & Ekl, 2010) III. User Management Once the BMS is secure from external threats, it needs to address internal vulnerabilities. BMS systems have advanced from single user-command line to multi-user GUI systems. The expansion comes with several functionalities that the user can employ to secure the system including; a. Granting users the minimal authority required to perform their role b. Managing user accounts through; Configuring non-administrator accounts to have their passwords expire after a certain period to ensure that employees reset their passwords regularly Immediately disabling accounts of workers who leave Changing accounts when employees change roles IV. Software Management Strategies that the user can use here include; Applying software security patches Configuring devices so that only authorized users can deploy software Installing only authorized software V. Vulnerability management A vulnerability management plan has to assess different aspects of vulnerability update before executing anything. The agency to respond to security vulnerability is determined by the severity of the rating of the security risk. Critical vulnerabilities need to be addressed immediately whereas the less severe ones can be addressed during regular maintenance. Before launching the vulnerability management plan the following should be put into consideration; In what way does vulnerability affect a certain installation? What is the best way to address the vulnerability? Are there factors that would make it difficult to address the vulnerability? For efficient vulnerability management, it is best to come up with a formal document for every installation. Conclusion Technology has made intelligent building management systems and important aspect of security in the construction of buildings, especially commercial premises. Intelligent BMS are installed not only to improve the comfort of the occupants of the building but also to improve their security and the security of variables housed in the premise such as data. As such, there is need to address any security vulnerabilities that may make it easy to attack the system. Security strategies need to be in the context of the particular facility so that they address the specific concerns. For security strategies to be successful, the personnel involved in the control and maintenance of the system need to be up to date on security threats and ways of countering such threats. This means that security personnel should undergo constant training to ensure that they keep up with the dynamic field of intelligent building management systems. Reference List Bushby, S. T. (1997). BACnet TM: a standard communication infrastructure for intelligent buildings. Automation in Construction, 6(5), 529-540. Dibley, M. J., Li, H., Miles, J. C., & Rezgui, Y. (2011). Towards intelligent agent based software for building related decision support. Advanced Engineering Informatics, 25(2), 311-329. Doukas, H., Patlitzianas, K. D., Iatropoulos, K., & Psarras, J. (2007). Intelligent building energy management system using rule sets. Building and environment, 42(10), 3562-3569. Fisk, D. (2012). Cyber security, building automation, and the intelligent building. Intelligent Buildings International, 4(3), 169-181. Gadzheva, M. (2008). Legal issues in wireless building automation: an EU perspective. International Journal ofLaw and Information Technology, 1-17. Harper, A., Harris, S., Ness, J., Eagle, C., Lenkey, G., & Williams, T. (2011). Gray Hat Hacking The Ethical Hackers Handbook. New York: McGraw-Hill Osborne Media. Kastner, W., Neugschwandtner, G., Soucek, S., & Newman, H. M. (2005). Communication systems for building automation and control. Proceedings of the IEEE, 93(6), 1178-1203. Martin, D. L., Cheyer, A. J., & Moran, D. B. (1999). The open agent architecture: A framework for building distributed software systems. Applied Artificial Intelligence, 13(1-2), 91-128. Merz, H., Hansemann, T., & Hübner, C. (2009). Building Automation: Communication Systems with EIB/KNX, LON and BACnet. Springer Science & Business Media. Metke, A. R., & Ekl, R. L. (2010). Security technology for smart grid networks. Smart Grid, IEEE Transactions on, 1(1), 99-107. Palensky, P., & Dietrich, D. (2011). Demand side management: Demand response, intelligent energy systems, and smart loads. Industrial Informatics, IEEE Transactions on, 7(3), 381-388. Sharples, S., Callaghan, V., & Clarke, G. (1999). A multi-agent architecture for intelligent building sensing and control. Sensor Review, 19(2), 135-140. Singhvi, V., Krause, A., Guestrin, C., Garrett Jr, J. H., & Matthews, H. S. (2005, November). Intelligent light control using sensor networks. In Proceedings of the 3rd international conference on Embedded networked sensor systems (pp. 218-229). ACM. Stecke, K. E., & Kumar, S. (2009). Sources of supply chain disruptions, factors that breed vulnerability, and mitigating strategies. Journal of Marketing Channels, 16(3), 193-226. Wong, J. K., Li, H., & Wang, S. W. (2005). Intelligent building research: a review. Automation in construction, 14(1), 143-159. Read More