Thursday, March 1, 2018

S 2447 Introduced – Smart Buildings

Last month Sen. Cantwell (D,WA) introduced S 2447, the Smart Building Acceleration Act. The bill would require the Secretary of Energy to establish a Federal Smart Building Program that would implement smart building technology and demonstrate the costs and benefits of smart buildings.

Smart Building Definition

Section 3(4) of the bill defines a ‘smart building’ a building, or collection of buildings,
 with an energy system that:

• Is flexible and automated;
• Has extensive operational monitoring and communication connectivity, allowing remote monitoring and analysis of all building functions;
• Takes a systems-based approach in integrating the overall building operations for control of energy generation, consumption, and storage;
• Communicates with utilities and other third-party commercial entities, if appropriate;
• Protects the health and safety of occupants and workers; and
Is cybersecure.

Smart Building Program

Section 4 of the bill requires the Secretary, in coordination with the General Services Administration to select at least one building from each of seven federal agencies to participate in the Federal Smart Building Program. In addition to using the Federal Energy Management Program to evaluate the performance of the designated smart buildings, the Secretary would evaluate their performance to determine which advanced building technologies are most cost effective and show the most promise for {§4(f)(1)(B)}:

• Increasing building energy savings;
• Increasing service performance to building occupants;
• Reducing environmental impacts; and
• Establishing cybersecurity.

Research and Development

Section 6(b) of the bill requires the Secretary to conduct research and development “to address key barriers to the integration of advanced building technologies and to accelerate the transition to smart buildings” {§6(b)(1)}. Specifically, the R&D effort would address {§6(b)(2)}:

• Achieving whole-building, systems-level efficiency through smart system and component integration;
• Improving physical components, such as sensors and controls, to be adaptive, anticipatory, and networked;
• Reducing the cost of key components to accelerate the adoption of smart building technologies;
• Data management, including the capture and analysis of data and the interoperability of the energy systems;
• Protecting against cybersecurity threats and addressing security vulnerabilities of building systems or equipment;
• Business models, including how business models may limit the adoption of smart building technologies and how to support transactive energy;
• Integration and application of combined heat and power systems and energy stor10
age for resiliency;
• Characterization of buildings and components;
• Consumer and utility protections;
• Continuous management, including the challenges of managing multiple energy systems and optimizing systems for disparate stakeholders.

Moving Forward

Cantwell is the Ranking Member of the Senate Energy and Natural Resources Committee to which this bill was assigned for consideration. This means that she could have enough influence to see this bill considered in Committee.

I see nothing in this bill that would engender any specific opposition, especially since no new money is authorized to support its requirements. If this bill were to be considered (either in Committee or on the Senate floor) I suspect that it would receive substantial bipartisan support.


I do not intend to take this blog into the smart building space except where it addresses control system cybersecurity concerns and this bill does; kind of.

I have pointed out the three separate ‘cybersecurity’ references in the bill. Unfortunately, they are generally vague and lack specific requirements. The most specific is the last mention in §6(b) and that may end up being the most important.

The R&D requirement to address protecting “against cybersecurity threats and addressing security vulnerabilities of building systems or equipment” is very broad. Generally broad research requirements are a good thing since no one can predict where research will lead. Unfortunately, the lack of funding for the general smart building research effort will probably mean that the cybersecurity effort will be short funded since it is outside of the normal programs addressed by the Department.

I would have felt better if the bill had included a definition of cybersecurity that specifically listed the types of systems that would be prioritized under this proposed smart building program. The primary concerns should be with the security of systems such as:

• Energy management;
• Building automation systems (transportation and HVAC for example);
• Building security (access and surveillance); and
Tennant personal information.

As with most cybersecurity research programs, most of the ‘research’ on identification of vulnerabilities is going to end up being conducted by independent security researchers. On the federal level a cybersecurity research program should have as a major component a disclosure coordination component to act as a go between independent researchers and vendors as well as to act as a persuasive force to convince vendors to employ adequate resources to promptly fix identified problems and implement secure coding processes in developing new software and firmware.

No comments:

/* Use this with templates/template-twocol.html */