HR 2044 Introduced – Smart Buildings

Last month Rep. Welch (D,VT) introduced HR 2044, the Smart Building Acceleration Act. The bill would require the Secretary of Energy to establish a Federal Smart Building Program that would implement smart building technology and demonstrate the costs and benefits of smart buildings. The bill is very similar to HR 5069 and S 2447 that were introduced in the 115^th Congress; no action was taken on either bill. Welch also proposed an amendment to HR 8 in the 115^th Congress that was similar to this bill; it was not considered.

Differences in the New Bill

There were two additions made to this bill (as compared to S 2447). First, a definition was added for the new term ‘internet of things technology solution’ {§3(6)}. Then that new term was used in a new subparagraph (K) in the description of the proposed research program in §6(b)(2):

(K) integration of internet of things technology solutions, including measures to increase water and energy efficiency, improve water quality, support real-time utility management, and enable actionable analytics and predictive maintenance to improve building systems long term viability; and

Moving Forward

Welch is a member {as is his single cosponsor, Rep. Kinzinger (R,IL)} of the House Energy and Commerce Committee, one of the three Committees to which this bill is assigned for consideration. With the new Democratic leadership in the House, I think that it is more likely that this bill will be considered in that Committee this session.

As with the earlier bills, I do not see anything in the language of this bill that would cause any serious opposition especially since there are no regulations proposed nor specific spending authorized. If the bill is considered, I suspect that there will be substantial bipartisan support. The biggest impediment to this bill getting to the floor of the House (most likely under the suspension of the rules process) is the intra-committee infighting over jurisdiction with the bill being referred to three committees. The Energy and Commerce Committee is the only one likely to hold hearings, but it will take some horse-trading with the other two committee chairs to bring the bill to the floor of the House. I am not sure that the Chairman Pallone has enough interest in this bill to call in the necessary favors from the other two chairs.

Commentary

This bill includes the same vague cybersecurity language as did the earlier versions. As I said in my earlier post on S 2447, the research provision in §6(b)(2)(E) is likely to be the most important. Having said that, I would like to propose a few changes that would address the cybersecurity challenges that I identified in that earlier blog post.

First, I would add a definition of ‘cybersecurity’ to §3:

(7) Cybersecurity – The term ‘cybersecurity’ means a set of actions, policies and procedures established to reduce the cybersecurity risk (as defined in 6 USC 1501) to building information technology and control systems supporting the smart building processes and specifically including the internet of things technology solutions being implemented.

Next, I would propose an addition to the initial requirement to establish the ‘Federal Smart Building Program’ by adding an information sharing provision to §4(a):

(3) to provide agencies a method of sharing information about smart building technology.

Then, I would add language to the ‘leveraging existing program’ requirements of §6 by adding a new paragraph specifically addressing cybersecurity information sharing:

(b) In coordination with the Director of the DHS Cybersecurity and Infrastructure Security Agency, establish a mechanism for sharing information with owners/managers of facilities identified as being part of the Smart Building Program about the cybersecurity risks to building information technology and control systems, specifically including newly identified vulnerabilities in the components of those systems;

These changes would help to better address the cybersecurity concerns about smart building technology without adding overly specific (and subject to rapid change) cybersecurity requirements.

S 2447 Introduced – Smart Buildings

Last month Sen. Cantwell (D,WA) introduced S 2447, the Smart Building Acceleration Act. The bill would require the Secretary of Energy to establish a Federal Smart Building Program that would implement smart building technology and demonstrate the costs and benefits of smart buildings.

Smart Building Definition

Section 3(4) of the bill defines a ‘smart building’ a building, or collection of buildings,

 with an energy system that:

• Is flexible and automated;

• Has extensive operational monitoring and communication connectivity, allowing remote monitoring and analysis of all building functions;

• Takes a systems-based approach in integrating the overall building operations for control of energy generation, consumption, and storage;

• Communicates with utilities and other third-party commercial entities, if appropriate;

• Protects the health and safety of occupants and workers; and

• Is cybersecure.

Smart Building Program

Section 4 of the bill requires the Secretary, in coordination with the General Services Administration to select at least one building from each of seven federal agencies to participate in the Federal Smart Building Program. In addition to using the Federal Energy Management Program to evaluate the performance of the designated smart buildings, the Secretary would evaluate their performance to determine which advanced building technologies are most cost effective and show the most promise for {§4(f)(1)(B)}:

• Increasing building energy savings;

• Increasing service performance to building occupants;

• Reducing environmental impacts; and

• Establishing cybersecurity.

Research and Development

Section 6(b) of the bill requires the Secretary to conduct research and development “to address key barriers to the integration of advanced building technologies and to accelerate the transition to smart buildings” {§6(b)(1)}. Specifically, the R&D effort would address {§6(b)(2)}:

• Achieving whole-building, systems-level efficiency through smart system and component integration;

• Improving physical components, such as sensors and controls, to be adaptive, anticipatory, and networked;

• Reducing the cost of key components to accelerate the adoption of smart building technologies;

• Data management, including the capture and analysis of data and the interoperability of the energy systems;

• Protecting against cybersecurity threats and addressing security vulnerabilities of building systems or equipment;

• Business models, including how business models may limit the adoption of smart building technologies and how to support transactive energy;

• Integration and application of combined heat and power systems and energy stor10

age for resiliency;

• Characterization of buildings and components;

• Consumer and utility protections;

• Continuous management, including the challenges of managing multiple energy systems and optimizing systems for disparate stakeholders.

Moving Forward

Cantwell is the Ranking Member of the Senate Energy and Natural Resources Committee to which this bill was assigned for consideration. This means that she could have enough influence to see this bill considered in Committee.

I see nothing in this bill that would engender any specific opposition, especially since no new money is authorized to support its requirements. If this bill were to be considered (either in Committee or on the Senate floor) I suspect that it would receive substantial bipartisan support.

Commentary

I do not intend to take this blog into the smart building space except where it addresses control system cybersecurity concerns and this bill does; kind of.

I have pointed out the three separate ‘cybersecurity’ references in the bill. Unfortunately, they are generally vague and lack specific requirements. The most specific is the last mention in §6(b) and that may end up being the most important.

The R&D requirement to address protecting “against cybersecurity threats and addressing security vulnerabilities of building systems or equipment” is very broad. Generally broad research requirements are a good thing since no one can predict where research will lead. Unfortunately, the lack of funding for the general smart building research effort will probably mean that the cybersecurity effort will be short funded since it is outside of the normal programs addressed by the Department.

I would have felt better if the bill had included a definition of cybersecurity that specifically listed the types of systems that would be prioritized under this proposed smart building program. The primary concerns should be with the security of systems such as:

• Energy management;

• Building automation systems (transportation and HVAC for example);

• Building security (access and surveillance); and

• Tennant personal information.

As with most cybersecurity research programs, most of the ‘research’ on identification of vulnerabilities is going to end up being conducted by independent security researchers. On the federal level a cybersecurity research program should have as a major component a disclosure coordination component to act as a go between independent researchers and vendors as well as to act as a persuasive force to convince vendors to employ adequate resources to promptly fix identified problems and implement secure coding processes in developing new software and firmware.

Bills Introduced – 02-15-18

With the Senate heading home for a week in district (and the House preparing to do the same) there were 65 bills introduced yesterday. Of those, four may be of specific interest to readers of this blog:

HR 5040 To authorize the President to control the export, reexport, and transfer of commodities, software, and technology to protect the national security, and to promote the foreign policy, of the United States, and for other purposes. Rep. Royce, Edward R. [R-CA-39]

S 2444 A bill to provide for enhanced energy grid security. Sen. Cantwell, Maria [D-WA]

S 2445 A bill to provide for the modernization of the electric grid, and for other purposes. Sen. Cantwell, Maria [D-WA] 

S 2447 A bill to accelerate smart building development, and for other purposes. Sen. Cantwell, Maria [D-WA]

With all of these bills I will be looking for control system cybersecurity issues in determining whether or not to continue coverage of the bill in this blog. I suspect hat S 2444 has the highest chance of future coverage.

As always, the large number of bills introduced before an extended stay outside of Washington is seldom due to an increased interest in legislative activity. Most of the bills introduced yesterday will receive no consideration on the Hill. Most are introduced to allow the submitter to claim to be taking action of interest in speaking before organizations and financial supporters back home.