Buildings are set to become even smarter, with increased focus on intelligent environmental and access control, security and, particularly, energy management.
Building management typically involves several disparate control systems including heating ventilation and aircon (HVAC), lighting, security and access controls, fire detection, information displays, signs and surveillance cameras. Each has its own control environment. There will also be a different mix of systems in different types of buildings, such as office space, manufacturing facilities and retail space.
However, the underlying principles and approaches are broadly similar in most cases. The biggest exception will be manufacturing buildings, where integration between operational technology (OT) networks used for manufacturing control and building control networks may be a higher priority than convergence with IT networks.
Underlying these systems are networks to connect sensors and controls to their management systems. Proprietary control networks, such as supervisory control and data acquisition (SCADA) or coaxial video cable, lack scale and flexibility, and therefore building control environments are increasingly being created based on enterprise networking technologies, Ethernet and Internet Protocol (IP). For example, Siemens is moving its HVAC control systems from SCADA- to Ethernet-based, and other vendors, such as Honeywell, have similar initiatives.
As these systems become more sophisticated, it is increasingly common for them to be connected to the Internet, so that vendors can troubleshoot and upgrade systems software, and remote monitoring and management can take place.
Although some systems may be using the corporate IT network, it is common for some if not all to be based on physically separate networks with entirely separate support arrangements. This is essentially a specific instance of the broader topic of the convergence of IT and OT, but an instance that will impact most organisations regardless of their industry sector.
Risks and benefits of convergence
Gartner outlines the general benefits of IT/ OT integration in the document The Value of IT and OT Integration. Looking specifically at smart buildings, there are potential benefits in the areas of optimising investments, improving security and enabling new functionality through information sharing. On the other hand, potential risks include security, operational impacts and even personal safety.
One of the major potential benefits is to save or avoid the cost of duplicated infrastructure and its ongoing operational costs, including reducing network capital equipment spending such as on cabling. As most networks are designed with a degree of surplus capacity, from unused ports and cables through on-site spares to trunk bandwidth, a larger shared network will result in a more efficient pooling of capacity and lower capital costs.
In addition, sourcing network equipment under a single contract and having one cabling installation project are typically more cost-effective than several smaller contracts and projects. A converged network can take advantage of existing IT department Internet links and security capabilities (firewalls, for example).
Regardless of whether the resources are insourced or outsourced, the operational cost of managing one large network will almost inevitably be lower than managing two separate ones. For example, costs associated with staffing a network operations centre on a 24-hour basis will be similar regardless of the convergence of the network.
Another potential benefit is the opportunity to improve security. Control networks are increasingly being connected to the Internet, resulting in an expansion of the enterprise security perimeter. Facilities teams may not employ the same level of security as the IT organisation, and applying existing IT security capabilities to the building systems can, therefore, improve overall enterprise security.
A major opportunity arising from the convergence of the building control and IT networks is the possibility of information sharing. For example, IT network activity can be used as an additional data source to make building environmental decisions. If there are no active IT users in part of the building it might be possible to reduce the lighting or HVAC in that area. Physical access controls can compare the staff recorded as entering the building with those logged into the network to enhance security.
Potential downsides to converging the building control and IT networks include the risk of deterioration in security. It is possible that any penetration of the enterprise will affect not only the IT environment but also the building systems, increasing the number and types of systems that might be affected by a single security breach.
This can be mitigated by employing appropriate design practices in the converged network, such as the use of separate VLANs for the building systems with quality of service (QoS). These capabilities will increasingly be in place in the IT network to support capabilities such as voice and video in the LAN and therefore can simply be extended to cover the additional logical networks.
Similarly, if the IT network is not maintained to the same standard as the building systems, in terms of support service-level agreement (SLA) and operational discipline, there is a risk that outages in the combined network will affect the building systems, resulting in lost productivity (for example, staff may be sent home because of unacceptable temperatures) or even personal safety issues if physical access control systems or surveillance cameras fail.
Many of these risks can be mitigated by good design and appropriate operational practices, but there will be cost implications if these require a significant upgrade to the support practices of the IT network.
In the overwhelming majority of cases, however, the benefits of convergence will outweigh the risks.
Approaches to converging
Gartner lays out several paths to the convergence of the IT and OT domains in the document IT/OT Convergence and Implications. Determining an appropriate governance model for the converged environment is the most crucial first step. Most organisations will start in the "home rule" model of separated environments and depending on the relative benefits of cost saving or information sharing, might move to a "federated plug and play" model or an "information sharing" model and possibly beyond that to a "consolidated IT/OT model".
For some building control networks, it will not be appropriate to complete all steps of the migration. For example, for safety-sensitive systems the final step of network convergence will not be appropriate.
Should all four steps be appropriate, the entire process will take at least a year and could easily take longer with sensitive systems or where existing contracts and assets must be allowed to come to their end of life. In cases such as the deployment of a new building, enterprises should to try to compress this agenda to prevent unnecessary investments and the creation of staffing and support arrangements that would subsequently have to be changed.
Enterprises should consider converging IT and building systems networks to reduce costs and security risks and enable new functionality based on information sharing between the two domains. Enterprises should mitigate the risks arising from convergence of building systems network by using VLANs and QoS and paying close attention to the required SLAs.
Enterprises should adopt a four-stage process to convergence, starting with aligning standards, then converging procurement, then staffing and finally the actual networks.
Enterprises should accept that some building systems will be too sensitive for the actual networks to be converged.
This is an abridged version of research note ID Number G00165896. For more information visit www.gartner.com.
This article is from the CBROnline archive: some formatting and images may not be present.