Pete Mills, technical operations manager for Bosch Commercial & Industrial, explains what to look out for when choosing a smart heating system control
There is no doubt that smart internet-connected control systems have a lot of benefits for buildings of all types. The current pandemic crisis has really highlighted the advantages of remote access and how this can reduce unnecessary site visits and give reassurance that systems are operating well from a distance.
Building heating systems were one of the first systems to adopt internet connectivity through bespoke Building Management Systems (BMS) and have been part of this revolution since the days of dial up modems.
As we begin to address the challenges of decarbonisation of our buildings heating systems, smart internet-connected controls will play their part in maximising energy efficiency, as well as the role they will have in energy grid stabilisation, in ways that are still evolving. The direction is clear though; internet-connected controls offer real benefits and the days of having to have expensive bespoke systems, are being challenged by lower cost “off the shelf” solutions.
The Internet of Things (IoT) is growing and with it come risks for the unwary of malicious attacks to vulnerable equipment. One such case was highlighted in a BBC article back in 2017 that found a large number of schools’ heating systems to be vulnerable to hackers. Equipment had been procured and installed by people, who were simply not aware of the potential risks involved.
This situation is not uncommon and probably most of us are guilty of being complacent about internet security in our own homes. That complacency can spill over into decisions made in the work environment, if we are not aware of the higher risks associated with commercial applications.
So, when looking to procure equipment for internet control of heating systems, what should we be looking out for?
There are some key processes and protocols that reputable manufacturers of IoT equipment will follow, which the prospective purchaser should check at the outset.
Key processes and protocols:
- Before any release of equipment, all of the critical points known and highlighted by OWASP (Open Web Application Security Project) should be specifically checked by the manufacturer.
- Long established security specialists should be used by the manufacturer to conduct PEN Tests (comprehensive internet security penetration tests) that look for critical vulnerability.
- Make sure that any data is stored on secure servers that are classified to high standards and that the manufacturer involved observes strict data laws about how this data can be used.
- Ensure that regular software updates are available and implemented to keep systems up to date with the latest threats.
- Make sure the equipment IP Gateways have additional firewalls in place.
- Equipment should have individual activation codes.
- User login should only be possible with an SMS security code, sent independently to the user’s phone.
Controlling complex heating systems
These key elements should be the minimum level required for standard applications, which have no particular security concerns that would highlight that further protection is needed. However, where there are higher security risks, dedicated VPN routers will provide an additional level of protection on top of the above list that can give further peace of mind.
Ensuring these elements are in place will give a building the benefits of connected controls with the lowest level of risk. This means that lower cost solutions, such as Bosch’s 8313 controls platform, can be confidently used to control complex heating systems.
Off the shelf solutions will enable installers to meet the needs of heating systems with multiple heating and hot water circuits, by the use of plug in modules that can be configured to the exact needs. Boilers and heat pumps can be sequenced to meet heat loads through equipment that is affordable, bringing remote access within the budgets of even the smaller plant rooms.
The Covid-19 pandemic has demonstrated how it is possible for many of us to work from home, remote from our normal workplaces. Without doubt, this trend will become the new normal as the CO2 savings and increases in productivity of reducing our travel are realised. It is inevitable that the need for greater connectivity and ability to monitor systems remotely will grow, with an expectation that this becomes a standard requirement.
Technical operations manager