Operational Analytics, Cyber Security Tools & the Deming Way Today’s operational analytics, cyber security tools, and other business intelligence software are all ‘grandchildren’ of the statistical process control charts made popular by Deming.

Therese Sullivan, Principal, BuildingContext Ltd Contributing Editor

The corporate finance types that reason that building analytics projects need to be justified by energy savings alone need to review the W. Edwards Deming story in their business school textbooks. Deming’s name is synonymous with the history of statistical process control — first in post-WW2 Japan, and then back in the USA in the late 70s once American manufacturing firms started losing market share to higher quality Japanese products.

Today’s operational analytics, cyber security tools, and other business intelligence software are all ‘grandchildren’ of the statistical process control charts made popular by Deming. In the 1950s and ‘60s, Deming’s approach was shunned by US manufacturers who were more interested in Value-Engineering than Quality --until Japanese competition gave them a rude awakening.

Value engineering is what is kicking many building analytics projects off the table today. Decision makers that would rather stay blind to the ‘slop’ in their buildings’ operational processes and pay the price of wasted energy are following the same logic as those pre-Deming American manufacturers that thought they could live with processes that were creating 3% to 4% defective parts. At the time, the cost of the materials and manpower that went into the scrap seemed as easy to ignore as inflated energy spend—a small price to pay for doing nothing about process control. Of course, now we know that trying to inspect out bad parts was a fool’s errand. Bad components infected the supply chain, led to bad products, ruined customer relationships, tarnished brands, and eventually put companies out of business.

Deming’s message was that investment in quality and process control leads to a virtuous cycle of improvement in products and market competitiveness. Owners might not think of their buildings as processes that can be brought under control in an industrial process control sense, but they would do well to brush up on their Deming because the time is coming when they will be expected to do just that. Organizations focused on consensus industry standards like ISA, CSA, and CABA are busy defining what process control of a building's lifecycle should be. And people have new social-media ways to make their displeasure known when they are asked to live, work, learn or heal in an environment with sub-standard temperature control, lighting, air quality, and secure data.

Standards-based product and lifecycle process certification is the first step toward effective process control. The ISASecure control systems certification program strives to certify from the standpoint of the suppliers of commercial off-the-shelf (COTS) systems, the integrators that combine those systems into site-specific building control workflows, and the owners who are responsible for operating and maintaining those assets and workflows over their lifetime.

The big COTS suppliers of building equipment are veterans of the quality movement of the last 50 years. That’s why they are such giant, dominant forces today. For the most part, their manufacturing processes are six sigma black belt level. When a COTS supplier deploys cloud-based analytics for remote monitoring, there is greater confidence that all aspects of the cyber quality vector have been brought to state-of-the-art levels. For example, I sat in on the Johnson Controls Smart Connected Chillers webinar recently. The presenters listed the following as the vital security factors to look for:

1. Outbound only and encrypted connection to the cloud
2. Secure cellular VPN connection to the cloud
3. A top-tier cloud service provider, in JCI’s case, Microsoft
   

The COTS product level is not what frightens building owners the most about deploying cloud-hosted analytics. Rather it is when integrators deploy operational analytics at higher, whole-building and whole campus levels. First, site-specific integrators need two-way connectivity to create a feedback loop whereby analytics results trigger automated adjustments to controls programming. Still, the cyber security threat can be mitigated. Matt Jakuc, Product Group Manager and technical lead for the cyber security program at CSA Group, explained to the CABA Forum audience that the design engineers and systems integrators responsible for controls workflow design could be educated in how to do data handling on par with state-of-the-art IT standards. Also, 3rd-party evaluators like CSA are available to certify their work. So, fear of hackers should not derail analytics projects. There is never ‘no risk’ with Internet connectivity, but the benefit of tapping all the data that could help get a building’s lifecycle under tight control is worth it.

Regarding that multiplicity of data sources and all the quality vectors that need to be controlled in addition to cyber security, this recent quote from Ruairi Barnwell, Energy Services Leader and Principal of the building design firm DLR Group provides a good list:

“The new Key Performance Indicators (KPI) for building performance in addition to energy use intensity include indoor air quality, thermal comfort of occupants, visual comfort, acoustic comfort and user functionality. Our building owner clients don’t stop at wanting a dashboard for energy; they want visibility into these other factors too.”

Ruairi also speaks to the challenge of doing data handling on par with state-of-the-art IT and cyber security standards:

[an error occurred while processing this directive]A spokesperson for one of those building data management, visualization, and analytics platforms was also on the CABA Forum Cyber Security & Analytics panel, Marc Petock of Lynxspring and Connexx Energy. Marc spoke to the business implications of ignoring cyber security. He concurred with other panelists that fear of internet hacking and a focus on energy savings alone when doing payback calculations are the two factors that have kept the buildings industry years behind other markets in adopting more sophisticated data-driven process control. He points out that hard data that quantifies the degree to which a control system can impact occupant health, and well-being has been hard to find, to date.

Yet, DLR Group puts it out there: ‘Our goal is to elevate the human experience of buildings through smart building design and controls strategies.’ That design firm is breaking down the challenge into KPIs for its building owner clients, and it is going about the job of quantifying the ‘fuzzy’ stuff.

It should be noted here that Process Control guru, W. Edwards Deming never said: “Only manage, what you can measure.” The saying “You can only manage, what you can measure,” is also a misquote. What he said was “It is wrong to suppose that if you can’t measure it, you can’t manage it – a costly myth.” (Out of the Crisis, pp 121-126). Perhaps those that argue you should only count energy savings because that is the only thing you can easily measure have fallen under the spell of one of the first two misreadings. Deming is actually encouraging process managers to go further into the unmeasurable. He continues, “The most important figures that one needs for management are unknown or unknowable.”