By Donald Foster, Senior Mechanical Engineer, HDR
It is critical that upcoming facilities are designed to meet the challenges of new levels of efficiencies and cyber security threats.
HDR is a 100-year-old A/E/C firm, with approximately 10,000 employees located all over the world. At the corporate offices in Omaha, the firm had approximately 1,000 employees located in three different buildings. In 2016, HDR chose to locate all Omaha employees into one new 10-story building in the city’s fast-growing Aksarben multiuse development. During early conceptual planning and design, the HVAC design had three main goals:
1. Provide a state-of-the-art mechanical HVAC system, achieving energy consumption 50% below code.
2. Design HVAC systems to assist in achieving LEED Gold certification.
3. Create a high level of cyber security, separating the multitude of mechanical/lighting/fire alarm IoT (Internet of Things) systems from the facility IT system.
So how do these three goals relate to each other? Low-energy consuming HVAC and lighting systems have very technical control systems, with many of the operational components in the building having their own stand-alone IoT controls. All of these IoT systems need to be integrated together on their own network, independent of the corporate, financial and BIM production network systems. If the HVAC systems are not independent or separated properly, the entire corporate IT system could be hacked through the mechanical control system. It is critical that upcoming facilities are designed to meet the challenges of new levels of efficiencies and cyber security threats.
LOW-ENERGY CONSUMPTION HVAC SYSTEM
A life cycle study was conducted for the selection of the HVAC system. The new HDR building is a 10-story/240,000-sq ft. building on a north/south axis. The window-to-wall ratio is 44%. After all factors were considered, a chilled beam HVAC system was selected. The HVAC components used for this building were: two 300-ton high efficiency, magnetic bearing, centrifugal chillers producing 56 deg F chilled water, two high efficiency boilers serving a perimeter fin tube piping system, two 300-ton cooling towers, a 45,000 CFM air handler serving the chilled beams, a 20,000 CFM energy recovery unit serving ventilation air, and multiple pumping systems. One key component of the system is a cooling tower water-to-chilled-water heat exchanger that provides 56-degree free cooling water for the facility for approximately six months of the year. The building has been occupied for nearly a year, and the results show:
1. 68 percent Energy Use Intensity (EUI) reduction.
2. 60 percent reduction of airflow to the facility versus a common Variable Air Volume (VAV) system.
3. One chiller is able to serve the building, aided by shades and lower lighting levels throughout the building
Projects pursuing LEED certification earn points across several categories, and the building requires a minimum of 60 points to meet HDR’s target of LEED Gold certification. The HVAC system and the commissioning of the HVAC and IoT security system of the HDR building provided 27 points towards the 60-point goal.
Many think of banks and financial institutions as having a need for a cyber-risk mitigation strategy, but there are threats to businesses and buildings of any kind. HDR is the worldwide leader in healthcare facility design, and the vulnerabilities to their HVAC/life safety networks, critical lifesaving IT networks and financial IT networks from a cyber-attack can have devastating consequences.
HDR is now aggressively designing healthcare and other facilities to prevent outside hacking.
HDR’s own facilities were also valuable. Prior to the new building finalization, HDR was made aware of a potential operational technology cyber physical threat that risked exposure to our full global staff and sought an immediate and permanent solution.
To address these cyber security concerns, a team was assembled to meet with HDR, including the building’s owner, general contractor and HVAC controls contractor to discuss how to protect the building. Our goal was to identify the cyber physical risks, provide an action plan and request buy-in from all parties. Each member saw this endeavor as an opportunity, and we proceeded with the following steps of protection:
1. Recognize cyber physical risks and who we are protecting ourselves from.
2. Identify all IoT systems needed within the building, such as boilers, chillers, fire alarm systems, security systems, card access systems, financial systems, BIM production systems etc.
3. Assign one of the priorities in the IoT system: life safety, critical operations and standard.
4. Consider how to separate all of the individual IoT components to each of these three priorities.
5. Develop a use-case matrix of all IoT components and identify a system integrator (HVAC controls contractor).
6. Implement IT security rules. HDR IT professionals needed to work with the HVAC contractor.
7. Develop long-term maintenance plans to monitor and confirm proper protection from hackers on the outside, as well as keeping the firewalls up-to-date for systems within the facility. Ensure sustainable network management and documentation.
Building HDR’s new headquarters provided us an opportunity to take lessons learned on the highly technical facilities we design daily, to include thoughtful cyber security on our own IoT network.
It really does take a team approach to keep the energy use low, the cyber security system safe, and therefore your employees and clients happy.