Every complex topic or field needs a helpful naming system. Scientists name flora and fauna by genus and species. Even astronomers have their own planetary nomenclature. Standard naming conventions do just that—they standardize how we talk about things. They’re also a convenient way to condense large amounts of information into a short form. Hence, they function like acronyms. We needn’t sound out “self-contained underwater breathing apparatus” when we can simply utter S.C.U.B.A. right?
In building automation, the same need for standards and compression applies, and BACnet gives us a convenient way to describe the functionality of devices using something called BIBBs.
What are BIBBs?
Definition: BIBBs stands for “BACnet Interoperability Building Blocks” and is a standard naming convention for representing specific device capabilities using simple acronyms. That is, it creates simple categories to describe how one device works with another.
Without short-form descriptions, listing all the capabilities and services that a device offers would turn functional descriptions into a messy scrawl of technical jargon. By condensing these functions into acronyms, BIBBs makes it easier for FMs, system integrators, and building engineers to talk about the same things. BIBBs help buyers get the minimum number of services for the job without over-engineering and spending for extraneous functionality.
BIBB Categories
The BIBB naming system starts with five broad categories that list interoperability functions. These are high level functions that host specific capabilities within them. Categories include:
Data Sharing (DS)
The data sharing function describes how devices exchange data. Data sharing is essential for reading and writing data from one device to another. For example. If you wanted to regularly check the water temp of your boiler to monitor its performance, you would need the DS functionality.
Alarm & Event Management (AE)
The alarm and event management functionality is for detecting and notifying alarms and events. For example, if your boiler temps exceeded a specified setpoint, the AE function would allow you to receive an alert.
Scheduling (SCHED)
The scheduling functionality is for scheduling values based on date, time, and calendar. For example, if you wanted to schedule your boiler to provide after-hours heating for tenants.
Trending (T)
The trending functionality is for trend logging and historical data support. For example, if you wanted to store your boiler’s temp data to create a history for your engineer.
Device Management/Network Management (DM/NM)
The DM/NM is for setting up device and network management. It allows devices to discover each other, to synchronize clocks, and to reset a device to factory settings (reinitialize). For example, if you wanted to discover a newly installed boiler temp sensor.
Specific Capabilities
Specific capabilities, or sometimes called services, are distinct functions that exist within a BIBBs category. Capabilities also have acronyms. For example, the Read Property (RP) service is under the data sharing (DS) category. The service must exist for data sharing to occur. That is, a device (e.g., controller) must be able to read data, while another device (e.g., thermostat) must be able to send it. Many devices have both capabilities. Here are some examples of services for different BIBBs categories:
Data Sharing (DS)
Read Property Multiple (RPM)
Write Property (WP)
Change of Value (COV)
Alarm & Event Management (AE)
Notification (N)
Alarm Summary (ASUM)
View Notifications (VN)
Device and Network Management
Dynamic Device Binding (DDB)
Text Message (TM)
Reinitialize Device (RD)
Find a more extensive list of device capabilities here.
Clients and Servers
BIBBs also distinguishes between clients and servers, assigning and A and B category to each respectively. Client devices (A) can initiate or call for data or service from a device that can respond to that request (B). An example of this would be a controller (A) requesting temp data from a thermostat (B), which responds with the requested data. You can remember this order by recalling that the letter “A” comes before “B” in the alphabet, just as a request must precede a response.
Putting It All Together
Now that we have all three parts of BIBBs, let’s look at a full interoperability description. The BIBBs naming syntax places the category first, specific capability second, and server/client designation third. Each acronym is separated by a dash. Consider a BACnet controller that has data sharing (DS), a read property service (RP), and client capability (A). It would be designated as DS-RP-A. Can you guess what functionality a thermostat would require to send temp data back to the controller? If you answered DS-RP-B, you’re correct!
Conclusion
As we’ve seen, BIBBs are the “building blocks” of the standardized system of naming devices and their interoperability functions. Devices can have many different functions, so there’s also a need to group them. For example, controllers, sensors, and actuators must all have a minimum number of specific functions to work. These groups of functions are called BACnet device profiles. Like BIBBs acronyms, profiles give us a shorthand way of quickly designating and describing a device. Read BACnet Basics: What are Device Profiles? to learn more or visit The BACnet Institute for free training.
Properties need effective cybersecurity measures. Cybercriminals don’t just attack high profile companies and governments; they target small to medium businesses too. Computer viruses range from annoying adware infiltrating your browser to costly ransomware attacks. In 2021 the world saw a 105% jump in ransomware attacks. Healthcare alone saw a 755% increase! Businesses are paying out billions each year to save their proprietary and/or customer data—and paying only makes things worse.
The sharp rise in ransomware has forced building owners to take a serious look at their IT infrastructure. This is alongside adapting to the challenges of the pandemic and managing a remote workforce. Interestingly, some security experts point to remote work as one cause for the increase in ransomware. Since employees are no longer behind corporate firewalls, their home-based laptops and mobile devices become “attack vectors” for gaining entry to company networks.
Remote entry points are also an issue for building control systems. As buildings become more connected and “smart”, the threat of data breaches increases. That’s because system integration, IoT devices, and building automation systems (BAS) increase connectivity and wireless operation. It’s a problem the U.S. government has known about since 2015 after the GAO warned of a 74% jump in cyber incidents involving government-owned industrial control systems.
Building control systems like BAS/BMS connect hundreds of devices and sensors that make up systems like fire, access, HVAC, electrical, and lift. Connectivity makes it easier for cybercriminals to make their way to more sensitive data because there are more paths to follow. Wireless and IoT devices make networks vulnerable to remote Wi-Fi exploits and password hacks. These potential data breaches and financial losses from malware are why property teams need to practice effective cybersecurity habits.
Setup Multiple User Accounts
One good security habit to adopt is proper account creation and assignment to your team. To save time and hassle, some building managers create and share one master admin account amount their team members. It’s tempting when someone needs to make a few quick changes to simply email your login and password. However, this puts your BAS at risk of cyberattack if those credentials are misplaced or abused. To be cyber safe, create both admin and user level accounts and assign them to each employee.
Almost all BAS software lets you create multiple accounts and at various levels of access. Individual account creation does three key things:
It ensures inexperienced members aren’t given access to critical controls.
It makes sure user actions are recorded by the system.
It helps users work more effectively.
Modern BAS systems track what users do, which is helpful when things in the system are improperly changed. If everyone signs into the system with the same account, then you can’t tell who did what and when. This can slow down repairs and troubleshooting because you must rely on faulty human memory instead of an accurate digital record. Also, when inexperienced or new users sign into an admin account, they may spend an inordinate about of time searching for the tool or feature they need. User-level account interfaces are simplified for this reason. Too many options can tank productivity by forcing workers to waste time navigating a complex interface looking for a single item.
Password Creation
Creating strong passwords is one of the most impactful cybersecurity habits you can adopt. Too often folks continue to use highly predictable pass codes (e.g., “123455” or “Qwerty”) to secure their most sensitive data. What’s worse, most of us also use these same flimsy passwords for all our accounts. It’s behavior that’s too predictable, and predictability is the Achille’s Hill of security.
Make sure your team knows password best practices. When it comes to password creation, length and complexity matter. Passwords should be at least 8 characters long, include special characters (e.g., @!&), and numbers. The longer the password the better; however, there’s a limit to how many characters a person can hold in long term memory. To combat the memorization problem, use passcodes instead.
Passcodes are acronyms made from random words or long sentences. To create a passcode, use the first letter of each word to form your password. For example: “My cat whiskers is 3 years old and likes to have her belly rubbed.” This sentence (which is personal and easy to remember) becomes the password: “mcwi3yoalthhbr”. Then, swap out a few special characters, and you’re good to go.
If passcodes seem too complex, make your life 100% easier by simply using a password manager. These cloud-based apps create and store complex passwords in the cloud for you. They will even fill in the form fields for you, saving you valuable time. Most apps have free or inexpensive annual plans, so investment is minimized, while time savings and security are maximized.
Suspicious Link Detection
A building’s devices aren’t its only weak spots. In fact, occupants are often the major sources of malware. Cybercriminals can use social engineering to trick employees into opening phishing emails and navigating to fake websites. The tactic is called a “pharming attack” and is a common way for hackers to steal an employee’s username and password. The fake website looks and feels like the authentic one, but it’s a duplicate. Employees unwittingly enter their username and password, which is recorded and used to gain entry to the account.
Hackers design phishing emails and fake websites to look like official corporate digital assets, often using the same branding, logos, language, etc. Most are convincing enough to fool an employee who’s under a bit of stress and/or not paying attention. However, there are a few tell-tale signs to look for:
Salesy Language. Cybercriminals often employ high-pressure sales language or scare tactics. Phishing emails may claim “suspicious activity” or fake “charges” to user accounts to entice holders to hastily move to fix “issues” without first confirming the source of the emails.
Grammar mistakes. Often cybercriminals don’t speak your native language, so look for any grammar mistakes or misspellings. These are extremely rare in authentic corporate emails and are a sure sign of a fake.
Pixelated logos. Hackers use official logos to trick email recipients, but often these logos are hastily copied and pasted from websites and may be incorrectly sized resulting in pixelated or strange looking images.
Strange URLs. URLs have two parts: the hypertext (e.g., “Contact Us”) and the address (e.g., https://7nox.com/). Never trust the hypertext to tell you where the link goes. Always check the URL address. To do this, hover your cursor over the text without clicking and read the URL displayed in the bottom left corner of your browser. The URL should contain the company’s address. If it’s simply a long string or strange characters, it may be a pharming attack.
BAS Backups
Make sure your BMS provider backs up your BAS/BMS system on a regular basis. Backups keep your system secure against ransomware attacks, which rely on businesses not having copies of their data. Plus, system backups ensure redundancies when your system goes down or when you shut your building down for changes. If controller settings aren’t “persistent” they may not be saved during a reboot of your BMS. It’s critical that you have backups to ensure these changes are saved.
Conclusion
While building automation and connectivity brings many wonderful things to the built environment, they do require owners and managers to make their IT and OT more resilient. However, without proper training of staff, these technical efforts may prove fruitless. In cybersecurity, humans are often the weakest link. That’s why cybersecurity shouldn’t be simply a training box to tick at the end of the year. It should be an ongoing attitude and effort by all employees. Focus your training on seasoned staff, who may be laxer in their habits, and on newcomers who may have few habits at all.
Buildings are responsible for a significant chunk of emitted green house gases (GHGs) into the atmosphere. Therefore, they’re a leading contributor to global warming. In the U.S., buildings account for 40% of all U. S. primary energy and its associated GHG emissions. While these stats appear bleak, they actually represent a positive when it comes to FMs and owners. Because property owners and managers helm the ship of the Built Environment, they have the power to steer decarbonization efforts in the right direction. By adopting smart technology and building automation, property owners can significantly contribute to GHG reduction while saving money and futureproofing their investments.
With building decarbonization, small changes can make a big difference. Automating your after-hours HVAC program is an easy first step to reducing your property’s carbon footprint. You don’t need to take out a loan to invest in automation tech either. Online tools like cloud-based after-hours HVAC apps are inexpensive and simple to integrate with your existing BMS.
Cut Mistakes, Cut Waste
While after-hours request programs vary, the standard process works like this: the tenant fills out a work request for after-hours air conditioning or heating. Staff members record the request. The building engineer programs the HVAC to fulfill the request. The air con/heating is delivered at the require day and time. The property manager invoices the tenant at the end of the month.
Every step in this manual request process is an opportunity for errors to crop up. Forgotten emails, data entry mistakes and missed change requests are all more likely with a manual process. Mistakes cost time and energy, whether its extra lighting, access gates, lift rides or added HVAC service itself.
After-hours HVAC booking apps replace these manual step with wireless technology and network connections. Tenants create requests via a mobile or desktop app. The system then interfaces with the building’s BMS to schedule the request. The tenant, time and date are automatically logged, and the BMS delivers heating and air con on the requested days. By automating these steps, you cut out the wasted energy and help lower your carbon footprint.
Push Buttons vs. Cloud-Based Apps
Push button systems for activating HVAC service eliminate some, but not all, of the manual steps. They’re designed to deliver service as requested, giving tenants easy access to and control over HVAC operation. However, their openness can be a liability. Since anyone within the building can request service, savings from push button controls are often undermined by their public access.
There are no guards against everyone (ex. maintenance or cleaning staff) from accessing controls. So, unauthorized access can lead to unaccounted and wasted energy use. It’s also easy for occupants to “hit the button” minutes before leaving the room or floor, resulting in wasted energy from heating and cooling unoccupied spaces.
After-hours HVAC apps reduce energy waste by limiting access to the platform. In a cloud-based system, only authorized users can create HVAC requests. And the system records both the request and the requester. So owners always know who requests services. Plus, tenants can re-schedule and cancel bookings from anywhere there’s an internet connection. This helps save energy by eliminating empty room heating and cooling.
Data Equals Decarbonization
Automation goes hand-in-hand with data. Today’s smart sensors, IoT devices, machine learning, AI, digital twins, and BMS integration all point to the eventual integration of every building systems. In the near future, fire systems will “talk” with access systems to track occupants during an emergency. Access systems will work in tandem with HVAC systems to adjust heating and cooling demands based on occupancy levels. Building management systems will connect to utility providers to shift energy usage during peak demand. Such interoperability is already evolving, but it requires data to work properly.
By automating your HVAC requests, you can collect data on how and when your tenants are requesting HVAC services and use it to conserve energy. For example, you can identify seasonal trends and make targeted improvements and retrofits for specific zones of your property. Automation puts you in a better position to transition your property into a smart building and futureproof your assets.
In a post-COVID workplace, “hands-free” is the new buzz world. It’s also the new hygiene standard. At times, it may seem the pandemic has turned everyone into Adrian Monk. But you needn’t be an OCD-suffering detective to solve the mystery of the old hygiene standard; it’s dead—murdered by Delta and Omicron. However, its demise makes way for a new standard, one built with hands-free building tech.
Touchless interfaces, voice command, facial recognition systems are uber-popular among both employees and managers. Some hands-free devices are smart home gadgets carried to the office by new hybrid workers looking to introduce a little domestic convenience. But other employees simply want safer, more hygienic work and communal spaces.
Tech companies are speeding up their response to the touchless standard by leveraging existing tech: smartphones. Every worker already carries a small, powerful computer connected to the internet in their pocket, so why not start there. The shortcut is producing a variety of apps that give workers and managers hands-free control of lighting, elevator access and after-hours air con bookings. The touchless workplace is a safe bet for property owners looking to invest in tech that boosts their property values and occupancy retention.
Access Via Facial Recognition
Facial recognition is a growing tech in facilities access because it provides better safety and a keyless, touchless entry point. Cameras with specialised facial recognition software scan a person’s face to identify them before granting entry. Users simply look at the scanner, are identified, and the system unlocks the doors. While hardly a viable solution for high traffic areas, facial recognition systems do ensure touchless entry points for visitors and better safety for building occupants.
Smart Elevator Apps
Today, “calling” the elevator is no longer a metaphor. Some major lift manufacturers like Otis and Schindler now have apps that let you summon an elevator with your smartphone. Users can use the apps themselves to ask for life service or they can scan a QR code to let the elevator know what floor they’re on. Smart elevator apps are time sizers too. Riders can request the lift as they approach, select their destination, then arrive just as the elevator does. No buttons to press or physical contact to make means a more sanitary ride.
Touchless Audio/Visual Setups
The conference room is full of commonly touched surfaces swimming with bacteria. However, voice activated AV equipment and video launching apps are keeping the presentation room touchless. Companies like Crestron are making touchless AV wireless, letting you manage all your AV equipment and room scheduling one a single app on your smartphone. Imagine having an app to control your presentation equipment. Being able to set custom specifications, including your lighting preferences, blind levels, and audio volume all with one touch of your own smartphone.
Touchless Reception
Hands-free entry tech like automatic sliding and swinging doors are hardly new, but new “touchless” tech for reception are evolving to limit the time visitors are spending in reception. Reducing the number of people in reception reduces the risk of virus transmission.
Rather than performing traditional check-ins, visitors can send instant text messages, voice calls and emails to authenticate their credentials and notify hosts. Once inside, other touchless access points can be granted by reading smartphone data via Wi-Fi. Elevators may be sent, doors opened automatically, areas of the building opened all without the visitors needing to touch handles or screens. Such automated access systems can also perform other duties like contact tracing or administering health questionnaires.
Voice-Activated Lighting
Today’s modern commercial lighting solutions offer hands-free tech features like voice command and app operation to expand control over workspace illumination. Some lighting tech has replaced the traditional light switch with a motion sensor that activates with the wave of a user’s hand. Others control lighting with voice commands powered by popular voice assistants like Alexa, Siri or Google.
Other hands-free light switches have Wi-Fi so workers can turn off lights left on or turn them on before entering the building. Smartphone control also means the ability to schedule lighting at regular intervals or for specific events. Voice activation, motion sensor and smart app lighting controls give workers more choices while eliminating the need for physical contact.
If you have commercial tenants, they’ve likely scheduled heating or air conditioning outside of your building’s usual business hours. Managers and owners commonly refer to these extra hours as overtime HVAC, after-hours HVAC, after-hours air conditioning or some variation. These overtime utility services give companies the flexibility to host special events, hold annual meetings, or simply extend their workday hours.
Tenant overtime HVAC systems are online platforms that automate the scheduling and billing of those after-hours HVAC requests. These systems streamline much of the traditional steps of a tenant overtime program, including scheduling and billing. Consequently, they save property managers and their staff time and resources. In addition, overtime HVAC systems can increase tenant satisfaction and conserve energy. Modern systems operate on a software-as-a-service model (SaaS) where property managers pay a monthly subscription for the service, but one-time fees are also available.
Modern tenant overtime systems let property owners set normal business hours (blue), while tenants can schedule HVAC service outside these times (green).
After-Hours vs Standard Occupancy Times
Standard business hours or “occupancy times” for buildings vary by region, but most fall somewhere around 8 a.m. and 6 p.m. Monday to Friday. Owners and managers define their business hours within commercial leases and agree to provide heating, cooling and lighting for tenants to operate their businesses. However, many leases also allow for “after-hours” or “overtime” HVAC requests. These are defined as any times outside normal business hours, and they’re usually billed separately from normal OPEX.
To recoup the costs for providing after-hours HVAC services, managers and owners usually charge tenants a fixed hourly rate (ex: $35/hour). The rate usually includes an estimated energy cost for providing service for one hour, plus an admin fee to cover staff time.
Overtime HVAC Scheduling
Because after-hours HVAC requests are outside standard operating hours, tenants must schedule them with the manager or building engineer. Typical steps in a standard overtime program usually involve the following:
The tenant makes an overtime HVAC request via email or text.
The manager records the request in a spreadsheet and notifies the building engineer.
The engineer programs the request into the building’s BMS.
The manager invoices the tenant at the end of the month for the overtime charges.
Managing this process requires time and resources, which is why most leases require a 24 or 48-hour notice per request. The window gives staff enough time to schedule the request, but places limits on how spontaneous tenants can be with last minute schedules.
Tenant overtime HVAC systems eliminate or simplify many of the above steps. Instead of an email or phone call, tenants use an online portal and web browser to submit overtime requests. Since overtime systems link to your building’s BMS, they bypass the need for manual reporting and system programming—no managers or engineers needed. This keeps notice times shorter, and tenants benefit from the increased flexibility.
Overtime HVAC systems also come with mobile apps. Tenants use these programs to schedule after-hours services from their smartphones or tablets. The freedom of mobile scheduling tends to increase overall tenant satisfaction with a property’s after-hours program.
Common connection flow of a cloud-based tenant overtime HVAC system to a commercial property.
Overtime HVAC Billing
Billing for standard hour energy is straightforward. Tenants pay pro rata based on the building’s total utility costs for the month. The strategy essentially splits the energy costs among all tenants equally, and everyone pays their share at the end of the month. However, overtime HVAC charges add complexity to monthly billing. It would be unfair to split overtime energy costs among all tenants, since only specific ones use it, so landlords invoice tenants only for the kWh they use.
However, individual invoicing takes more time. Spreadsheets need updated. Invoices generated. Emails sent to tenants. Plus, manual entry increases the risk of mistakes, leaving tenants paying too much or too little. Tenant overtime HVAC systems automate most of these monthly billing tasks, eliminating human error and tenant disputes around charges.
Overtime systems record BMS operation histories in their servers. So, times, days, and durations of overtime services are automatically generated for any timeframe. Most platforms also automate monthly billing to tenants. Since the system tracks individual usage, it can email automated invoices to tenants, taking the paperwork off property managers.
Energy Conservation
On average, 30% of the energy used in commercial buildings is wasted. After-hour scheduling changes and cancellations happen. It’s not uncommon for tenants to walk into unheated boardrooms or for entire building floors to sit unoccupied while chillers run at full power. Such scheduling mistakes waste energy and money. The bulk of these issues stem from recording mistakes and human error. A work order was overlooked, an email went to spam. Someone was out sick. These are common, often unavoidable, situations.
Because they’re automated systems, tenant overtime platforms eliminate human error. Schedule changes and cancellations are caught more frequently and wasted energy reduced.
Overtime HVAC systems can also positively affect tenant attitudes toward energy waste. Because tenants pay for the overtime kilowatts they use, they’re more cautious about waste. In contrast, attitudes towards energy use during standard business hours can be markedly different. Those tenants often have a “use it or lose it” approach, feeling they should condition the air in their spaces, whether they’re empty or occupied. The attitude is “We’re paying for it anyway.”
Tenant Satisfaction
Aside from time and money savings, the biggest selling point of overtime HVAC systems is their value to tenant businesses. With HVAC scheduling, office managers can operate hybrid workspaces more effectively. Government agencies can use after-hours reports to report on sustainability goals. Software developers could employ overtime usage to evaluate team productivity. Marketing agencies could add overtime energy costs as a billable line item for clients. The value of tenant overtime HVAC systems is yet to be fully realized, but the heart of it lies in their ability to empower tenants to run better businesses and organisations.
