Nexus #15 (3/24/2020)

Intro to Tosibox, Cybersecurity for OT, Lendlease's approach to digital twins

👋 Welcome to Nexus, a newsletter for smart people applying smart building technology—written by James Dice.

If you’ve been forwarded this email, you can sign up for your subscription here:

If you have thoughts, questions, ideas, or tips: hit reply, I’d love your feedback!

And by the way: if you missed last week’s edition, you can find it here.


Disclaimer: The views, thoughts, and opinions expressed in the following text, on the Nexus website, and on the Nexus podcast belong solely to the author, and not necessarily to the author's employer or any other group or individual.


index:

Here’s an outline of this week’s newsletter:

  1. A quick note: What I’m thinking about this week

  2. Our LinkedIn discussion on O&M culture

  3. Episode 1 of the Nexus podcast

  4. My intro to Tosibox and what I like about them

  5. My highlights from Optigo Networks’ Cyber Security for OT Webinar

  6. Key learnings from an article on the many benefits of digital twins

  7. Results from last week’s Nexus reader survey


1.

a quick note:

Hi everyone—these are weird times we’re in. I hope this note finds you safe, sane, and healthy.

In an effort to make the best use of time cooped up at home with my cat, Grace, I’ve decided I’m going to read a series of five short books on technology relevant to our industry. Before we get to the details, here’s Grace:

That annoyed look is pretty standard. Anyway, here’s the list in the order I’m planning to read them:

  1. Computational Thinking

  2. Data Science

  3. Machine Learning

  4. Metadata

  5. The Internet of Things

You’ll notice all 5 books are from the MIT Press Essential Knowledge series, which is excellent in my experience. It’s a series of 60ish books built to cover each subject for beginners and experts alike. I think they’ll spark great discussions.

Each week, we’ll read a few chapters and then discuss how the concepts apply to our work transforming the built environment. You can jump in and out of the series however you’d like.

If you’re interested in joining this book club, hit reply and let me know. I’m looking for feedback on whether we should meet on Zoom to discuss “in person” and, if so, when the best time would be.

We’ll start Computational Thinking next week, so get it delivered or get the Kindle version.


from Nexus:

2.

Our latest LinkedIn discussion

I recently visited a campus in an effort to help them build a long term roadmap for analytics to support energy management and resiliency. One of the concerns the facility and energy managers have with new technology is the maintenance culture.

To illustrate their concern, picture this: one of the HVAC technicians had a hat on that said this:

“DON’T ASK ME FOR SH*T”

Above his desk, the sign reads:

What are your strategies for overcoming these sorts of attitudes when deploying new technology and managing change?

Join the discussion


3.

the Nexus podcast

If you missed my email announcing the Nexus podcast episode 1 with Nicolas Waern, check it out.

Note: As this is new, it will take a few weeks (I think) to get approved and pushed to Apple podcasts and other platforms, so please sit tight.


explore:

4.

+ My intro to Tosibox (YouTube)—I’ve set up a few VPN tunnels to Amazon Web Services in my day. It was not an activity I would call “fun”. But it was what we needed to do to get the data to the cloud and keep the client’s IT folks happy. Besides the tools provided by AWS, I’ve also used NeoRouter and evaluated IoTium. I’ve only recently discovered another option out of Finland: Tosibox.

In a nutshell: Tosibox provides secure remote 2-factor authenticated (2FA) connections enabled by a physical key that you plug into the box during set up, which then forms the client/remote side of the VPN tunnel when you plug it into your remote device.

The tunnel supports Layer 2 and Layer 3 communication, allowing remote systems to send and receive responses to BACnet broadcasts—very helpful for data collection and sending commands (if you’re into that sort of thing). The connection can be established even when both parties are behind firewalls or NATs. As a result, there are no services listening or open ports exposed to the Internet. (Details on their cybersecurity specs)

What I like about Tosibox at first glance:

  • You can embed their client-side software in your edge device

  • You have the flexibility to design the network how you need it with modular components

  • While the “virtual central lock” software has a small subscription fee, their pricing model isn’t 100% SaaS, unlike competitors I’ve evaluated

Who has experience with creating a Tosibox network? Hit reply and let me know you how it went.


5.

+ Optigo Networks’ Cyber Security for OT Webinar (YouTube)—I’ve been diving into cybersecurity resources lately. I’ve always considered it a high priority when deploying smart building technology, but it’s beginning to seem like we’re in a new era—one in which I need to deepen my understanding in order to prevent cyber concerns from derailing projects before they begin.

If you were writing this off as a topic for only IT people to worry about, it may be time to dig in. It’s not going away and it’s a topic for all of us.

With this webinar, I thought Optigo Networks did a great job of summarizing and adding value to NIST’s recent report called Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. They also summarized the summarization in a blog post. I’m hesitant to summarize further, but here are some highlights:

  • Information Technology (IT) and Operational Technology (OT) are different—from their design to their maintenance workflows and more. When IT and OT merge, these differences create new challenges for cybersecurity.

  • Why is that?

    1. IoT devices interact with the physical world in a way that IT devices do not.

    2. The ability to access, manage, and monitor IoT devices is still in its infancy.

    3. Just as they have limited access, management, and monitoring features, many IoT devices also have limited cybersecurity and privacy features.

  • NIST’s report focuses on higher-level strategies, policies, and procedures for dealing with this changing reality. Optigo, who provides IT-like services and products focused on OT networks, gets deeper with specific actions to take.


6.

+ The many benefits of digital twins (EGI)—A well-written article featuring the human and business side of digital twins, along with some key capabilities they enable. Some key learnings for me:

  • How Lendlease, led by Bill Ruh, approaches smart buildings tech and digital transformation

    I have done it before. It’s just going to be the same playbook here. In my prior lives at [IT and cybersecurity solutions company] Cisco and GE, in both cases we were figuring out how to use digital technology to drive real revenue gains. I just think about one of the key things that I’ve learned through that is that it is not about the technology first.

    The trick to bringing in returns is to identify a company’s key problem and investigate how technology can solve it, rather than try to take on the concept of digital transformation in its entirety. That and being fully prepared for a wave of resistance in the first instance.

    There is usually a 20-60-20 breakdown of where people are at; 20% of people are ready for change and want to help lead that change, 60% are waiting to see enough evidence it works in reality to jump on board and 20% you are probably never going to persuade.

  • On using digital twins for design

    Imagine if you could design a building 100 times in software and figure out all of the problems before you actually build it. That will have a phenomenal impact. We have mandated that we will do a digital twin for every one of our balance sheet projects globally.

    We have already started and there is one example where we built a building this way and found 161 problems in the design at this early stage. I feel quite confident we may have caught all issues and we know it would have added about 8-10% to the cost of the building at the end if you found them in construction. We have repeated this across a number of projects, and we are seeing the same thing.

  • On the cost of digital twins coming down:

    In the past, this sort of technology was $1m-plus (£770,000) and it is now in the $150k-200k bracket, which is less than you would spend on a consultant to help on some of these projects. We think within the next five years it could come down to $50k.

  • On new use cases for analytics

    We’re also creating a property data platform. In Barangaroo in Sydney, we have a million sensors in buildings that are generating data. The data platform will bring all the data together to give us insights on how we can automate a building to improve efficiency and create a better experience. For example, if we couldn’t ascertain if putting a playground in a mall would increase retail spending, we can now make that correlation based on data on dwell time because more dwell time always means extra sales.

    (Note that it seems like he’s saying the twin and analytics are separate platforms—I disagree.)


7.

survey results

If you haven't yet, please take this 2-minute survey so I can get a better sense for: 
1. Your direct feedback of what you like/don’t like  
2. How to provide more value to you and your business  

I’ve tried to keep it as sparse as possible. It will take no longer than two minutes... five if you want to write a really long love letter.  

🙏 Thank you for your support. 🙌

Take the survey

And for those of you that did take the survey, thank you! Here ‘s what I’ve learned from you so far:

Q: Why do you read Nexus?

The #1 answer was “to get James’s perspective”. Aww… I’m honored! I’ll definitely be sharing more of my thoughts! I’ve added a disclaimer to reflect the fact that my perspective is 100% my own and doesn’t represent my employer in any way or represent an endorsement.

Q: How can Nexus be improved?

  • More graphics.

  • An index at the top. (✔️done!)

  • More financial analysis - how the hell are building owners going to pay for all this cutting edge tech? Great quote:

Many on the CRE tech side have almost no understanding of the financial model they are selling into, which is why so many whither and die.

Q: What additional resources would be most valuable to you?

#1 - Deep-dive webinars (this surprised me!)

#2 - Ask Me Anythings

#3 - Detailed guides to hot topics

Q: Would you pay a small monthly membership fee for additional resources?

86% of you said “Yes” or “Maybe, depending on the details”

***QUICK FINAL NOTE***

The form doesn’t collect any personal details (i.e. email, etc.). If you asked me a question in the survey last week (e.g. whether or not I can speak at your event) please hit reply and ask it to me via email… because I don’t know who you are 😉


OK, that’s all for this week—thanks for reading Nexus!

If you have thoughts on this week’s edition, let me know in the comments at nexus.substack.com.