Summer 2020 FieldServer Feature Releases Are Here

Read on for more information about our new OpenVPN application, Virtual Data Points, Proxy Tunnel, and ProAttach that will enhance the FieldServer experience for our customers.


Access your data remotely as if you were on-site with OpenVPN. A scalable, easy to use VPN server solution is available using any Ethernet Protocol when an OpenVPN connects to a FieldServer device. Multiple Wireless configuration options are available.

OpenVPN establishes an encrypted secure tunnel from a user’s local PC or mobile to device to the FieldServer device. FieldServer acts as a proxy, allowing access to the site’s network. This means that FieldServer with OpenVPN enables your devices to be monitored remotely, controlled and maintained as if you were right on-site using our proprietary software.

OpenVPN software runs on both ends of the internet tunnel to keep your data secure. Both endpoints can have dynamic IP Addresses. OpenVPN only needs one physical port to work, is immune to VPN blocking, and can function as a Layer 2 or 3 VPN. OpenVPN needs the following ports open to work: UDP 1194, TCP 80 and 443. For additional details on the OpenVPN compatible FieldServers, see the ProtoAir Start-up Guide on our website. For instructions on setting up an OpenVPN client, see the OpenVPN Start‑up Guide.

Virtual Data Points

This new, rich Edge Gateway feature enables manipulation of FieldServer device data to produce useful insights using a JSON logic engine embedded in the FieldServer Gateway, when moving data to the SMC Cloud.

This feature enables users to create virtual device data points for each device profile in a web GUI environment that includes helpful JSON functions. As an example, Virtual Points allow the user to add calculations to an existing FieldServer’s profile(s) points for the first time.

Proxy Tunnel

This new SMC Cloud feature enables users to access their remote device controller. Once a user has logged into the SMC Cloud and locates the connected FieldServer, the user can easily view the browser built into their equipment controller. This can be used to change/confirm controller configuration settings, upload new firmware to the controller or any other built-in functionality without the use of proprietary software or a VPN.


This new feature enables customers to enter valuable site information to assist with rich analytics when analyzing or diagnosing data from their sites via the SMC Cloud. When a FieldServer is configured for the first-time, helpful prompts enable a user to quickly input site information that will assist the equipment manager.

ProAttach can help quickly identify the location of the installation and contact information of the machine installer. And, to ease FieldServer maintenance, firmware version, MAC address, and installation configuration details are sent to the SMC Cloud via ProAttach.

Please reach out to your FieldServer representative for more information about how to access these new features.
Building analytics software spells savings for property managers

In our last article, we talked about how building owners and property managers are under increased pressure from government agencies and organizations to increase their energy efficiency and cut energy waste. As a recently released Clean Energy Scorecard by the American Council for an Energy-Efficient Economy (ACEEE), shows, “30 cities have taken steps to reduce energy waste in buildings by improving [building energy] codes.”

These more stringent codes have been one of the catalysts driving building owners and facilities managers to pay more attention to their energy usage. But it’s not the only one.

According to a recently-released case study about Cortex, a building analytics software solution provider, there’s another kind of “green” that is incentivizing these building owners, a desire to cut costs and increase revenue. That’s because they’re either paying that expense out of pocket to the detriment of their profits or passing that expense on to their occupants, raising the cost to lease their space and making it difficult to compete in the marketplace, especially in places where commercial real estate vacancy rates are high.

That desire to save money has them focused on their HVAC solutions, in particular. As the case study claims:

Of the many different systems and devices in a commercial office building that may consume energy, the largest energy consumer is inarguably heating, ventilation, and air conditioning (HVAC). According to a 2015 report by the DOE, HVAC accounts for 35 percent of total building energy usage. The next largest consumer of energy is lighting, at just 11 percent.

Cutting HVAC costs isn’t always as easy as just turning down the A/C in the winter. There is comfort to think about. Resident, tenant, or occupant comfort can be compromised if the temperature in the building begins to drift above or below a certain threshold. Simply turning off the HVAC at midday on the hottest days won’t cut it. While it will certainly decrease energy costs, it will leave occupants in a multi-story sauna.

Luckily, the combination of IIoT gateways and building analytics software solutions can help make energy savings a reality.

Making informed HVAC decisions

To make balancing the comfort of occupants and the cost of HVAC easier, building analytics software solution providers, such as Cortex, have introduced solutions that harvest and analyze the data being generated by the HVAC devices and sensors in a building.

Utilizing this data, these solutions take advantage of advanced analytics and machine learning to generate actionable insights and intelligence that enables building owners and property managers to better manage their HVAC systems, allowing them to keep occupants comfortable while still cutting the energy usage of their HVAC systems and devices.

In fact, the Cortex solution is so effective that it’s currently in use by some of the largest and most recognizable property management companies, including CBRE and Empire State Realty Trust, which has saved approximately $800,000 per year in energy costs utilizing the solution in New York City’s iconic Empire State Building.

For building analytics software solutions, like the one offered by Cortex, to function, they need the ability to harvest device and temperature data from HVAC systems and sensors around the building. That’s where a gateway solution becomes necessary.

Shining a light on HVAC solutions

When a building analytics software solution is first installed in a new location, it has no real information or insight into what HVAC devices or sensors are present. That’s a problem because the solution needs to get the data from those unknown devices, through the building management system (BMS), if the application is going to be able to analyze it and deliver actionable insights to the user.

By utilizing IIoT gateways, companies like Cortex are able to establish the systems and devices that are present in the building and choose the devices they want to monitor through an easy-to-use Web interface.

These gateway solutions are giving the building analytics software solutions the connectivity and insight into the HVAC devices and sensors that are necessary to deliver actionable insights to the building owner or manager. This means they can make smarter energy decisions, meet stringent building energy codes, and cut costs.

Connected HVLS fans a cool solution for increasing energy efficiency and comfort

If you’re a facility or building owner or manager, chances are that you’re looking to increase the energy efficiency of your building. There are two very good reasons for that. First, energy costs are among one of the largest variable costs that you face in the operations and upkeep of your facility. Second, there are a number of external and internal forces demanding that organizations become greener and more environmentally friendly as individuals and governments work feverishly to combat global climate change.

In some instances, government agencies are requiring building owners and facility managers to increase energy efficiency by changing their building codes to reduce energy waste. According to a City Clean Energy Scorecard from the American Council for an Energy-Efficient Economy (ACEEE), a nonprofit that advocates to advance energy efficiency policies:

Since 2017, nine cities adopted more-stringent building energy codes: Las Vegas, Mesa, New York, Philadelphia, Phoenix, Reno, San Antonio, St. Louis, and Tucson. Another five cities successfully advocated for their states to adopt more stringent standards: Columbus, Cincinnati, Cleveland, Pittsburgh, and Seattle. In addition, eight cities adopted efficiency requirements for existing buildings: Chicago, Denver, Minneapolis, New York, Reno, Salt Lake City, San José, and Washington, DC

There are a number of factors and systems that contribute to a building’s energy usage, but HVAC is among the largest. This means that building and facility owners and managers are increasingly incentivized to reduce their HVAC usage and find other ways to cool their buildings and circulate air. That’s why facilities owners and operators are now looking to control comfort in their industrial and commercial spaces with large, high volume, low speed (HVLS) ceiling fans.

Spinning up savings

Running a ceiling fan to cool a space takes a fraction of the energy that it takes to run traditional HVAC. A recent case study about Hunter Fans shows that, as companies look to get their energy expenses under control, the idea of using fans to increase comfort until air conditioning becomes necessary is an attractive one to many building owners and facility managers.

This has led to a massive new market for the ceiling fan industry, which is now manufacturing and installing enormous HVLS fans in breweries, distilleries, gyms, warehouses and other commercial and industrial spaces.

In addition to increasing energy efficiency and reducing costs by reducing energy usage, these fans have another benefit. They have incredible longevity. By requiring little in the way of maintenance and repair and having long term life expectancies, running fans as opposed to HVAC systems can also help reduce maintenance and repair costs for building owners and managers.

However, for the fans to be truly a part of a building or facility’s larger cooling and HVAC systems, they need to integrate and interoperate with the building’s automation system. This is the only way to ensure an automated switch from fan systems to HVAC systems when temperatures rise above comfortable ranges.

Cool. Calm. Connected.

By utilizing gateway solutions, fan providers, such as Hunter Fans, are now enabling integration with building automation systems, which is delivering increased control over air circulation, even air distribution, space comfort, and equipment scheduling to the end-user both remotely and locally.

Through integration with the building automation system, building owners and managers are able to more effectively utilize the fan systems as a part of the facility’s larger cooling system, using fans to circulate air until a certain temperature threshold is crossed before initializing air conditioning systems to keep the conditions comfortable.

This helps to significantly increase the cost-efficiency of the facility and the HVAC systems, using the systems that cost more to run only when they’re absolutely necessary, and using systems with a lower cost of operation for as long as possible.

Today’s building and facility owners are not just looking to increase energy efficiency for cost savings, they’re required to eliminate energy waste from their properties. HVLS fans are an effective solution for reducing the usage of energy-sucking HVAC systems, but only if they’re connected and can be managed from the same building automation system as HVAC systems. Luckily, IIoT gateways are making that a reality.

For more information on how Hunter Fans is making their HVLS solutions more automated, click HERE. To learn more about how access to device data can benefit equipment manufacturers and owners, click HERE to download a complimentary copy of the, “HVAC as a Service Revolution.

Cybersecurity and the IIoT

If there is one universal cybersecurity truth, it’s that the Internet is not getting any safer. In fact, quite the opposite – cyberattacks are increasing in frequency, threats are becoming more sophisticated and new malicious actors are entering the fray every day.

What’s worse, there are companies that never had to deal with or even think about cybersecurity that now have to face this harsh cyber landscape for the first time. This includes equipment manufacturers that make the world’s commercial and industrial equipment.

In this eBook, you’ll learn all about the very real threats facing equipment manufacturers and the IIoT. You’ll discover why many equipment manufacturers are unprepared to protect their devices from cyberattacks. You’ll also learn a simple and secure way to protect devices through safer gateways.

Fill out the form below for a complimentary copy of “Cybersecurity and the IIoT – how equipment manufacturers can protect device data in an increasingly insecure cyber landscape.”

Device data drives revenue – how data can make sales teams more effective

There are many reasons why equipment manufacturers should want to access the data from their installed devices. It can help them to provide better, more proactive service and maintenance to their users and customers. It can make them more effective and efficient, eliminating unnecessary truck rolls that result from dispatching unprepared or uninformed maintenance personnel to diagnose problems on-site. It can even help fight against warranty fraud and abuse.

There’s something even more exciting that manufacturers can use their device data for: generating revenue.

In previous posts, we’ve looked at using device data to help sell more service contracts. We have also explored the ways in which better access to device data could open the door to HVAC as a Service, a concept where the device is managed and maintained by the manufacturer for a fee, effectively outsourcing that device’s function to the people that know it best.

There is a much more direct way that device data can drive revenue, it can help position salespeople to sell more devices in the first place. Let’s explore the ways in which a more educated salesforce can move more products and sell more devices.

The right product at the right time

Facilities managers, building owners, and factory operators don’t buy a piece of commercial or industrial equipment because they always wanted to own one. They buy it because it does a job and performs a function. But is it the right device for that job? Does it function like it’s supposed to? The answer to that question could be the difference between selling a new device and generating no new revenue.

By analyzing device data, the sales force at an equipment manufacturer can learn a lot about the performance of a device and if it’s operating optimally. If a device is showing signs that it’s failing or about to fail, whether it be drawing too much energy, signaling motor failure or another red flag, they can reach out proactively to communicate that concern with the equipment owner and begin the process of getting a replacement.

By identifying failing equipment in advance and working to replace it before it breaks, device manufacturers can keep downtime to a minimum. Instead of being the manufacturer whose device broke and stopped an assembly line or otherwise killed productivity, they become the device manufacturer that reached out and replaced the device with a new one in advance of it breaking, keeping the line moving, and keeping productivity high.

It’s not just about devices in failing health; it’s also about devices that fail to do what equipment owners need them to do. If an equipment owner is using a device that is a bottleneck and is pushing that device hard as a result, they could see a significant return on their investment if they replaced that device with something new, faster, better or with higher capacity.

As an equipment manufacturer, if you have access to device data, you should be able to see a device that’s being pushed hard. That’s an invitation to reach out to that equipment owner and get a better understanding of how that device fits into their operations. If it’s a device that is essential but struggling to keep pace or otherwise causing a bottleneck, the investment to replace it with something more effective could very well pay for itself in a very short period of time.

Imagine an assembly line or manufacturing plant, for example. What if one piece of equipment was slowing down operations and reducing the amount of product that could be produced in a day? Replacing it with something more effective or that could handle a larger load could lead to higher outputs, which can help increase their revenue.

Identifying these opportunities is mutually beneficial for both the equipment manufacturer and the device owner. The equipment manufacturer sells a new device and gets that revenue through the door. The device owner gets increased operational efficiency and production, and most likely quickly recoups the cost of the new device, which then proceeds to make them more money over time. This is only possible if the equipment manufacturer can access and analyze the data from its installed devices.

To learn more about how remote access and access to device data can benefit equipment manufacturers, download a complimentary copy of “HVAC as a Service Revolution.”

Combating the inherent cybersecurity risks of connected devices

In our last article, we sat down with Richard Theron, a Product Manager at cloud gateway solution provider, Sierra Monitor, to talk about how today’s next generation of cloud-enabled devices can allow remote access and remote monitoring, making them better for a more remote workforce.

Unfortunately, as with any device that is connected to the Internet, there are inherent cybersecurity risks that arise when commercial and industrial devices are cloud-enabled. Within a few minutes of an IoT device being connected to the Internet for the first time, it’s already been attacked, and there are many good reasons why someone would want to attack a commercial or industrial device.

In part two of our conversation with Richard, we talked about the cyber threat landscape facing commercial and industrial devices, examples of ways these devices can be exploited to hurt an organization, and simple ways that manufacturers can make their devices more secure to help protect their customers. Here is what he had to say: 

How susceptible are these devices to cyberattack? Why are these devices susceptible in the first place?

Many of these Internet-connected commercial and industrial devices are surprisingly susceptible. And there are a few very good reasons for that. 

First, there’s the fact that many of these companies aren’t IT companies and they’re certainly not cybersecurity companies. Most of them are incredibly good equipment manufacturers that are exceptional at making devices that work and do what they’re designed to do effectively and efficiently. But they’re not prepared or equipped to handle the cybersecurity requirements that arise when these devices are cloud-enabled.


Then, there’s the issues that arise from speed to market. Manufacturers want to beat out their competitors and get their next-generation Internet-connected, cloud-enabled devices on the market first. As we talked about previously, they see it as a competitive advantage. But, in the process of being first and moving quick, they fail to consider the cybersecurity implications of cloud-enablement.

Finally, there are equipment manufacturers that invest in security in one area, and then fail to invest in others. Maybe they do a good job of securing their devices, but they fail to do the necessary penetration testing on their device cloud or device applications. This is more common than you would expect.

Why would anyone want to attack these devices? How would it benefit them? What would they get out of it?

There are more reasons than we probably have time here to discuss. First, there’s the straight financial reason. Ransomware attacks are increasingly in prevalence. They’re targeting government agencies, education institutions and private companies,encrypting their data and holding their system hostage in exchange for a financial ransom. And they’re increasing in frequency because they’re profitable. 


That’s something that could also be done with commercial and industrial equipment and devices. Malicious actors could take control of a building or campus’ BMS system, shut down necessary and essential systems, and then hold them for ransom until they’re compensated.

Then there are insider attacks, attacks against the organization by someone within the company. This could be a disgruntled employee looking to hurt the company by costing them precious time and money, destroying productivity to impact their bottom-line.

Then there are the data thieves and people looking to steal sensitive information. The devices within a company or organization may not be the target, they may just be the entryway into the larger network. Once inside, hackers could begin to move laterally, moving from application to application and system to system looking for proprietary business intelligence, financial data, or payment data.

That’s just a few examples, but I’m sure there are many more.

What should manufacturers do to protect their devices and make their equipment safer for their customers?

The single most important thing that they can do is select the products and gateways that are built with inherent security standards and protocols built in.

As we discussed previously, many of these equipment manufacturers are cloud-enabling their devices through the integration of cloud gateways, which give them the connectivity to the Internet that they’re looking to enable in their devices. If the gateways that they’re choosing don’t meet those security standards, their equipment also won’t meet those security standards.

There are a number of gateway providers that are taking the time, doing the penetration testing on their gateways and their device clouds, to ensure that they’re secure and that they can secure the devices that they’re installed in. By choosing to work with those companies, equipment manufacturers can ensure that they’re making and selling a product to their customers that is safe.

To learn more about the cybersecurity challenges that a new generation of connected devices creates for equipment manufacturers and equipment owners, click HERE to download a complimentary copy of, “Cybersecurity and the IIoT – how equipment manufacturers can protect device data in an increasingly insecure cyber landscape.”

Remote workers create demand for remote access of devices

With many nonessential businesses and industries being asked to close by state and local governments, there has been a massive spike in the amount of Americans working from home. 

While we’re starting to see a number of states begin to ease away from that guidance and those restrictions and put their citizens back to work, there are many states that could keep these policies in effect for a number of months into the future.This great telework experiment that has been happening across the nation could have lasting impacts on our country and how it works. According to a recent survey of CFOs by the analyst firm, Gartner, approximately 74 percent of the executives polled are looking to have at least 5 percent of their previously on-site staff continue working remotely in the future.

However, these exciting new telework trends simply don’t apply to everyone. There is a large population of Americans that are deemed “essential” by their employers because they need to be on-site, managing and maintaining important commercial and industrial equipment and devices. But that, too, could be changing.

Customer demand for Internet and cloud-enabled IIoT devices with the capability for remote access are forcing many equipment manufacturers to embrace the new technology, which could have far-reaching effects on what it means to be an essential worker.

To learn more about these new technologies and how prevalent they’re becoming in the commercial and industrial equipment industry, we recently sat down with Richard Theron, a Product Manager at cloud gateway solution provider, Sierra Monitor,.

Here is what Richard had to say:

We’re seeing a disproportionate amount of Americans needing to work from home right now. What about folks that have to manage and maintain important infrastructure and essential equipment? What kind of flexibility do those individuals usually have?

Honestly? None, or very little. For many of the facilities and maintenance people that are responsible for overseeing commercial and industrial equipment and devices, there really is no other choice than to be onsite. They need to be there to identify problems, troubleshoot problems, if possible, and then engage with the equipment manufacturer if additional support is needed.

In fact, there are really two groups of people that have to be onsite. The first are the maintenance teams and facilities teams for the equipment owners. But often, if they need further assistance, they’ll reach out to the equipment manufacturer for help. The manufacturer will then roll a truck to repair that equipment. This means that even more essential employees are onsite. Ultimately, commercial and industrial equipment and devices are necessary to keep business moving. And every company in every industry, essential or otherwise, relies on it. The people that those companies rely on to keep things running are often asked to work onsite, even if much of the remaining workforce is working remotely.

Today, we can lock our car doors from another continent or change the temperature in our homes while we’re on vacation in another country. Why isn’t this kind of remote access and management also available in commercial and industrial equipment?

Richard Theron: That functionality is actually available for commercial and industrial devices. At least, it can be. It’s possible. The technology is available, but the adoption of the technology is really just beginning.

The good thing for essential workers is that the adoption of that technology is accelerating. Each month we see a larger ecosystem of commercial and industrial equipment and devices emerging that are able to be accessed remotely and managed remotely via smartphone or other Internet-connected device.

What is driving these equipment manufacturers to make their devices capable of being accessed and managed remotely? Also, you said that the ecosystem of cloud-enabled, remote access-capable devices is increasing, but how prevalent is it really?

It’s becoming pretty prevalent across a number of industries. And, while not all manufacturers are on board yet, they’re going to be soon, because they have to be.

For the early adopters of remote access, it was a competitive advantage. They were able to tell their customers that their employees could monitor and manage their devices remotely, which was a very intriguing and enticing capability to offer.

Over time, more and more customers started demanding remote access because they knew it was available and it gave their employees more flexibility while also making them more efficient. Now, the equipment manufacturers that were slow to embrace remote access are scrambling to catch up to their competitors and to meet customer demands for the technology.

But that’s really just one part of the equation. The demand signal for remote access is really coming from both the customer and from within the manufacturer, itself. That’s because remote access can benefit the manufacturer, as well. To learn more about the benefits of cloud-enabling commercial and industrial devices, click the image above to download a complimentary copy of, “The HVAC as a Service Revolution.” 

By enabling remote access and monitoring of devices, the manufacturer can offer better, more proactive support to their customers. They can roll better-equipped and prepared service trucks. They can even use the device data to improve their equipment sales and to help sell service contracts. It lets them better utilize internal resources, better serve their customers, and generate extra revenue.

How difficult is it for a device manufacturer to make their new devices capable of remote access? What about older, existing devices? Can they be cloud-enabled?

It’s not difficult at all,it just requires the addition of a cloud gateway. It’s a simple addition to the product line. In fact, many manufacturers are already implementing gateways into their devices to enable them to connect to building management and building automation systems.

By using a gateway that also enables connectivity to the cloud, they can make their devices connect to building management and the cloud, making it possible to access their devices remotely. 

Gateways aren’t just capable of cloud-enabling new devices. An older device that never connected to the Internet could have been remote access enabled via a cloud gateway.

What kind of capability would cloud-enabled devices enable? What could you conceivably do to them remotely? What kind of device data could you harvest? How could this help ensure that more people could stay home?

One of the most important capabilities is remote monitoring, watching a device’s status, and being able to access device data remotely. What’s most exciting about that is, once you have the ability to monitor a device remotely, you can enable more predictive maintenance.

For example, let’s say you’re monitoring the power consumption of a device and you see that the device’s power consumption is going up, there is a chance that the motor is wearing down or there is something else going wrong. If we can see how much energy that motor is drawing, we could see that something is wrong and get someone out there to fix it before it breaks.

That level of predictive maintenance is important for a number of reasons. Think about a boiler in a hospital. Hospitals can’t function without hot water. If we can see the device data and see that the water pressure and temperature is dropping, it tells us that there is a problem. We can then look at the data to make a diagnosis, determine what is wrong, and get it fixed before it breaks, leaving the hospital without hot water.

That’s only possible if we see those red flags. And we can see those red flags anywhere and at any time if we can monitor devices remotely.

Another capability is remote management. Imagine being able to push a firmware update to a device, or to every similar device, all at once and from a remote location. With a cloud-enabled device, as long as you have Internet access, you can push those firmware updates to those devices from anywhere without ever having to engage with the device.

We’ve seen something similar and very exciting in the lighting industry, where some manufacturers are remotely configuring new devices as soon as they’re plugged in and connected to the Internet. This means that the person doing the installation doesn’t need to know anything about the device or how to configure it, it’s all done by the experts that know the device the best,the company that manufactured it.

All of these remote capabilities are possible. But only if the devices are cloud-enabled.

In part two of our two-part conversation with Richard, we’ll look at how enabling remote access also creates security vulnerabilities for devices, and what manufacturers can do to mitigate the problem.

To learn more about the benefits of cloud-enabling commercial and industrial equipment, click HERE to download a complimentary copy of the, “HVAC as a Service Revolution,” eBook. 

Now is the time for manufacturers to invest in product portfolios

With nonessential businesses shuttered, travel halted for most Americans, and folks being asked to avoid gathering in groups larger than ten, many companies are feeling financial pain. In fact, recent unemployment insurance claims have increased exponentially according to the U.S. Department of Labor and much of that is probably due to layoffs in the retail, hospitality and travel industries.

Unfortunately, many experts are predicting that this is just the tip of the iceberg, and that,in the coming weeks and months,we could see the jobless numbers escalate and the economy continue to crumble. The result could be years of economic growth and increases wiped away in a manner of mere months.

But what does that mean for equipment manufacturers?

When people see that the retail, hospitality, and tourism industries are hurting, they probably don’t realize the impact that it will have on the economy as a whole. These things have a tendency to trickle down and spread throughout the economy. With people out of work, new HVAC units and other devices will likely become a luxury. Simultaneously, companies that have seen their revenue dry up in the past month will be hesitant to spend on commercial and industrial equipment. This could have an impact on the revenue of equipment manufacturers in the foreseeable future.

In times like these, when revenues dry up and the economy goes south, many companies have a tendency to try and cut everything that isn’t essential to shore up their business and survive the downturn. Often, that means slashing marketing spending, advertising dollars, nonessential programs, and cutting back on research and development. But that last one is a mistake.

We’ve been here before. Relatively recently, in fact. We’re just about a decade removed from the Great Recession, which saw the global housing market collapse and a number of financial institutions, car companies, and other organizations either fold or get bailed out by the government. While the cause of this economic downturn is both completely different and unprecedented, there are lessons that we can take from that situation and apply them to today.

What could be the most important lesson is to fight the urge to slash R&D and product development. Why? Because all economic downturns ultimately end and the companies that invest during the downturns are the ones best positioned to secure market share when they do. 

Let’s take a look at a Harvard Business Review article that was published in 2009, the height of the Great Recession. According to authors David Rhodes and Daniel Stelter: 

Investments made today in areas such as product development and information or production technology will, in many cases, bear fruit only after the recession is past. Waiting to move forward with such investments may compromise your ability to capitalize on opportunities when the economy rebounds. And the cost of these investments will be lower now, as competition for resources slackens.

The article then provides two excellent examples of companies that invested in their product portfolios during downturns only to come out ahead. The first was French pharmaceutical company, Sanofi-Synthélabo. The company maintained,and in some cases increased, R&D spending during the downturn in the early 2000s, which resulted in the strong business and financial performance that enabled them to acquire Aventis when the economy rebounded in 2004. The other example was global technology juggernaut, Apple, which increased R&D spending during the same downturn. This led to the company introducing iTunes in 2003 and the iPod Mini in 2004, both of which helped spark its period of rapid growth. And we all know where Apple is today.

It’s clear that the equipment manufacturers that invest in their devices and products will be the ones best prepared to capture market share when the economy rebounds, but where should they focus their time, dollars and efforts? The industry trends point towards increasing customer demand for smarter and more connected devices. This demand has only increased as employees have been forced to work from home.

Today’s equipment owners are demanding smarter, more automated devices capable of operating and being managed as part of a system. They’re also demanding the ability to harvest device data, analyze it and use it to make informed decisions. They want devices that can be managed from a single pane of glass or managed remotely to empower a more distributed workforce.

Then there are service offerings. Equipment owners understand the value that they can receive by paying for equipment manufacturers to monitor, optimize, and maintain their devices as a service. They recognize that the manufacturer is the best person to do so and can see the ROI that they’ll receive from installing smarter devices that can be optimized to peak performance and efficiency by their manufacturer.

The equipment manufacturers that come out of this impending downturn with the ability to offer those services will have the advantage. They’ll also have the added revenue from their service offerings to help spark their growth. Those manufacturers selling devices that are simply incapable of being managed, monitored, and maintained remotely will see their market share continue to shrink.

History is a great educator, and while this impending economic downturn is different from the downturns in the early 2000s and the Great Recession, there are lessons that we can learn from the companies that went into those downturns facing tumbling revenues and emerged stronger on the other side.

Equipment manufacturers should take notice, and use this time to make their products smarter, more connected, and cloud-enabled. It may not make them the next Apple, but it will introduce new revenue streams and leave them better prepared to compete and grow when the economy rebounds.

To learn more about the benefits of cloud-enabling commercial and industrial equipment, click HERE to download a complimentary copy of the, “HVAC as a Service Revolution,” eBook. 

How the secure gateway could be a solution for IIoT security

In previous articles, we dove head-first into the issue of IIoT security. We discussed why malicious actors would possibly want to hack an IIoT device and looked at the increasing sophistication and cooperation that we’re seeing from the cyberthreat ecosystem. Then, we talked about why that’s a problem for equipment manufacturers, in particular, and how new legislation could put pressure on them to address that challenge sooner rather than later.

While you can go back and read those IIoT security articles, what we effectively detailed was a convergence of factors that make the hacking of industrial and commercial equipment increasingly profitable to cybercriminals, resulting in an increased need to take the security of those devices more seriously. We then explained that equipment manufacturers are more focused and equipped to make an effective device than a secure one. 

It wasn’t a shot at the hard-working equipment manufacturers and OEMs making incredible boilers, elevators and other industrial and commercial devices, I was simply speaking the truth. When someone’s experience and expertise is making a boiler that’s better than any other at heating water, they’re most likely not an experienced cyberwarrior as well.

How can these equipment manufacturers, the incredible boilermakers, and elevator builders, and commercial refrigerator manufacturers, make their devices more secure when they’re not cybersecurity professionals?

Let’s first talk about how these IIoT security vulnerabilities are coming into being, and then we can look at how one of the tools creating these vulnerabilities can also help to eliminate them.

From individual device to susceptible system

Connecting commercial and industrial equipment isn’t a new concept. There has been a movement to make individual devices more connected and make them work together as a system instead of dedicated machines since the late 80s and early 90s. 

The early connected devices were just connected locally, within one physical location. This made them relatively low-security risks since you’d have to physically be onsite and interact with the device directly to make changes or cause problems.

That’s not the case anymore. Today, equipment owners want equipment manufacturers to connect devices to the cloud. How can incredible boilermakers make their devices more secure when they’re not cybersecurity professionals? The same devices that they rely on to connect to the cloud could hold the key. 

By connecting devices to each other and to the cloud, the equipment owners gain new and incredible capability and functionality. Now they can monitor the device or system of devices from anywhere. They can change settings on the devices or systems from anywhere. 

Now a problem with a piece of equipment is no longer a surprise since the device was being monitored for red flags. A device that needs to have a setting changed or optimized no longer requires a dedicated trip to the worksite, plant or factory. The manufacturer can play a larger role in helping to optimize their installed equipment and provide proactive maintenance since they can monitor their installed devices remotely.

It’s this cloud connectivity that’s opening the door to these advanced capabilities. While the cloud connectivity is holding that door open, it’s a security vulnerability that allows malicious actors to sneak through, undetected.

To make these devices more connected in the first place, equipment manufacturers have traditionally turned to a particular tool, gateways. These gateways are platforms that can be integrated into devices, new and old, to make them talk to each other via a number of different protocols, the most widely known of which is BACnet

Utilizing these gateways kept device manufacturers from having to bake connectivity into their devices, saving them time and money by effectively outsourcing something that wasn’t core to their business and expertise. Now, they’re turning to a new generation of these gateways to deliver cloud connectivity, as well. This makes the gateway the source of their security vulnerability, but it doesn’t have to be.

Not just a standard gateway – a secure gateway

As gateway providers increasingly incorporate cloud connectivity into their solutions, some are beginning to wake up to the vulnerabilities that they’re creating for their customers. Smart gateway providers are starting to take security seriously and work to ensure that the gateways that they provide, and the device cloud solutions that they offer, are secure.

It’s smart that equipment manufacturers turn to gateways and gateway providers to make their devices more connected. It outsources something that’s not in their wheelhouse. Introducing the cloud into the equation means that there’s now something else that manufacturers need to look for when they’re identifying which gateway solution to utilize.

When equipment manufacturers choose a gateway provider, they need to take time to ensure that security, and not just connectivity, is baked in. They need to know if they’re choosing a secure gateway, one with cybersecurity certifications and considerations incorporated, or if they’re choosing just some standard gateway solution.

To make that happen, here are three things that equipment manufacturers should be asking of gateway providers when doing discovery and due diligence:

Do they view security as an add-on, or as a core part of their solution?
Have they worked to get the proper security certifications for their products and solutions?
Have they worked to engage with testing firms and organizations that test equipment for cyber vulnerabilities to ensure that their devices are, in fact, secure?

If a gateway provider can answer confidently that security is baked into their solution, that they’ve pursued the proper cybersecurity certifications and that they’ve independently worked to have their solutions tested and approved by organizations that exist to find vulnerabilities in devices and applications, then an equipment manufacturer can feel good about implementing their solution. In that instance, they’re effectively outsourcing both the connectivity and the security of their devices to a company that is more qualified to handle it. 

If they can’t answer those questions confidently, there’s a good chance that their solution will outsource the connectivity part of an equipment manufacturers cloud conundrum – but will only function to create cybersecurity vulnerabilities for their customers in the future.

The threat of malicious actors hacking commercial and industrial equipment isn’t an imagined one. The future could very well see factories, office buildings, and other workplaces physically shut down and held for ransom if equipment manufacturers don’t start to take security seriously. Luckily, if manufacturers choose the correct gateway provider, they can effectively outsource connectivity and security, and ensure that their products are secure for their customers.

OEMs and cyber – it’s time to get serious about IIoT security

In our last article, we took a detailed look at the rise of ransomware and talked about the current cybersecurity threat landscape. We also discussed the Industrial Internet of Things (IIoT) and talked about whether connected industrial and commercial equipment is really a cybersecurity threat. 

We concluded that the potential benefit to cybercriminals was too high to simply ignore connected equipment as a target, or as a potential entryway into networks.  

The fact is, commercial and industrial equipment is necessary for companies to operate and employees to do their jobs. Bringing equipment to a stop can have significant ramifications on a company, making it very profitable to hold equipment for ransom. At the same time, lateral movement across a network from a connected device or system can also lead to the theft of sensitive data and other breaches. 

Now that we’ve established that IIoT security is a real problem, let’s talk about why it’s a hard one for OEMs to solve.

More boilermaker less cyber warrior

When you’re looking to build a great boiler, you’re looking to create a device that heats water as efficiently and effectively as possible. A good boiler, a real top-notch piece of equipment, will require the least amount of energy possible to take water up a single degree. That’s what boiler companies are completely focused on. The same thing can be said about HVAC companies. And refrigeration companies. And elevator companies. And wastewater centrifuge companies. Companies in these market segments and industries are focused on making their devices the best and most effective at their jobs. They’re looking to increase efficiency, make them more effective and make the jobs of the owners and operators of their equipment easier. 

The individuals that are designing and building these devices understand the physics and calculus of cooling a room, boiling water or getting people up a story in a building without them having to take the stairs. But their industry and solutions are changing. 

If you go back just ten years, maybe these devices had a small microprocessor installed in them to make them smarter and easier to operate. That device and the primitive computer in it had a security perimeter that encompassed the physical area around it, or the building that it was in. But that’s not the case anymore.  

As customers began to demand smarter, more connected devices, these companies found themselves forced to keep up with the demand or risk falling behind. Today, everything is connected and that equipment is so much smarter. The power and capability of the equipment is greater because of that connectivity, but it’s also more vulnerable. 

Unfortunately, the companies making that equipment are thinking more about the capabilities that they can bake into their equipment than the vulnerabilities they create. IIoT security is an afterthought. 

Worse, they’re not really a computer company or an IT company. They’re old school manufacturing companies. They know boilers. They know elevators. They know the most minute detail about their equipment from a mechanical standpoint. They’re rock stars at boiling water. But they’re not cyber warriors.  

While these equipment manufacturers are checking off the “connectivity” box because their customers demand it, they’re creating IIoT security vulnerabilities that they’re not thinking about or prepared to handle. They’re just putting an Ethernet port on their controller and opening a cybersecurity black hole. But they’re not ready for the bad things that could come through it. 

That’s about to become a real problem because the government is about to up the ante on IIoT security.

Legislation about device fortification 

The federal government, particularly the military, is a major customer for device manufacturers. Just think about every piece of equipment that the government buys and installs in all of its federal office buildings, military bases and facilities.

It could soon become impossible for OEMs to sell their devices to this very important customer if 34they’re not taking their device security seriously.  

Senate Bill 734, the Internet of Things Cybersecurity Improvement Act of 2019, was introduced in the Senate in March of this year. Its fate is still undetermined since the full Senate has yet to vote on it. However, there is companion legislation in the House of Representatives and both bills, the Senate and House bills, have bipartisan support.

This legislation would require the National Institutes of Standards and Technology to, “…develop recommendations for the appropriate use and management of IoT devices owned or controlled by the government, including minimum information security requirements for managing cybersecurity risks” by March of 2020. The legislation would also require the Office of Management and Budget to, “…issue guidelines for each agency that are consistent with such recommendations.” 

The point of the legislation is to ultimately create cybersecurity standards that IoT device manufacturers must follow if they’re going to sell to the federal government. Common sense would dictate that those same rules would apply to other connected devices, including IIoT devices. 

That means that a very lucrative and large market could close to the equipment manufacturers that make connected devices with no thought to their security. Lost opportunities to sell to the federal government are just one negative side effect of forsaking security considerations on connected IIoT devices. Starting in 2020, companies could become liable for damages in California if their insecure IIoT device results in harm to its owner or operator.

California Senate Bill No. 327, which was passed in August of 2018 and signed into law by Governor Jerry Brown, requires that all IoT device manufacturers, “…shall equip the device with a reasonable security feature or features.” That mandate will take effect on January 1, 2020. 

While California may be the first state to pass such legislation, they aren’t likely to be the last. Privacy concerns have followed closely behind as “smart homes” and other connected devices have made their way into the living rooms of average Americans. These calls for privacy and security legislation have only been amplified as stories about devices eavesdropping on their owners have popped up in the news. 

People and companies are increasingly understanding the importance of security. And they’re beginning to demand that the companies making smart and connected devices take their privacy and security seriously. In this environment, it’s only a matter of time before “securing smart devices” bills make their way into every statehouse across America. That’s when OEMs are going to really have to get their acts together on security.

In our next article, I’ll take a detailed look at some of the ways that device manufacturers can easily embrace a more secure approach to connected devices.