Safeguarding Smart HVACR Systems

Integrating IoT and Keeping Things "Just Right"

17 May 2016

As the Internet of Things (IoT) becomes more common in our everyday lives, it’s no surprise that the HVACR industry has started to integrate wireless technology for more efficient operations, convenience and control. By 2019, it’s expected that nearly 40 million households in North America and Europe will use smart thermostats. With this growth, it’s important to ensure these devices are tested and verified to help guard against potential problems.

IoT integration offers many benefits to HVACR systems: remote access, real-time updates on system performance, zone-based activation to reduce usage and costs, and alerting users to issues, among others. However, as with all smart devices, products must be vetted for potential problems, including cybersecurity issues, software malfunctions and interoperability problems.

Cybersecurity: This is, perhaps, one of the greatest concerns for IoT integrated HVACR products. Anyone with access to the system should have access only to whatever is absolutely necessary, nothing more. This will help prevent people from using the HVACR system to gain access to restricted information or overloading the system, making it non-functional. Hard coding should be avoided and unique credentials given to each particular unit. It’s also important to isolate each system to better protect against isolated attacks leaking into other areas. Also, consider that smart thermostats may be connected to a Wi-Fi network that is publicly accessed, which makes requiring a username/password and password all the more critical.

Interoperability: All products and devices in an IoT ecosystem must be interoperable in order to run smoothly, so performing testing on the sub-system/module level is critical. In an IoT environment, there could be several hundred connections all supporting different protocols. Smart HVACR technology must have the capacity to function in these circumstances, so testing in “real world” environments is a must.

Software: Many manufacturers will choose to integrate off-the-shelf software solutions in order to save both time and money; however, the manufacturer will ultimately be responsible if there are any software issues. Manufacturers should carefully vet their potential off-the-shelf partners by looking at their track record on addressing security updates and how they support their developer channel. Additionally, in real world environments, devices can experience unexpected consequences during software updates, so it’s important to plan ahead in order to better manage the risks.

Hardware: It is important to ensure that all hardware is functional and interacting properly with all software. Testing the unit itself, as well as all the components within it can help ensure everything is in working order. It is particularly important to ensure that HVACR systems are not rendered inoperable due to faulty interactions, to ensure continued service for the end-user.

Planning ahead and considering risks while developing products can greatly reduce the risks that smart HVACR products may encounter. Testing and verification can play an important role to ensure the continued security, reliability and optimal functioning of IoT integrated products. For more information on HVACR and IoT, download our free white paper.

As a program manager at Intertek, Delmar Howard helps to create and manage mobile application testing programs and has been directly involved in the design and implementation of several certification programs within the mobile and wireless industries. He is based in Intertek’s Blue Bell, Pennsylvania facility. And with more than 37 years of experience, Byron Horak’s responsibilities include developing and maintaining facilities and staff to stay on the cutting edge of the HVACR performance testing industry. Current activities include participation in four ASHRAE SPCs, three ASHRAE TCs, 5 ISO WGs, and Secretariat of IEC SC61D Subcommittee for Appliances for Air Conditioning for Household and Similar Purposes IEC Standard 60335-2-40.