Newsletter – June 2017

THIS MONTH…..

• TRENDS
• EYE CATCHING
• FIRMWARE
• THERMOSTAT DEVICE OPTIONS
• WORK PACKAGE PHASES
  
• PROJECT NEEDS
  
• EXISTING CODE
• LASTLY

TRENDS

United States Electricity Price per KWH
Present and Past

EYE CATCHING

Demand Response
An article sharing Honeywell is now providing three utilities with Smart Grid services. An article last fall considered if the time has come to deregulate all electric utilities. Deregulation proponents argue industry deregulation is the best way to lower costs and increase innovation. Deregulation antagonists argue the evidence so far shows little benefit to customers. An article sharing Schneider Electric has sold their data-software unit called DTN for $900 Million USD. An article sharing the search to find the balance between temperature and humidity in an office has resulted in cubicle area managers funding internal payments for immediate changes to HVAC settings. A survey of consumer perspectives regarding their Smart Grid interests revealed respondents cared primarily about saving money through time-of-use pricing in a Demand Response relationship with their utility provider.

Adoption of the Smart Grid is being driven now by customer financial capital savings. There is more interest to save money than address widespread environmental impact. The Demand Response model is advancing without concern for cyber security, as we identify in the following sections of this newsletter edition.

Smart Grid – Security
An article reporting the United States has tasked the Pentagon with the responsibility to protect the electric grid from attack by a cyber attack or atmospheric nuclear blast. The Pentagon has tasked the Rapid Attack Detection, Isolation and Characterization Systems (RADICS) to lead the protection effort. An article last year provided a thorough explanation of the smart meters in use today. An article sharing the United Kingdom placed their airports and nuclear power stations on terror alert from a credible cyber-related threat. An article sharing energy executives are pressing government agencies for more security clearance to fight cyber-related attacks on energy-related infrastructure. An article sharing United States lawmakers call for a pilot program to test for energy sector vulnerabilities.

The energy generation and distribution leaders, along with both lawmakers and defense department officials, are stating it is unsafe now to connect the national electrical grid to Demand Response by way of the Internet. It is difficult to believe an unsafe connection to the Internet will bring a good result. Good, meaning non-harmful to personal safety nor cause unnecessary risk.

Unlike
The argument supporting the position accessing the Smart Grid by using a mobile device application is no different from accessing a financial institution such as a bank by using a mobile device application is an uninformed debate. If all software applications were the same, then there would be no reason for software security. The GNU remotecontrol team considered this argument and found many differences between mobile device applications involving both the Smart Grid and financial institutions.

First, defense officials, industry executives, and lawmakers stated above it is not possible to defend the Smart Grid from cyber-related attack. Second, the United States Federal Reserve has accumulated substantive information regarding electronic, mobile and online banking. Third, they offer a course called E-Banking/Mobile Banking providing “a detailed understanding of the technologies and risks fundamental to electronic banking (e-banking) and mobile banking.” Fourth, they provide their annual Consumers and Mobile Financial Services, last posted March 2016, describing “consumers’ use of mobile financial services”. Finally, the United States Federal Communications Commission warns against “mobile wallet services to conduct financial transactions over an unsecured Wi-Fi network.”

GNU remotecontrol does not find within the Smart Grid industry today regulation of any mobile device access to the Smart Grid. Neither do we find Smart Grid members are under a statute to safeguard against the security concerns identified by both the Federal Reserve and the Federal Communications Commission. Finally, we see no evidence either network connected HVAC (smart) thermostat manufacturers or software applications communicating with smart thermostats are bound by the statutes found in the banking industry.

Our conclusion is using a mobile device application involving the Smart Grid is not the same as using a mobile device application involving banking. They are dissimilar, discordant, incompatible, and unrelated. The GNU remotecontrol interface is a web application. GNU remotecontrol relies on OS file access restrictions, Apache authentication, MySQL authentication, and SSL encryption to secure your data. A mobile application is “an application software designed to run on mobile devices such as smartphones and tablet computers.” The security model used in a mobile application is not the same security model used in a web application. Both models are software based, but they are nowhere near the same code design. We agree web application security is a concern, but hold the position web application security has a much lesser risk of compromise than mobile application security. This position could change in the future, but we do not see this change occurring in the foreseeable future.

Factorial Facts
The GNU remotecontrol team considered at the beginning of the software project, over a decade ago, the multiple interfaces required to achieve Demand Response with the Smart Grid using a smart thermostat. The rising interest to access a smart thermostat by a third party involving a cellular network introduces a security concern. The cellular network accessing the Smart Grid could advance any cyber attack. Consideration of factorial evaluation reveals there are many interfaces involved from the perspective of role-based access control.

A factorial calculation of a non-negative integer n denoted by n! is “the product of all positive integers less than or equal to n.” A dominant benefit of a factorial calculation is discovering how many arrangements, what we identify as relationships, exists within a distinct list of objects, items, or any other unique entity. Let’s consider a simple example of only the service providers involved with Demand Response.

(1) Electricity Utility provider
(1) Demand Response service provider

n = 2

2! = 2 x 1 = 2

This example has two different relationships occurring simultaneously. Let’s now add in the Cellular Phone service provider. The number of relationships is more than doubled.

(1) Electricity Utility provider
(1) Demand Response service provider
(1) Cellular Phone service provider

n = 3

3! = 3 x 2 x 1 = 6

This example has six different relationships occurring simultaneously. Each relationship must always be secure not to suffer nefarious activity to the smart thermostat. Let’s now consider the addition of the smart thermostat’s manufacturer accessing the thermostat.

(1) Electricity Utility provider
(1) Demand Response service provider
(1) Cellular Phone service provider
(1) Smart Thermostat’s manufacturer

n = 4

4! = 4 x 3 x 2 x 1 = 24

This example has twenty-four different relationships occurring simultaneously. This amount is a staggering number to believe all relationships will operate without compromise. Finally, let’s add in an application installed on the mobile device to accomplish real-time communication with the smart thermostat owner leveraging Demand Response from the Electricity Utility.

(1) Electricity Utility provider
(1) Demand Response service provider
(1) Cellular Phone service provider
(1) Smart Thermostat’s manufacturer
(1) Demand Response software application

n = 5

5! = 5 x 4 x 3 x 2 x 1 = 120

This example has one hundred twenty different relationships occurring simultaneously. The different providers must work with a clear plan of operation to achieve their objective successfully. It is difficult to believe the Smart Grid today is ready for this operational complexity.

The articles sharing the Pentagon has only recently tasked RADICS to lead the protection effort against attack by a cyber attack, energy executives are pressing government agencies for more security clearance to fight cyber-related attacks on energy-related infrastructure, and United States lawmakers call for pilot program to test for energy sector vulnerabilities collectively proves there is no widespread confidence the Smart Grid can defend against energy sector vulnerabilities. This conclusion is supported by the statement of defense officials, energy industry executives, and lawmakers. The Smart Grid today is not ready operationally for Demand Response involving real-time customer input to either accept or reject time-of-use pricing offers.

FIRMWARE

We shared in our March 2017 newsletter edition we have elevated our firmware work to a dedicated section in our newsletter. GNU remotecontrol shared in 2016 we have entered the firmware aspect of the smart thermostat. We now share publicly for the first time our specific plans to accomplish building our virtualized smart thermostat.

Our build plans are pretty simple. First, we select a kernel. Second, we select what applications we need to use in our firmware. Third, we add our original code for thermostat functionality to the kernel and applications. Finally, we build the kernel, applications, and our original code into a portable container, a hypervisor, for ease of usage. We have selected VirtualBox as our container for portability. We can easily scale multiple virtualized thermostats once our work is in a portable container. This approach should accelerate further development efforts, as obtaining the virtualized smart thermostat is much less effort than compiling the source code. We then refine our virtualized smart thermostat and develop our work to live on a circuit board within a smart thermostat. Our kernel consideration is down to two kernel options.

Option 1 – CoreOS
CoreOS has a feature-rich offering. We see much active development in the CoreOS project. We do not believe we will need all of the CoreOS source code to build our virtualized smart thermostat.

Option 2 – libreCMC
libreCMC also has a feature-rich offering. We do not see as much active development in the libreCMC project as we do in the CoreOS project. We are uncertain if we will need all of the libreCMC source code to build our virtualized smart thermostat.

We are struggling to reach a decision of which kernel to select. We may select both kernels if we have the developers to do the work. Comparing the strengths and weaknesses of CoreOS to the strengths and weaknesses of libreCMC has consumed much of our time and effort. Talk to us if you would like to participate in this new part of the GNU remotecontrol framework.

THERMOSTAT DEVICE OPTIONS

We shared in our March 2017 newsletter edition of our new section to both identify and discuss available Smart Thermostat options in consideration with internationally accepted technology standards. This section provides insight into each offering as new information becomes available. We add Ecobee this month to our list of smart thermostat device options.

Ecobee
The Ecobee product line is owned by Ecobee. Their API seems impressive initially, but a deeper review finds they only use an HTTP-based interface for accessing their thermostat device. They have an authorization token and PIN model for device authentication. They do offer https with their Authorization Code Authorization Strategy. Ecobee integrates with Amazon Alexa, Apple HomeKit, Control4, Haiku Fans, IFTTT, Logitech Harmony, Samsung SmartThings, Vera, and Wink. Ecobee has external sensors connecting to their thermostat by an uncertain type of wireless connection.

A recent article claims the Ecobee offering is the best smart thermostat on the market today. This milestone takes Nest out of first place, a position Nest has held for just over the past five years. Ecobee is indeed the most feature-rich smart thermostat offering in the marketplace today.

Wired Access: No
Wi-Fi Access: Yes
ZigBee Access: Yes
API: Yes
License: Proprietary

Nest
No new findings.

Sensi
No new findings.

Carrier
No new findings.

Honeywell
No new findings.

WORK PACKAGE PHASES

GNU remotecontrol accomplishes productive work output through structured work packages. This approach helps to organize our efforts and keep things on track to achieve publishing our work. We have ten different phases for our work packages.

GNU remotecontrol Work Package Phases

Order	Label	Name
1	REQ	Requirements
2	DSG	Design
3	DEV	Development
4	UNT	Unit Testing
5	SYS	System Testing
6	UAT	User Acceptance Testing
7	DOC	Documentation
8	RLS	Release
9	TRN	Training
10	SPT	Support

The GNU remotecontrol team does not perform any work output outside of structured work packages.

PROJECT NEEDS

Staffing
GNU remotecontrol Project Help Wanted.

New Thermostats
Many people have asked us about adding other types of thermostats to GNU remotecontrol. There are three questions that need to be answered before we can offer GNU remotecontrol support for any IP thermostat. These questions are:

• How to CONNECT to it (NETWORK).
• How to READ from it (CODE).
• How to WRITE to it (CODE).

It is our hope to have dozens and dozens of thermostat types that work with GNU remotecontrol.

EXISTING CODE

Bugs
We have 0 new bugs and 0 fixed bugs since our last Blog posting. Please review these changes and apply to your GNU remotecontrol installation, as appropriate.

Tasks
We have 0 new tasks and 0 completed tasks since our last Blog posting. Please review these changes and apply to your GNU remotecontrol installation, as appropriate.

LASTLY

Whatever you do…..don’t get beat up over your Energy Management strategy. GNU remotecontrol is here to help simplify your life, not make it more complicated. Talk to us if you are stuck or cannot figure out the best option for your GNU remotecontrol framework. The chances are the answer you need is something we have already worked through. We would be happy to help you by discussing your situation with you.

…..UNTIL NEXT MONTH!

Why the Affero GPL?