ScienceScope advance building management systems (BMS) and reduce energy consumption by 30-40% with CHERI

Article type: Case study
author Digital Security
by Design

ScienceScope is an education technology company, leading the development of digital skills and Internet of Things (IoT) within education.  As suppliers of accessible IoT energy-monitoring systems, the company’s vision is to empower schools and educational institutions across the UK with cutting-edge IoT technologies to provide real-time insight into energy consumption.

Developing retrofit BMS to bring the latest technologies to older and outdated buildings. 

Designed to monitor and manage facility systems, building management systems (BMS) deliver a shared view of facility operations, from lights, power, ventilation and heating, to access control and fire safety systems. 

Many educational establishments are housed across older buildings without control systems or operate with very basic BMS. Schools are well known for high levels of energy wastage – a problem that is difficult to monitor and often escapes detection, due to outdated systems.

Updates are also complex. For security, the majority of systems are closed, making it difficult to integrate additional hardware, even for basic upgrades.

ScienceScope joined DSbD’s Technology Access Programme to advance its retrofit BMS and support future bids. 

The Digital Security by Design (DSbD) Technology Access Programme (TAP) provides UK-based companies access to the Arm Morello board, a real-world test platform that adopts the hardware concepts of Capability Hardware Enhanced RISC Instructions (CHERI), developed jointly by the University of Cambridge and SRI International to dramatically improve system security. With access to the Morello board, CHERI stack, and the technical support to trial these technologies, companies can harden their own application code against unsafe memory access, resolving potential exploits, while helping to influence the development of CHERI features.

“Our hypothesis was to investigate whether energy consumption could be reduced by implementing a retrofit BMS, with the high level of capability and security that Morello/CHERI offered,” explained Joshua Wright, Product Development and Technology Manager at ScienceScope.

As a use case, ScienceScope designed a system to monitor the electrical usage of a swimming pool in a private school, aiming to reduce energy consumption during daily operations by 30-40%.

The system was developed to operate locally within the school network and regularly upload data to the ScienceScope IoT exploratory platform. Analysis was conducted to monitor usage and inform data-led decisions to improve daily operations.

Utilising the school’s network infrastructure to link sensors to Morello/CHERI, programmable logic controllers (PLC) were deployed, with energy monitoring sensors at the site, using virtual local area networks (VLAN) to separate the system from the existing school network, adding layers of security. 

Porting to CHERI helped uncover issues in their system code, which they were able to fix and improve upon, and likely mitigated the potential for various attacks, such as intercepted transfer and data breaches. ScienceScope also conducted simulated attacks, which they reported to have failed as a result of CHERI’s protection models.

Due to the numerous dependencies required, the data exchange between Azure and CHERI proved challenging until an approach using Client for URL (CURL), supported by the DSbD team, successfully returned data to ScienceScope’s IoT exploratory platform. 

As a result, a retrofit building management system was developed and installed onsite, to capture energy data, enable controls to turn equipment on and off based on swimming pool use, and spread the load between pumps in case a pump failed.

Turning equipment off when not required, reduced energy consumption by 33%, resulting in potential annual savings of £4,700.

In addition to technical support, the programme also provided the ScienceScope team with valuable knowledge and the opportunity to network and share information. According to Joshua Wright, “We learned a great deal about the latest innovations in cyber security, including current and future threats along with potential changes of future hardware needed to counter and protect from new and emerging threats.”

"ScienceScope has already planned an additional development phase after the conclusion of the Digital Security by Design Technology Access Programme. This deployment would involve the full implementation of Azure SDK C with pure-capabilities."

Following the programme completion, additional installations are being conducted in ScienceScope’s partner school, to develop additional control systems and reduce energy consumption.

Another aim is to implement boiler controls with temperature compensation, using existing weather data alongside weather predictions from external sources. 

“Providing initial access to leading-edge hardware and facilitating continued use after the project conclusion is invaluable, allowing for longevity and further development of projects, rather than being shut down or archived once the programme has completed.”

For ScienceScope, the outcomes of this project will prove valuable in future bids, to help access additional funding in education and extend energy management solutions into smart cities.

About ScienceScope

ScienceScope is a premier leader in designing and supplying state-of-the-art school technology and science equipment. ScienceScope’s dedication to fostering engaging and accessible science and technology education spans across all levels of learning.

Web address:

LinkedIn: ScienceScope

X: ScienceScopeIoT

Sign up to the newsletter

Sign up to the Digital Security by Design newsletter to stay up to date with our events, news, insights and opportunities. Be the first to know about our work and ways to get involved.

UKRI DSbD Councils
Website delivered by Digital Catapult as part of the Technology Access Programme, funded by UKRI through the Digital Security by Design Programme