The General Services Administration's (GSA) completed overhaul of the Oklahoma City (OKC) Federal Building has emerged as a reference model for how public-sector agencies can integrate interoperable building systems, navigate complex multi-vendor procurement, and embed operational technology (OT) cybersecurity governance into large-scale infrastructure projects.
Background
The multi-year project, completed in May 2023, transformed the downtown Oklahoma City Federal Building into a grid-interactive efficient building (GEB) through the deployment of nine energy conservation measures (ECMs) and smart building technologies. According to a case study published jointly by the U.S. Department of Energy (DOE) and GSA's Federal Energy Management Program (FEMP), the project demonstrated that GEB-ready strategies can be deployed across federal facilities with relatively limited upfront investment. The renovation incorporated a solar photovoltaic (PV) system, a battery energy storage system (BESS), updated HVAC controls, and advanced lighting controls-all coordinated to enable real-time demand response with the local utility grid.
The project carried broader policy significance: GSA manages a nationwide real estate portfolio of nearly 370 million rentable square feet and oversees approximately $75 billion in annual contracts, making its building modernization decisions a direct signal to the wider federal and commercial built environment.
Details
The project is projected to reduce energy use by 41%, cut approximately 3,100 metric tons of carbon emissions annually, and save around $400,000 per year in energy and water costs. Total funding stood at approximately $11 million, supported by a DOE grant and GSA appropriations. According to the DOE/FEMP case study, the National Renewable Energy Laboratory (NREL) provided technical engineering support, performed energy optimization modeling via its REopt platform, and coordinated contractor training.
The project team implemented nine ECMs, and according to the case study, technology screening followed rigorous cost-benefit analysis-several initially proposed measures, including ground-source heat pumps and high-efficiency condensing boilers, were eliminated because local utility rates made payback periods unfavorable. GSA cited cross-team collaboration among HVAC specialists, electrical engineers, structural engineers, and contract specialists as a critical execution factor.
On the procurement governance side, the OKC project's vendor coordination model has gained renewed relevance as GSA tightens cybersecurity supply chain requirements. In April 2025, GSA released Version 1.1 of its Cybersecurity Supply Chain Risk Management (C-SCRM) Acquisition Guide, which explicitly covers operational technology (OT) and Internet of Things (IoT) devices alongside traditional IT systems, referencing NIST SP 800-161r1 as its governing framework. Separately, GSA introduced a new IT Security Procedural Guide in January 2026 mandating NIST SP 800-171 Revision 3 as the cybersecurity baseline for contractors handling Controlled Unclassified Information (CUI), imposing one-hour cyber incident reporting requirements and requiring CUI security obligations to flow down to subcontractors.
FEMP guidance requires federal energy managers to address OT cybersecurity risk-covering building control systems and SCADA components-within the NIST Risk Management Framework (RMF), with DOE noting that OT systems in federal facilities are "becoming increasingly digital and internet-connected," introducing security risks not historically present in those environments.
Outlook
The OKC project's findings are positioned to inform the next wave of federal GEB retrofits. According to DOE FEMP, the Federal Smart Buildings Accelerator (FSBA), which concluded in September 2024 after promoting smart building technologies across federal agencies, laid the groundwork for further adoption. GSA's Acting Administrator has publicly identified interoperability between agencies and centralized procurement reform as strategic priorities-signals that the vendor coordination and OT security governance lessons from Oklahoma City will be applied at portfolio scale. Procurement specialists note that GSA's stricter CUI and C-SCRM frameworks are likely to raise compliance barriers for building controls vendors seeking federal contracts, accelerating consolidation toward vendors with mature cybersecurity documentation.
Related coverage: Federal Expands Grid-Interactive Buildings Pilot to More Agencies | Federal Agencies Accelerate Adoption of EMIS Across Portfolios
