The U.S. General Services Administration's (GSA) completed grid-interactive efficient building (GEB) retrofit at the Oklahoma City Federal Building has become the primary federal blueprint for open-protocol interoperability, procurement structure, and operational technology (OT) cybersecurity standards across agency campuses nationwide. The pilot's documented outcomes now shape GSA-wide directives and inform how agencies, system integrators, and vendors approach federally funded smart building contracts.
Background
The Oklahoma City project was completed as part of a five-building Utility Energy Service Contract (UESC) with Oklahoma Gas and Electric (OG&E) and energy service company Ameresco, with total project funding of approximately $11 million drawn from a DOE grant and GSA appropriations. According to DOE's Federal Energy Management Program (FEMP), the building is located in downtown Oklahoma City and served as a constrained testbed - urban, mid-size, and operating under relatively low utility rates - conditions GSA described as representative of a wide range of federal properties.
The project team implemented nine energy conservation measures (ECMs) and smart building technologies, including a solar photovoltaic (PV) system, battery energy storage, new HVAC controls, and lighting controls. According to the DOE case study, the existing and new equipment used a variety of control systems, which proved challenging from a coordination and integration standpoint - a lesson that directly informed subsequent GSA interoperability guidance.
The pilot's completion coincided with the Federal Smart Buildings Accelerator (FSBA), a FEMP initiative referenced in the Energy Act of 2020. The FSBA was introduced at Energy Exchange 2022 and concluded in September 2024, with over a dozen sites across eight federal agencies participating. According to DOE, the accelerator provided technology assessments, demand response overviews, and renewable energy studies to help agencies identify GEB readiness gaps and adoption barriers.
Details
GSA projects the Oklahoma City Federal Building retrofit will reduce energy use by 41%, cut approximately 3,100 metric tons of carbon emissions annually, and save around $400,000 per year in energy and water costs. According to GSA Administrator Robin Carnahan at the May 2023 ribbon-cutting event, the project "met all of the original design goals and even exceeded original expectations." Across the five-building UESC portfolio, GSA projects $13.5 million in total utility savings over the contract term.
The pilot's interoperability challenges have directly shaped GSA's Building Technologies Technical Reference Guide (BTTRG), updated to Version 3.0 in May 2024. The guide mandates that all new networked federal building monitoring and control (BMC) systems operate on the GSA Building Smart Network (BSN), with native BACnet (Building Automation and Control Networks) connectivity required for new installations. All new networked federal BMC systems must be IPv6 capable, with IPv4 to be phased out. Proprietary controllers must pass GSA security scanning and be fully remediated before deployment.
GSA's Smart Buildings Directive requires agencies to promote interoperability through open-protocol systems, with the objective of converging normalized data on at least a facility-wide tool. The directive also mandates cybersecurity best practices across GSA IP network-based systems, including downstream devices, and requires the inclusion of cyber supply chain risk management (C-SCRM) principles in all procurements. According to FEMP, DOE has separately published a Cybersecurity Considerations and Research Pathways for Grid-Interactive Efficient Buildings fact sheet outlining how interconnected systems and smart devices should incorporate cybersecurity best practices to prevent security gaps and potential attack paths.
On the legislative front, the U.S. House of Representatives passed the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 (H.R. 872) by voice vote in May 2025. The bill would require the Office of Management and Budget (OMB) to review the Federal Acquisition Regulation (FAR) and recommend updated contract language requiring federal contractors to implement formal Vulnerability Disclosure Policies (VDPs), consistent with standards already applied to federal agencies. According to legal analysts, the bill specifically covers infrastructure and construction contractors - a category encompassing systems integrators and BAS vendors working on federal smart building projects.
FSBA program lead Jason Koman stated that while the accelerator "was very successful in educating federal agencies about the benefits of GEB technologies," he noted that "funding and resources pose barriers to wider adoption."
Outlook
With the FSBA formally concluded, FEMP's documented lessons - interoperability friction between legacy and new control systems, OT cybersecurity gaps in procurement specifications, and the need for standardized data normalization - are expected to feed into updated federal facility design and acquisition standards. GSA's 2024 Facilities Standards for the Public Buildings Service (P100) already introduced new GEB requirements as mandatory benchmarks for federally owned buildings. Integrators and vendors seeking federal smart building contracts will need to demonstrate compliance with native open-protocol requirements, IPv6 readiness, and supply chain cybersecurity controls as baseline qualifications - not optional features.
