The U.S. General Services Administration's (GSA) grid-interactive smart building retrofit at the Oklahoma City Federal Building has produced a replicable procurement and operational framework. Federal agencies are now drawing on it to standardize building automation systems (BAS) and operational technology (OT) cybersecurity practices across multi-site portfolios.
Background
The Oklahoma City project originated as part of a Utility Energy Service Contract (UESC) initiated in 2019, pairing GSA with Oklahoma Gas & Electric (OG&E) and energy service company Ameresco to retrofit five federal buildings across the state. According to the Department of Energy's Federal Energy Management Program (FEMP), the project's primary goal was to transform the Oklahoma City Federal Building into a grid-interactive efficient building (GEB) - one capable of dynamically adjusting energy load in response to grid signals while generating and storing its own power.
Prior to the retrofit, building systems - including HVAC, lighting, solar generation, and battery storage - operated as independent, non-communicating silos. The absence of unified BAS integration limited operational visibility and created fragmented control, a condition common across legacy federal facilities and a recognized barrier to both energy performance and cybersecurity compliance.
Details
Completed and formally commissioned in May 2023, the project delivered comprehensive integration of disparate systems under a single control platform. According to the DOE case study, the controls contractor navigated multiple layers of integration, adding supervisory controllers and upgrading air handlers with new direct digital control (DDC) devices to support expanded monitoring and data collection. A 300 kW rooftop photovoltaic (PV) array, battery energy storage, a smart microgrid controller, LED lighting upgrades, and advanced HVAC controls were among the energy conservation measures deployed.
Across all five buildings in the UESC, energy consumption is projected to decrease by 41%, generating $13.5 million in lifetime savings, according to FEMP and GSA data. Approximately $11 million in project funding was sourced from a DOE grant and GSA appropriations, according to GSA.
The integration effort exposed a recurring challenge in federal BAS deployments: the proliferation of incompatible, proprietary control systems that inflate maintenance costs and expand the OT attack surface. In September 2024, GSA moved to address this directly. GSA announced it would standardize its BAS solution enterprise-wide, issuing a Class Brand Name Justification for the Niagara Framework manufactured by Tridium, Inc. according to a GSA news release. GSA's market research found the Niagara Framework is sold and serviced by nearly every major BAS manufacturer, as well as BAS service providers and vendors of all sizes, enabling both large integrators and small businesses to compete for service contracts.
On the OT cybersecurity front, GSA's Building Technologies Technical Reference Guide (Version 3.0, May 2024) classifies BAS and related building management and control (BMC) systems as IT systems subject to the Federal Information Security Modernization Act (FISMA). Building system network (BSN) servers supporting BMC systems are required to obtain a FISMA Moderate Authority to Operate (ATO), with security assessments governed by NIST Special Publication 800-53 Rev. 5 and NIST SP 800-213A, the IoT Device Cybersecurity Requirement Catalog. Wireless building control technologies must meet a minimum AES 256-bit encryption standard, with non-IP wireless devices subject to individual evaluation by GSA IT Security prior to network connection.
The OKC pilot demonstrated that integrating GEB technologies within a major retrofit - rather than as a standalone upgrade - significantly improves cost feasibility. According to the FEMP case study, bundling grid-interactive measures with shorter-payback energy conservation measures helped offset the longer payback periods typical of resilience technologies such as battery storage.
Outlook
GSA's enterprise-wide BAS standardization on the Niagara Framework is expected to reduce remediation costs tied to managing disparate systems across its nationwide real estate portfolio of nearly 370 million rentable square feet. The OKC case study findings are intended to inform future GEB-ready retrofits across the federal portfolio, with DOE's FEMP positioning the project as a transferable model for multi-site rollouts. Agencies pursuing similar programs will face pressure to align procurement specifications with GSA's interoperability standards and FISMA-based OT cybersecurity requirements from project inception - a departure from historically siloed facility and IT governance structures.
