Are BIM models really opening up the possibility that the industry will become a target for criminal hackers? When CM first considered the question, it seemed quite far-fetched. While we’ve all heard about the recent spate of high-profile hacks on eBay and iCloud, the motivations there have been financial gain via the theft of consumers’ details or malicious celebrity-baiting. It’s a far cry from there to imagine criminals or terrorists hacking into a BIM model for digital kicks, and unclear what harm they could cause once there.
But it soon became clear that our research was proceeding in parallel with work to flag up the issue to an industry that largely shares CM’s initial scepticism. The Institute of Engineering and Technology is taking a lead with the November publication of a new Code of Practice for Cyber Security in the Built Environment, while the British Standards Institute is understood to be progressing a new annex to PAS 1192 on the subject.
Then there was the Built Environment 2050 report from the CIC’s BIM 2050 group, chaired by the industry’s very own BIM guru David Philp FCIOB. The report raises the question of cyber security as the first point in its executive summary and the first of its recommendations, giving it a prominence hitherto unseen in discussions of BIM. In other words, there seems to be a concerted effort to raise awareness of the issue within the sector.
There are two levels of vulnerability requiring tighter security protocols. First, the tendency to link Building Management Systems directly to the internet, creating clear opportunities for malicious, criminal or terrorist hacking. Bad enough if we’re thinking about an office block or school, downright alarming if the BMS in question belongs to a prison, police station or power station. Then there’s the vulnerabilities of the BIM model itself, with multiple users accessing the cloud, creating multiple openings for data interception and infiltration.
But while the increased threats ushered in by greater use of internet-enabled systems and cloud-based BIM are worrying and give the industry’s construction managers yet more items to add to the risk assessment, at another level the new emphasis on cyber security is a positive development.
That’s because it marks another step in the increasing convergence between the upper echelons of the industry and the IT sector. Already, leading firms of consulting engineers offer their clients advice on the cyber security of their buildings and their BIM models. At the moment, that advice is being provided by individuals with an IT consulting background, but increasingly it will fall within the core responsibilities of a multi-disciplinary construction team. It’s yet more proof that the industry is heading towards a technology-led era.
Elaine Knutt, editor
Comments are closed.