TY - JOUR
T1 - A systemic framework for addressing cybersecurity in construction
AU - Turk, Žiga
AU - García de Soto, Borja
AU - Mantha, Bharadwaj R.K.
AU - Maciel, Abel
AU - Georgescu, Alexandru
N1 - Funding Information:
Part of this work was conceived during the 1st Workshop on Cybersecurity Implications of Construction 4.0 (CIC4-2020) that took place in New York University Abu Dhabi (NYUAD). The workshop was organized by the S.M.A.R.T. Construction Research Group and generously funded by the NYUAD Institute . The authors also thank the Center for Cybersecurity at NYUAD for their support.
Funding Information:
The first author acknowledges the financial support from the Slovenian Research Agency (research core funding No. P2-0210 ).
Funding Information:
Part of this work was conceived during the 1st Workshop on Cybersecurity Implications of Construction 4.0 (CIC4-2020) that took place in New York University Abu Dhabi (NYUAD). The workshop was organized by the S.M.A.R.T. Construction Research Group and generously funded by the NYUAD Institute. The authors also thank the Center for Cybersecurity at NYUAD for their support. The first author acknowledges the financial support from the Slovenian Research Agency (research core funding No. P2-0210).
Publisher Copyright:
© 2021 The Authors
PY - 2022/1
Y1 - 2022/1
N2 - Today, the built environment is designed, built, and managed using digital technology, making it increasingly exposed to cyber security risks. Cybersecurity is a general topic, and the construction sector has been borrowing general solutions and frameworks. However, the construction industry is specific and needs a specialized framework that would assist in understanding and managing cybersecurity. We have studied general cybersecurity frameworks, cybersecurity standards, research literature, and first principles of systems theory and process engineering. Drawing from that, we developed an original framework that identifies three kinds of wrongful activities: stealing, lying, and harming. It identifies four elements that can be affected by wrongful activities: information asset, material asset, person, and system. It defines cybersecurity as the absence of the three wrongs across the four kinds of elements. The framework is construction-specific, and as such, a useful tool for senior management to understand security problems and organize security processes. It can lead to better standardization and also helps the researchers to structure future work on the topic. The latter should be concentrated in areas where construction was found to be different: the dynamic and overlapping process and organizational boundaries in the design stage, the exposed shared design information, and the vulnerability of control information of the built environment, particularly in critical infrastructures.
AB - Today, the built environment is designed, built, and managed using digital technology, making it increasingly exposed to cyber security risks. Cybersecurity is a general topic, and the construction sector has been borrowing general solutions and frameworks. However, the construction industry is specific and needs a specialized framework that would assist in understanding and managing cybersecurity. We have studied general cybersecurity frameworks, cybersecurity standards, research literature, and first principles of systems theory and process engineering. Drawing from that, we developed an original framework that identifies three kinds of wrongful activities: stealing, lying, and harming. It identifies four elements that can be affected by wrongful activities: information asset, material asset, person, and system. It defines cybersecurity as the absence of the three wrongs across the four kinds of elements. The framework is construction-specific, and as such, a useful tool for senior management to understand security problems and organize security processes. It can lead to better standardization and also helps the researchers to structure future work on the topic. The latter should be concentrated in areas where construction was found to be different: the dynamic and overlapping process and organizational boundaries in the design stage, the exposed shared design information, and the vulnerability of control information of the built environment, particularly in critical infrastructures.
KW - BIM
KW - CIA Triad
KW - Confidentiality
KW - Construction 4.0
KW - Cyber-Physical Systems
KW - Cybersecurity
KW - Digital twins
KW - Digitalization
KW - Information Technology (IT)
KW - Integrity
KW - Operational Technology (OT)
KW - Parkerian Hexad
KW - Privacy
UR - http://www.scopus.com/inward/record.url?scp=85117799886&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85117799886&partnerID=8YFLogxK
U2 - 10.1016/j.autcon.2021.103988
DO - 10.1016/j.autcon.2021.103988
M3 - Article
AN - SCOPUS:85117799886
SN - 0926-5805
VL - 133
JO - Automation in Construction
JF - Automation in Construction
M1 - 103988
ER -