A systemic framework for addressing cybersecurity in construction

Žiga Turk, Borja García de Soto, Bharadwaj R.K. Mantha, Abel Maciel, Alexandru Georgescu

Research output: Contribution to journalArticlepeer-review


Today, the built environment is designed, built, and managed using digital technology, making it increasingly exposed to cyber security risks. Cybersecurity is a general topic, and the construction sector has been borrowing general solutions and frameworks. However, the construction industry is specific and needs a specialized framework that would assist in understanding and managing cybersecurity. We have studied general cybersecurity frameworks, cybersecurity standards, research literature, and first principles of systems theory and process engineering. Drawing from that, we developed an original framework that identifies three kinds of wrongful activities: stealing, lying, and harming. It identifies four elements that can be affected by wrongful activities: information asset, material asset, person, and system. It defines cybersecurity as the absence of the three wrongs across the four kinds of elements. The framework is construction-specific, and as such, a useful tool for senior management to understand security problems and organize security processes. It can lead to better standardization and also helps the researchers to structure future work on the topic. The latter should be concentrated in areas where construction was found to be different: the dynamic and overlapping process and organizational boundaries in the design stage, the exposed shared design information, and the vulnerability of control information of the built environment, particularly in critical infrastructures.

Original languageEnglish (US)
Article number103988
JournalAutomation in Construction
StatePublished - Jan 2022


  • BIM
  • CIA Triad
  • Confidentiality
  • Construction 4.0
  • Cyber-Physical Systems
  • Cybersecurity
  • Digital twins
  • Digitalization
  • Information Technology (IT)
  • Integrity
  • Operational Technology (OT)
  • Parkerian Hexad
  • Privacy

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Civil and Structural Engineering
  • Building and Construction


Dive into the research topics of 'A systemic framework for addressing cybersecurity in construction'. Together they form a unique fingerprint.

Cite this