Assessment of the cybersecurity vulnerability of construction networks

Bharadwaj R.K. Mantha, Borja García de Soto

Research output: Contribution to journalArticlepeer-review

Abstract

Purpose: The aim of this study is o examine the advantages and disadvantages of different existing scoring systems in the cybersecurity domain and their applicability to the AEC industry and to systematically apply a scoring system to determine scores for some of the most significant construction participants. Design/methodology/approach: This study proposes a methodology that uses the Common Vulnerability Scoring System (CVSS) to calculate scores and the likelihood of occurrence based on communication frequencies to ultimately determine risk categories for different paths in a construction network. As a proof of concept, the proposed methodology is implemented in a construction network from a real project found in the literature. Findings: Results show that the proposed methodology could provide valuable information to assist project participants to assess the overall cybersecurity vulnerability of construction and assist during the vulnerability-management processes. For example, a project owner can use this information to get a better understanding of what to do to limit its vulnerability, which will lead to the overall improvement of the security of the construction network. Research limitations/implications: It has to be noted that the scoring systems, the scores and categories adopted in the study need not necessarily be an exact representation of all the construction participants or networks. Therefore, caution should be exercised to avoid generalizing the results of this study. Practical implications: The proposed methodology can provide valuable information and assist project participants to assess the overall cyber-vulnerability of construction projects and support the vulnerability-management processes. For example, a project owner can use this approach to get a better understanding of what to do to limit its cyber-vulnerability exposure, which will ultimately lead to the overall improvement of the construction network's security. This study will also help raise more awareness about the cybersecurity implications of the digitalization and automation of the AEC industry among practitioners and construction researchers. Social implications: Given the amount of digitized services and tools used in the AEC industry, cybersecurity is increasingly becoming critical for society in general. In some cases, (e.g. critical infrastructure) incidents could have significant economic and societal or public safety implications. Therefore, proper consideration and action from the AEC research community and industry are needed. Originality/value: To the authors' knowledge, this is the first attempt to measure and assess the cybersecurity of individual participants and the construction network as a whole by using the Common Vulnerability Scoring System.

Original languageEnglish (US)
Pages (from-to)3078-3105
Number of pages28
JournalEngineering, Construction and Architectural Management
Volume28
Issue number10
DOIs
StatePublished - Nov 4 2021

Keywords

  • CVSS
  • Construction network
  • Cybersecurity
  • Risk management
  • Security score
  • Vulnerability assessment
  • Vulnerability metrics

ASJC Scopus subject areas

  • Civil and Structural Engineering
  • Architecture
  • Building and Construction
  • General Business, Management and Accounting

Fingerprint

Dive into the research topics of 'Assessment of the cybersecurity vulnerability of construction networks'. Together they form a unique fingerprint.

Cite this