Cyber security threat modeling in the AEC industry: An example for the commissioning of the built environment

Research output: Contribution to journalArticlepeer-review


Digitalization and automation are making the architecture, engineering, and construction (AEC) industry more vulnerable to cyberattacks. Existing literature suggests that industry-specific studies need to be conducted. The work presented in this study shows a preliminary cybersecurity threat model relevant to the AEC industry. To that end, threat models for each of the life cycle phases are proposed. The feasibility of the proposed approach is illustrated with an example from the commissioning phase of a building, which includes an autonomous robotic system to collect data as a possible countermeasure. The suggested countermeasure shows promise to address some of the cybersecurity challenges faced in the building certification and commissioning process. The results show that the likelihood of detecting rogue sensors increases with additional constraints in the monitoring robot, such as minimum and maximum distance. The illustrative models suggest that the proposed framework will help to address the safety and cyber security of stakeholders and systems during crucial phases of construction projects.

Original languageEnglish (US)
Article number102682
JournalSustainable Cities and Society
StatePublished - Mar 2021


  • AEC industry
  • Building commissioning
  • Construction 4.0
  • Construction automation
  • Cyber-physical system
  • Cybersecurity
  • Mobile robots
  • Threat modeling

ASJC Scopus subject areas

  • Geography, Planning and Development
  • Civil and Structural Engineering
  • Renewable Energy, Sustainability and the Environment
  • Transportation


Dive into the research topics of 'Cyber security threat modeling in the AEC industry: An example for the commissioning of the built environment'. Together they form a unique fingerprint.

Cite this