TY - GEN
T1 - Threat Modeling in Construction
T2 - 37th International Symposium on Automation and Robotics in Construction: From Demonstration to Practical Use - To New Stage of Construction Robot, ISARC 2020
AU - Shibly, M. U.R.Mohamed
AU - Soto, B. Garcia De
N1 - Funding Information:
Acknowledgment: The authors would like to thank the support from the Center for Cyber Security at New York University Abu Dhabi (CCS-AD).
Publisher Copyright:
© 2020 Proceedings of the 37th International Symposium on Automation and Robotics in Construction, ISARC 2020: From Demonstration to Practical Use - To New Stage of Construction Robot. All rights reserved.
PY - 2020
Y1 - 2020
N2 - Cybersecurity threats related to new technologies get little attention until an incident occurs, and vulnerabilities are highlighted. In the case of construction projects, any cyber breach, either malicious or incidental, has the potential to cause significant damage. This varies from unauthorized access of sensitive project information to hijacking construction equipment to cause structural damage to the site or harm to personnel. Given the potential implications of threats in cyber-physical systems, and the potential for physical damage to products and personnel, serious consideration from a research perspective is needed. The risk of such attacks occurring is exacerbated in regions such as the UAE, where new technologies, such as 3D printing, are trending. With that in mind, the objective of this study is twofold. First, to raise awareness about the cybersecurity implications of the new technologies adopted by the AEC industry. Second, to understand the core cybersecurity aspect of threat modeling concerning cyber-physical systems applied to construction projects. Several threat modeling methods such as STRIDE, OCTAVE, PASTA, and VAST have been developed. However, they are not easy to adopt by construction professionals who generally have limited knowledge of the cybersecurity domain. To address that, this study aims to develop a preliminary threat modeling approach that is relevant to the construction industry and can be quickly adopted to investigate the current technology being implemented. To demonstrate the practical feasibility of the proposed threat model, we consider an industrial-grade robotic arm system to 3D print construction elements offsite. This threat model will provide insights into a range of different threats that these systems are vulnerable to, allowing us to secure these systems against such threats, and raising awareness about the cybersecurity implications of implementing such technologies in the AEC industry.
AB - Cybersecurity threats related to new technologies get little attention until an incident occurs, and vulnerabilities are highlighted. In the case of construction projects, any cyber breach, either malicious or incidental, has the potential to cause significant damage. This varies from unauthorized access of sensitive project information to hijacking construction equipment to cause structural damage to the site or harm to personnel. Given the potential implications of threats in cyber-physical systems, and the potential for physical damage to products and personnel, serious consideration from a research perspective is needed. The risk of such attacks occurring is exacerbated in regions such as the UAE, where new technologies, such as 3D printing, are trending. With that in mind, the objective of this study is twofold. First, to raise awareness about the cybersecurity implications of the new technologies adopted by the AEC industry. Second, to understand the core cybersecurity aspect of threat modeling concerning cyber-physical systems applied to construction projects. Several threat modeling methods such as STRIDE, OCTAVE, PASTA, and VAST have been developed. However, they are not easy to adopt by construction professionals who generally have limited knowledge of the cybersecurity domain. To address that, this study aims to develop a preliminary threat modeling approach that is relevant to the construction industry and can be quickly adopted to investigate the current technology being implemented. To demonstrate the practical feasibility of the proposed threat model, we consider an industrial-grade robotic arm system to 3D print construction elements offsite. This threat model will provide insights into a range of different threats that these systems are vulnerable to, allowing us to secure these systems against such threats, and raising awareness about the cybersecurity implications of implementing such technologies in the AEC industry.
KW - 3d concrete printing
KW - Construction4.0
KW - Cvss
KW - Cyber-physical systems
KW - Cyberattack
KW - Cybersecurity
KW - Risk propagation
KW - Smart construction sites
KW - Stride
KW - Threat model
KW - Vulnerability assessment
UR - http://www.scopus.com/inward/record.url?scp=85099065344&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85099065344&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85099065344
T3 - Proceedings of the 37th International Symposium on Automation and Robotics in Construction, ISARC 2020: From Demonstration to Practical Use - To New Stage of Construction Robot
SP - 625
EP - 632
BT - Proceedings of the 37th International Symposium on Automation and Robotics in Construction, ISARC 2020
PB - International Association on Automation and Robotics in Construction (IAARC)
Y2 - 27 October 2020 through 28 October 2020
ER -