BIM and cybersecurity: Are you protected?


BIM Cybersecurity


As Construction Dive recently reported, BIM is currently booming in the construction industry, with an impressive 87% of respondents surveyed in the UK, Germany and France reporting positive results and growing numbers of businesses adopting the BIM model for their projects. With AEC enterprises across the world truly entering the digital age, BIM looks set to continue expanding its influence and outreach, linking engineering concepts and physical space to the Global Internet of Things.


However, as events in the past year have shown, this increased connectivity comes with some caveats. The cyberattacks that caused NHS computers to crash and affected IT systems around the world may give some in the construction industry cause for concern. Cybersecurity expert Paul Glass recently told that “Large infrastructure projects are planned out using BIM and other digital systems, therefore a cyberattack could bring a project to a halt”. He went on to advise companies on how to pre-empt any future hacking attempts:


Training staff to be able to identify potentially dangerous emails, and providing them with a quick and easy way to report such emails to IT, is an essential part of any business’ cyber defence. Also businesses must make sure they are up to date with software patches.” 


Cybersecurity – What You Need to Know

The good news is that the BIM process is ideal for these kinds of safeguarding, since it is primarily a philosophy for project management and best working practices. Put simply, it allows consultants and engineers to hone every aspect of their project in a digital space; keeping that space protected is merely the next logical step. In fact, BIM Protocol proposes that an appointed Information Manager should “maintain the Information Model to meet integrity and security standards in accordance with the Employer’s Information Requirements”.


Furthermore, last January BSI published PAS 1192-5 Specification for security-minded building information modelling, digital built environments and smart asset management. Funded by the Centre for the Protection of National Infrastructure (CPNI), this British standard alerts BIM-focused businesses to the threats they may face and lays the groundwork for safe modelling during all phases of a construction project. According to BSI, it aims to “deliver a holistic approach encompassing safety, authenticity, availability, confidentiality, integrity, possession, resilience and utility”. It is already a mandatory requirement for companies that are looking to operate BIM Level 2 packages and, by extension, any government contracts that AEC consultants tender for as of last year.


So, while cyberattacks pose an increasing risk to consultants and engineers working in a digital BIM environment, there are already procedures in place to help companies protect their project assets. Paul Glass still urges caution for the future, however, suggesting that the next attack “will be more advanced, and will likely be more difficult to encrypt”. Hopefully we can utilise the existing cybersecurity frameworks to build a solution big enough to take it on.