Cyber Security Threat Modeling in the Construction Industry: A Countermeasure Example During the Commissioning Process
DOI:
https://doi.org/10.31224/osf.io/gn78aKeywords:
AEC industry, Building commissioning, Construction 4.0, Cyber-physical system, Cybersecurity, Mobile robots, Threat modelingAbstract
The digitalization and automation of the construction sector, known as Construction 4.0, are transforming positively the way we plan, design, execute, and operate construction projects. However, they are also increasing the vulnerability of construction projects and making the architecture, engineering, construction, and facility management (AEC-FM) industry subject to cyberattacks. Although current cybersecurity practices are relevant, they cannot be directly adopted because of the unique challenges faced by the AEC-FM industry, such as complex supply chains, interoperability, and dynamic workforce from project to project. Current literature suggests that, though current standards and practices are relevant, industry-specific studies need to be conducted before they can be successfully integrated. To that extent, this study investigates the cybersecurity threat modeling for construction projects by developing a framework that identifies what might be compromised, how might it happen, why would someone intend to do it, what would be the impact, and what could be done to prevent it. Specifically, the objectives are to a) develop a preliminary threat model relevant to construction that can be used by construction stakeholders with minimal cybersecurity expertise, b) show the feasibility of the approach by using illustrative threat models for each of the life cycle phases of a construction project, and c) use the commissioning phase of a building as a case study to show a possible countermeasure for the cyber threats that could occur during the testing or certification process of a given system. This study addresses essential components to enable the full potential of (i.e., digitalization and automation of the construction industry) and define research areas needed to pave the roadmap for the future of the construction industry and successful development of Construction 4.0. The proposed framework will help analyze, examine, and address the safety and security of stakeholders and systems during crucial phases of a construction project (e.g., pre-construction, construction, and operation).Downloads
Download data is not yet available.
