Analysis

Is BIM a security threat to the built environment?

8 October 2014 | By Kris Gunshon and Fred Sherratt

Kris Gunshon and Fred Sherratt of the University of Bolton describe their survey on the potential security risks of BIM.

BIM brings together the design, construction and management systems of a project in one easily accessible format. This means that information about the access system of a public building, for example, is no longer held on an array of indecipherable power, CCTV and alarm schematics. In a BIM, all that information is just a click away.

So, as we design for the operability of projects, BIM has changed a security camera from an icon on a drawing, with associated specifications, to a one-click download providing product, make and model, as well as internal and external wiring layouts. Although this is helpful for those installing and using the cameras, it is also highly convenient for those seeking to enter a building without showing up on them.

The second issue is one of access. BIM projects are held in the cloud or on multi-access servers that are vulnerable to hackers in a way that the drawing racks in a site office never were.

Paul Marks, writing in New Scientist, recently reported on the rise of the smart home, where domestic systems are interconnected and linked to the web for the homeowner’s ease of use. He also warns of the potential for “malware that activates everyone’s heating systems at once, which could overload the grid and cause blackouts”. But accessing buildings through remote FM systems could cause similar problems on a larger scale.

We carried out a survey of 32 construction professionals: most were practitioners based in the UK. We sought responses to questions about the content of a BIM, and the extent to which it was possible to gain access to them. The aim was to explore the perceptions of industry professionals – 62% of whom were working with information models on a regular basis.

Criminal intent

With regard to the data contained within the BIM model itself, 41% of respondents agreed that it could be used by criminals against the building. A further 31% were neutral in their response, whereas 28% felt this was not a concern.

In a related question, 66% of respondents disagreed with the statement that “BIM models would be of no use to criminal organisations”; again 31% were neutral and only 3% felt that this was not a concern. So the majority of professionals did feel there were illegal uses for BIM, although the large proportion of neutral responses suggest that respondents may not be sure precisely how the BIM data could be used for criminal means.

Although 41% agreed that “current methods of sharing BIM files are secure enough”, 47% were neutral on the subject. When we asked whether “current methods of allowing access to BIM files are secure enough”, agreement fell to 31%, compared with 53% who were neutral in their response and only 16% who disagreed.

On the question that “hacking poses a threat to BIM’s security”, 47% of respondents agreed, 31% remained neutral and 22% disagreed. This was supported by findings that 47% felt “access to BIMs should be more restricted”, where only 6% disagreed.

In terms of more specific access methods, 34% felt “storing BIM on cloud-based networks is the safest option”, 60% remained neutral. The large proportions of neutral responses within the survey suggest that the knowledge does not exist within the construction industry to make informed decisions in this area. This is unsurprising, perhaps, as the sample was of construction professionals rather than IT experts.

Yet 70% of the respondents agreed that “people need to take BIM’s security more seriously”, with only 4% disagreeing. Although that this was the final question in the survey, and ideas of hacking had been raised by the preceding questions, this could also suggest that respondents were considering their own lack of knowledge about BIM security.

As BIM grows, it would seem the industry needs IT specialists to support the way it is developed and implemented if it is to ensure the security of the built environment. As more prominent projects such as prisons, banks, nuclear power stations and landmark public buildings proudly proclaim that they are making full use of BIM, we need to ensure that we are not creating a virtual built environment that is increasingly exposed to forces outside of our control.