The British Standards Institute has published a draft version of PAS 1192-5, the official guidance on how to keep BIM models and the buildings they represent safe from cyber threats, during the design, construction and operational phases.
The consultation and comment period closes on 2 March.
PAS 1192-5: Specification for Security-Minded Building Information, Digital Built Environments and Smart Asset Management is sponsored by the Centre for the Protection of National Infrastructure (CPNI) and was developed with the BIM Task Group’s security working group.
The introduction states: “This PAS provides a framework to assist asset owners and stakeholders in understanding the key vulnerability issues and the nature of the controls required to enable the trustworthiness and security of digitally built assets within the built environment.
Read related articles
RCP’s Sarah Rock: Can we collaborate on cyber security?
BIM bytes: Security of data under BS 1192-4:2014
Cyber security threats trigger need for new PAS 1192-4
“It encourages the adoption of a pragmatic, proportionate need-to-know approach to the sharing and publication of that information about built assets that could be exploited by those with hostile or malicious intent.”
John Eynon FCIOB, a BIM expert and director of Open Water Consulting, told BIM+ that cyber security was an issue that needed to be taken more seriously by the construction sector.
He said: “We’re stuffing more and more information in the Cloud, and starting to link more and more systems together, with technology like the Internet of Things, so the whole idea of hacking and security becomes much more important. There have already been cases where building management systems have been hacked.
“There’s also the [professional] liability aspect – professionals have to keep their clients’ data safe, how do you do that if it’s in the cloud? What sort of recovery plans are in place? The message is: the guidelines are in place and people have got to be aware.”
The PAS outlines security threats to information during the full life-cycle of built assets, from conception to disposal, and advises on how to create a security mind-set and culture, including providing guidance on:
- Understanding the overall security threat to a built asset.
- Developing a security strategy for a built asset.
- Developing a BASMP – A built asset security management plan.
- Contractual measures.
- Application, monitoring and auditing of security controls.
- Compliance with other legislation and standards.
Hugh Boyes, cyber security lead at the Institution of Engineering and Technology, has previously told BIM+ that the need for guidance on improving cyber security in Level 2 BIM projects became clear after feedback from early adopters and BIM pilot projects.
“The BIM Task Group is looking at what’s needed for BIM implementation and plugging the gaps. BIM’s moving from the pilot project stage to going mainstream, so all the questions raised during the pilots start to emerge,” he said.
We’re stuffing more and more information in the Cloud, and starting to link more and more systems together, with technology like the Internet of Things, so the whole idea of hacking and security becomes much more important.– John Eynon
