How secure is your built asset? asks Eddie Tuttle. Do you know the parts of the asset – cyber and physical – which must be protected from attack?
You’re designing a new state-of-the-art facility or structure that is a potential target for criminals, terrorists or hostile states. Would you know which elements of the design would be of particular interest to those threats and would need to be handled sensitively?
That’s the question being asked by Centre for the Protection of National Infrastructure (CPNI) as part of Digital Construction Week.
The increasing use of, and dependence on, information and communications technologies means there is a need to address inherent vulnerability issues and therefore the security implications that arise. CPNI advocates a ‘security-minded’ approach to the implementation of all digital engineering tools to protect built environments, assets, products, services, individuals or communities, as well as any associated information.
Construction professionals and engineers need to consider the sensitive attributes of traditional hardware such as CCTV, as well as physical infrastructure like bollards and barriers to mitigate attacks by hostile vehicles. They also need to think about the features that control access to areas of assets not accessible to the public, for example doors and electronic locking mechanisms.
But would you think about whether there are sensitive aspects of built assets that most people would not automatically consider to be security features, for example the steel structure of a building?
“Not all aspects of security assets are sensitive: the key is understanding which elements pose a risk and could be compromised.”
Sensitive sites requiring specialist knowledge
CPNI has developed a new digital game that asks players to pinpoint the security sensitivities in two hypothetical scenarios – one out on the street, the other inside the building. Those taking part are asked to determine which elements of the selected assets are sensitive and need to be protected in an appropriate and proportionate way, and which are benign.
Not all aspects of security assets are sensitive: the key is understanding which elements pose a risk and could be used to compromise the safety and security of people, built assets or the services provided from or by them.
A security-minded approach can be adopted at any point in the lifecycle of an asset, but with new assets, it should be built in as early as possible: appropriate and proportionate security measures, which encompass personnel, physical and cyber, implemented at this stage can save more expensive measures being required later.
There also needs to be a clear governance structure for security, mapping out accountability and responsibility for decision-making, risk ownership and risk mitigation.
Adopting a security-minded approach will also assist any organisation in protecting against the loss, theft or disclosure of commercial information, personal information and intellectual property.
Ahead of the game’s launch on 24 November, you can read the latest guidance from the CPNI.
Eddie Tuttle is director of policy, research & public affairs at the Chartered Institute of Building.
Don’t miss out on BIM and digital construction news: sign up to receive the BIMplus newsletter.