Cyber Security Management in Building Tomorrow’s Smart Cities
June 23, 2022
Smart cities of the future are being planned and built with digital technologies at their core. From smart transportation to intelligent infrastructure, these next-generation urban centers will rely on integrated systems to keep things running smoothly.
Construction plays a critical role in the development of these smart cities. In order to create a safe and secure environment, it is essential to have a well-designed and well-built infrastructure — not only the physical infrastructure, but the data-rich, technology-based systems that connect the city’s various components. This will apply to the building of new structures as well as the retrofitting of existing ones.
Construction companies, for their part, will need to ensure their own practices with data and technology (and increasingly the Internet of Things) are buttoned up and adhere to the strict standards that will be expected of anyone involved in the development of these smart cities. In part, that means putting a comprehensive cyber security management strategy in place. Where to start? The following measures can serve as a foundation.
Implement basic project data security protocols
Construction companies store an endless amount of sensitive data — client and vendor details, financial information, and project data including contracts, designs and schedules. Unauthorized access to that data at the construction or retrofitting stage can compromise the development of smart cities and the smart buildings within them. This is why fundamental data security measures are necessary. They’re most effective when implemented in each project long before construction begins and continue on until it’s been handed over to the project owner.
These basic data security protocols act as first lines of defense in protecting that information. Granted, it may sound a bit too obvious, like Cyber Security Management 101. But just as an intruder looks for the unlocked door to gain effortless entry into a home or business, cyber attackers look for the easy way in to find something of value to exploit or hold hostage. It happens more often than you may think; and lax data security practices are often to blame.
Different measures prevent different kinds of cyberattacks. Some of the more common ones are:
- Cyber security training empowers project team members to recognize the tactics cyber attackers use and what they can do to prevent them and not inadvertently fall victim to them.
- Dual authentication confirms someone’s identity through two different means before granting access to your systems or data. This can thwart an attacker who has their username and password.
- Email filtering doesn’t just block annoying spam, it also blocks what may appear to be trustworthy emails but are actually malware meant to infiltrate the company system.
- Regular data backups ensure there’s no loss of valuable information should hackers encrypt files on a computer and hold them for ransom.
- Role-based access control limits access and modification privileges of certain data only to those in designated job roles or functions, protecting against accidental data damage or exposure to hackers.
- Software updates and patches seal off any exposed vulnerabilities to viruses, security threats and malware in computer-based or cloud-based systems.
- Strong passwords make it difficult for hackers to guess and use to gain access to company and personal data.
Adopt building information modeling (BIM) security measures
Developing smart buildings and smart cities involves a level of complexity in their construction that is far different from that of the “typical” capital project. BIM is uniquely suited for this. It’s known not only for its common data environment (CDE) that can house the vast amounts of hyper-focused data these projects generate, but also for facilitating collaboration among the thousands of project team members who will constantly have to access that data from the planning stage to handover. And with that comes the need for more stringent cyber security management measures.
Why? BIM models contain sensitive information about a facility’s ongoing construction, which could be used by hackers to gain access to other buildings or systems. Every person who accesses data, and every device used in the process, are potential entry points for cyberattack. With so much data available in one place a single breach can be devastating on many levels. Plus, this is the same data that will be used post-turnover by the facilities management team to ensure the integrated equipment and systems are functioning as they should and to better respond in the event of a cyberattack.
Construction companies may have to define a cyber security management plan to show they understand the potential internal and external threats as well as how they’ll manage both prevention and recovery. Taken a step further, to deliver a more secure asset, connected systems within smart buildings and cities will ideally be designed and built by those who understand the security ramifications of how and with whom data is shared, as well as how those systems are ultimately integrated.
Expand the building commissioning process to include cyber security commissioning
As building systems have become more sophisticated and data-dependent, even outside of smart cities, the building commissioning process has had to adapt accordingly. While not required now, commissioning will likely become mandatory (at least by project owners) to guarantee the functioning of the intricate systems.
Those doing the commissioning are going to need more technical knowledge. But it’ll be more than just understanding how the various systems work together. They’ll need to know how and where each system can be exploited and how to control and strengthen those systems to protect against cyberattacks. As with today’s building commissioning practices, such cyber security-based commissioning will be most effective when incorporated at the planning and design stages. So, systems can be optimally designed and constructed while also allowing for adequate testing throughout project execution. That can give owners the confidence they need that they’re getting a project with secure integrated systems.
Make cyber security management a standard practice
As citizens become more dependent on computer systems to make life run smoothly, the need for effective cyber security management strategies grows. Future building of smart cities will depend on the effectiveness of these cyber security measures as much as the integrity of the physical structures themselves. It will impact not only how construction companies approach cyber security but how it incorporates the Internet of Things into planning, designing and construction strategies.