skip to content

Centre for Digital Built Britain


The growth in the use of computer-based technologies and the increasing sophistication and connectivity of cyber-physical systems working in real-time to influence outcomes will have a transformative effect on all of the sectors involved in the design, manufacture, construction, operation and management of built assets and environments.

As a consequence of the move towards greater digitisation and higher levels of integration between sectors, there is a need to address inherent vulnerabilities and take appropriate and proportionate measures to protect:

  • built assets and environments;
  • personnel and other occupants or users of built assets as well as a built environment’s citizens, encompassing residents, business, visitors and commuters;
  • data and information, including that which is commercially sensitive or constitutes intellectual property; and
  • services, whether societal, environmental and/or commercial in order to enable a more secure Digital Built Britain.

This work will be addressed by the Security Working Group (SWG) who will identify, advise and, where possible, act to resolve all matters involving security requirements relating to the implications of implementing digital systems within the life cycle of assets in the built environment, along with Smart Cities and Industrial Control Systems including the Internet of Things (IoT) and other distributed technologies.

The group reports to the Chief Scientific Advisor annually and, by invite, to relevant Ministers.

The importance of security

Trust and security are fundamental to a digital built Britain and they are at the heart of the CDBB programme. 

Our first challenge is that the processes and systems used for implementing Level 2 BIM were not designed with an understanding of the vulnerabilities that are created and therefore the security implications that arise. To deal with that, information management practitioners are being advised to take "a security-minded" approach. In other words, they need to put in place appropriate and proportionate security measures to deter and/or disrupt hostile, malicious, fraudulent and criminal behaviours or activities. They are also advised to take a "holistic" approach to security, looking at personnel, physical, cyber and cross-cutting issues and solutions, overseen by good governance with clear lines of responsibility and accountability. 

However, the successful implementation of a security-minded approach does rely on organisations recognising the issues and working with their supply chains in order to configure standard data, information and modelling systems in ways that protect, and limit access to, the detail of, and information about, sensitive assets.

The security demands of some asset owners on certain projects mean the security-minded approach is not sufficient to mitigate the risks, restricting the ability of those asset owners to exploit the benefits and reduced time and costs that digital engineering facilitates. 

Therefore, as we move beyond BIM, it is essential that new developments are underpinned by managed and integrated information that is trusted and secure to an appropriate level. Solutions must be capable of meeting the needs of all sectors and act as "enablers" within the digital engineering process, rather than being perceived, or used, as "blockers" of adoption and/or innovation. 

With the current and future acceleration in the use of, and dependence on, information and communication technologies, the risks around data and information collection and acquisition, processing and storage will increase significantly. Platforms, encompassing devices and supporting software will need to be secure by default in order that full functionality is available without compromising security.

While the security workstream continues to develop the mechanisms and information that are needed to increase awareness, understanding, clarity and structure around the security issues and good security practices, it is also developing, and planning for, the security solutions that will be needed to meet future challenges. These solutions will need to be capable of evolving in line with technological advancements, ensuring that any new vulnerabilities are identified and mitigated.

CDBB activities, such as our event in November, aim to ensure that security-mindedness is embedded at all levels and stages.

Ten Steps to Security-Mindedness

  1. Establish good governance arrangements for security with an individual accountable for security at a board/executive level
  2. Understand which of your assets, including data and information, are critical, sensitive or high value
  3. Understand the range of potential threats to your business, assets and services and have an up-to-date business continuity and incident management plan in place
  4. Mitigate and manage unacceptable security risks using an appropriate and proportionate, risk-based approach
  5. Manage access to sensitive data and information on a need-to-know basis
  6. Embed a security culture within your organisation by providing appropriate training and guidance to staff and contractors
  7. Have proportionate physical security measures to control access to sites and any sensitive assets in place
  8. Implement good basic cyber security measures in relation to applications, devices, networks and systems
  9. Develop and implement a security-minded social media and communications policy
  10. Where appropriate, carry out pre-screening of employees and contractors and manage the demobilisation of personnel and organisations

Related articles:


Useful security-mindedness support links

  1. Centre for the Protection of National Infrastructure (CPNI): Digital Built Assets and Environments 
  2. PAS 1192-5:2015 Specification for security-minded building information modelling, digital built environments and smart asset management 
  3. PAS 185:2017 Smart Cities. Specification for establishing and implementing a security-minded approach
  4. National Cyber Security Centre 
  5. CPNI Passport to Good Security
  6. The Data Zoo: How user behaviours affect information quality by Julian Schwarzenbach
  7. Engineering Council Principles for Security
  8. Blog by event speaker Alex Luck, A Luck Associates, and CDBB Security Lead 

Further information and guidance around the security of digital build assets and environments can be found at: