Submitted by Angela Walters on Mon, 15/10/2018 - 12:16
Ahead of the Centre for Digital Built Britain (CDBB) and Centre for Smart Infrastructure and Construction (CSIC)-hosted ‘Security-Mindedness for Smart Infrastructure: Challenges and Opportunities’ event on 1 November, Alexandra Luck, security project manager for CDBB, sets out how a security-minded approach is central to the CDBB programme and the operation and integration of assets and environments.
The embedding of the security workstream within CDBB recognises that trust and security is one of the fundamental aspects that underpins the whole of the Centre’s programme both in terms of how it works on a day-to-day basis and as part of its current and future outputs."
In the main, the processes and systems in place for the implementation of Level 2 BIM have not been designed with an understanding of the vulnerabilities that are created and therefore the security implications that arise.
The security guidance that has been developed around BIM has therefore advocated the development and implementation of a security-minded approach. This comprises the routine application of appropriate and proportionate security measures to deter and/or disrupt hostile, malicious, fraudulent and criminal behaviours or activities. Further, it considers security holistically, looking at personnel, physical, cyber and cross-cutting issues and solutions, overseen by good governance with clear lines of responsibility and accountability.
However, the successful implementation of a security-minded approach does rely on organisations recognising the issues and working with their supply chains in order to configure standard data, information and modelling systems in ways that protect, and limit access to, the detail of, and information about, sensitive assets. The security demands of some asset owners on certain projects mean the security-minded approach is not sufficient to mitigate the risks, restricting the ability of those asset owners to exploit the benefits and reduced time and costs which digital engineering facilitates.
Therefore, as we move beyond BIM, it is essential that developments are underpinned by managed and integrated information that is trusted and secure to an appropriate level. Solutions must be capable of meeting the needs to all sectors and support the realisation of the full benefits of: increasing the number of locatable assets; 'smart' infrastructure; manufacturing; connectivity; and automation, to citizens, service providers and to UK plc. Further, trust and security measures need to act as ‘enablers’ within the digital engineering process, rather than perceived, or used, as ‘blockers’ of adoption and/or innovation.
With the current and future acceleration in use of, and dependence on, information and communication technologies, the risks around data and information collection and acquisition, processing and storage will increase significantly. Platforms, encompassing devices and supporting software will need to be secure by default in order that full functionality is available without compromising security.
While security workstream continues to develop the mechanisms and information that are needed to increase awareness, understanding, clarity and structure around the security issues and good security practices, it is also developing, and planning for, the security solutions that will be needed to meet future challenges. These solutions will need to be capable of evolving in line with technological advancements, ensuring that any new vulnerabilities are identified and mitigated.
The embedding of the security workstream within the Centre for Digital Built Britain (CDBB) recognises that trust and security is one of the fundamental aspects that underpins the whole of the Centre’s programme both in terms of how it works on a day-to-day basis and as part of its current and future outputs.
Alexandra Luck is speaking at the CSIC/CDBB ‘Security-Mindedness for Smart Infrastructure: Challenges and Opportunities’ event on 1 November alongside other security experts and representatives of organisations who have embraced the security-minded approach in their digital engineering programmes and who continue to input into the work of the security programme.
Contact: Alex Luck