Cybersecurity Considerations for Deep Renovation

By Luiz Filipe Evelin Arruda, Sam Schoenlank, and Antonia Egli (Dublin City University)

Join us as we wrap up our exploration of the open access book ‘Disrupting Buildings: Digitalisation and the Transformation of Deep Renovation’. As deep renovation endeavors play a pivotal role in national energy reduction strategies, we examine how the necessity of integrating cybersecurity measures to safeguard against potential threats.

Safeguarding Sustainable Development

Sustainable development stands at the forefront of national agendas worldwide, with energy efficiency playing a pivotal role in achieving sustainability targets. Buildings are significant energy consumers, necessitating a reduction in their energy consumption to enhance global energy efficiency. Deep renovation, defined as a comprehensive renovation aimed at maximizing energy efficiency, particularly in the building shell, plays a crucial role in this endeavor (Shnapp et al., 2013).

As with other construction and renovation projects, deep renovation undergoes various stages, including design, construction/retrofitting, operation and maintenance (O&M), and end of life. Technological advancements in construction, particularly the digitisation encompassed in Construction 4.0, have revolutionised processes, improving efficiency but also introducing cybersecurity concerns (Klinc & Turk, 2019). The convergence of information technology (IT) and operational technology (OT) further complicates cybersecurity challenges, particularly considering the increasing use of OT in construction site activities (Harp & Gregory-Brown, 2015).

Cybercrimes and Cybersecurity in Construction

The escalating connectivity and sophistication of malicious actors have contributed to a surge in cybercrimes, with the construction sector being no exception. Increasing reliance on remotely operated systems and the Internet of Things (IoT) expands the attack surface, exposing construction companies and projects to various cyber threats, including phishing, ransomware, and denial of service attacks (FireEye, 2021).

Governments worldwide are responding to this threat by enacting laws and regulations targeting cybercrimes. However, few regulations are specific to the construction industry, leaving it vulnerable to cyber threats. Table 1 summarizes common cybercrimes, examples from the construction industry, and relevant laws and regulations.

International Standards, Research, and Cybersecurity Frameworks

To bolster cybersecurity, national and international institutions have developed standards and guidelines. While many are aimed at the IT sector, some are tailored for the architecture, engineering, construction, and operations (AECO) sector. These standards encompass security and control systems, critical for safeguarding modern buildings that heavily rely on automation (Turk et al., 2022).

Scholarly research has primarily focused on the benefits of digitalisation in construction, with cybersecurity aspects receiving less attention. However, notable studies have identified cybersecurity vulnerabilities and proposed solutions across the construction and deep renovation lifecycle. These include addressing information security aspects during design and planning phases, ensuring integrity during data collection, and mitigating risks associated with autonomous equipment usage (Zheng et al., 2019; Mantha et al., 2021; Sonkor & García de Soto, 2021).

The Need for a Contingency Approach

While cybersecurity standards aim to enhance cybersecurity across projects and organisations, a one-size-fits-all approach may not be feasible due to the diversity in construction and deep renovation firms and projects. Stakeholders face different cyber risks and concerns, necessitating tailored cybersecurity assessments and controls (Sonkor & García de Soto, 2021).

The integration of construction with digital technologies presents both opportunities and challenges, with cybersecurity emerging as a critical concern. Deep renovation projects, like other construction endeavors, require robust cybersecurity measures to protect sensitive information and ensure safety. This chapter provides an overview of cybersecurity efforts in the construction industry and deep renovation, emphasising the need for a tailored contingency approach. Moving forward, cybersecurity considerations must be integrated into all phases of deep renovation projects, catering to the diverse needs of stakeholders (Ansari et al., 2020). In conclusion, as the construction industry embraces digital transformation, cybersecurity must remain a top priority to safeguard sustainable development efforts.

To learn more about deep renovation technologies in general, you can download the open access book ‘Disrupting Buildings: Digitalisation and the Transformation of Deep Renovation’ for free. In the book, we explore various digital innovations disrupting and transforming the construction sector. To download the full open access book, ‘Disrupting Buildings,’ click here.

References

EU. (2016). Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Official Journal of the European Union. http://data.europa.eu/eli/dir/2016/1148/oj

FireEye. (2021). M-Trends 2021. https://content.fireeye.com/m-trends/ rpt-m-trends-2021 FOX 5

Harp, D. R., & Gregory-Brown, B. (2015). IT / OT convergence bridging  the divide. NexDefense. https://ics.sans.org/media/IT-OT-ConvergenceNexDefense-Whitepaper.pdf

Klinc, R., & Turk, Ž. (2019). Construction 4.0—Digital transformation of one of the oldest industries. Economic and Business Review, 21(3), 393–410. https:// doi.org/10.15458/ebr.92

Mantha, B. R. K., García de Soto, B., & Karri, R. (2021). Cyber security threat modeling in the AEC industry: An example for the commissioning of the built environment. Sustainable Cities and Society, 66, 102682. https://doi.org/ 10.1016/j.scs.2020.102682

Shnapp, S., Sitjà, R., & Laustsen, J. (2013). What is a deep renovation definition? https://www.gbpn.org/wp-content/uploads/2021/06/08.DR_TechRep. Low_pdf

Sonkor, M. S., & García de Soto, B. (2021). Operational technology on construction sites: A review from the cybersecurity perspective. Journal of Construction Engineering and Management, 147(12). https://doi. org/10.1061/(ASCE)CO.1943-7862.0002193

Turk, Ž., García de Soto, B., Mantha, B. R. K., Maciel, A., & Georgescu, A. (2022). A systemic framework for addressing cybersecurity in construction. Automation in Construction, 133(January), 103988. https://doi.org/10.1016/j. Autcon.2021.103988