Cyber security and engineering
Contents |
[edit] Introduction
Reading ICE’s State Of The Nation: Digital report, it struck me that civil engineering, like many kinds of engineering, is driven by the fundamental vision to make people’s lives better.
New digital technologies can help achieve this by advancing functionality and enabling better ways of working. But they also introduce new vulnerabilities and it’s important that we reduce the harm that might arise if these vulnerabilities are exploited.
It doesn’t matter if harm arises from a safety flaw in a construction, a legal loophole in a process, a cyber security issue or a combination of factors, we’re all trying to achieve the same thing – to build a resilient system. Tackling this problem independently can't ever be as effective as taking a holistic approach.
[edit] Cyber security and engineering collaboration crucial
Communication across different disciplines like IT and civil engineering isn't always easy. Our perspectives and language differ, as you'd expect, because they've evolved independently around our respective 'technologies'.
Take your 'caissons' and 'BIM', and our 'TCP/IP stacks' and 'APTs'. But as our two worlds become more connected we've both realised that concentrating solely on technical aspects is no longer enough.
We need to work out how to collaborate more effectively and concentrate less on outputs for us and more on outcomes for people.
For this reason cyber security shouldn't exist as a separate 'IT thing’, or 'somebody else's problem'. It must be integrated into the engineering process not bolted-on later as an afterthought.
Consider the relative longevity of construction/infrastructure systems and their building design information (i.e. the BIM data). Once we take into account planning, construction, commissioning, handover stages and then the post-completion warranty period. The common data environment (CDE) may need to remain in service for up to 20 years and some of that data will need to be accessible for the lifetime of the built asset (say, 60-plus years).
How people will use and interact with the building? Therefore, how this data is stored, protected and accessed by all the different parts of the supply chain will evolve significantly during this time, so a robust, security-minded approach is needed.
An excellent starting guide is the Centre for the Protection of National Infrastructure (CPNI)’s Digital Built Assets and Environments. It includes more information and links about the specification for security-minded building information modelling, digital built environments and smart asset management: PAS 1192-5.
Considering how this approach is supported by the engineering process to achieve the right level of resilience now and in the future will require a more collaborative effort than we have ever seen before. Cyber security needs to be part of the conversations from the start.
At the NCSC we understand that cyber security is a complex topic, and that these conversations will probably involve more questions than answers to begin with. As part of realising our vision of making the UK the safest place to live and do business online we need to break through some of the fear, uncertainty and doubt that commonly dominates the narrative.
[edit] Cyber security research in practice
The NCSC carries out a lot of research, because we want our outputs to be evidence based, not best guesses. We want the things we do and say to really make a difference to people, so we know we need to understand the social and behavioural aspects of our customers as well as their technical concerns.
To do this the NCSC formed a new Sociotechnical Security Group (StSG) in January last year. The group's research topics are spread across three main themes: people, risk and engineering processes.
At the moment, having confidence that engineering processes adequately consider cyber security beyond compliance is very difficult. Our research needs to support engineers from all disciplines to navigate through a whole-life model of security and assurance: embracing both a risk-based and people-centred approach rather than simply a tick-box exercise.
We need to enable you to identify and cost-effectively address the foundational building blocks of your engineering process to gain confidence that what you're building is secure enough for the business’ needs.
But we also want to ensure we produce something that talks in a language that everyone can relate to, not just cyber security experts.
This article was originally published here on 19 Sept 2017 by ICE. It was written by the National Cyber Security Centre.
--The Institution of Civil Engineers
[edit] Related articles on Designing Buildings
- Articles by ICE on Designing Buildings Wiki.
- Building energy management systems BEMS.
- Cyber-security and phishing.
- Cyber threats to building automation and control systems.
- Data Protection Act.
- Digital technology.
- Infrastructure and cyber attacks.
- Measuring the success of smart cities.
- Mitigating online risk.
- Security consultant.
- Smart technology.
- State of the nation: Digital transformation.
- UK organisations encouraged to review cyber security in response to situation in and around Ukraine.
Featured articles and news
The UK's Modern Industrial Strategy: A 10 year plan
Previous consultation criticism, current key elements and general support with some persisting reservations.
Building Safety Regulator reforms
New roles, new staff and a new fast track service pave the way for a single construction regulator.
Architectural Technologist CPDs and Communications
CIAT CPD… and how you can do it!
Cooling centres and cool spaces
Managing extreme heat in cities by directing the public to places for heat stress relief and water sources.
Winter gardens: A brief history and warm variations
Extending the season with glass in different forms and terms.
Restoring Great Yarmouth's Winter Gardens
Transforming one of the least sustainable constructions imaginable.
Construction Skills Mission Board launch sector drive
Newly formed government and industry collaboration set strategy for recruiting an additional 100,000 construction workers a year.
New Architects Code comes into effect in September 2025
ARB Architects Code of Conduct and Practice available with ongoing consultation regarding guidance.
Welsh Skills Body (Medr) launches ambitious plan
The new skills body brings together funding and regulation of tertiary education and research for the devolved nation.
Paul Gandy FCIOB announced as next CIOB President
Former Tilbury Douglas CEO takes helm.
UK Infrastructure: A 10 Year Strategy. In brief with reactions
With the National Infrastructure and Service Transformation Authority (NISTA).
Ebenezer Howard: inventor of the garden city. Book review.
The Grenfell Tower fire, eight years on
A time to pause and reflect as Dubai tower block fire reported just before anniversary.
Airtightness Topic Guide BSRIA TG 27/2025
Explaining the basics of airtightness, what it is, why it's important, when it's required and how it's carried out.
Construction contract awards hit lowest point of 2025
Plummeting for second consecutive month, intensifying concerns for housing and infrastructure goals.
Understanding Mental Health in the Built Environment 2025
Examining the state of mental health in construction, shedding light on levels of stress, anxiety and depression.