Latest BIM guidance takes a look at cyber security

7 January 2016

BSI, the business standards company has published PAS 1192-5 Specification for security-minded building information modelling, digital built environments and smart asset management. It was sponsored by the Centre for the Protection of National Infrastructure (CPNI) on behalf of the Building Information Modelling (BIM) Task Group.

The BIM process involves the sharing of three-dimensional data by all those responsible for the design, construction and operation of buildings and infrastructure in the built environment, to produce a digital representation of physical and functional characteristics of a facility. However, the transparent nature of the process may be identified as an opportunity for hostile forces. Consequently, the entire construction and operations supply chain needs to employ a security minded approach when communicating. It should still enable business to function, but also minimize the value of the information being shared for unfavourable reconnaissance purposes.

PAS 1192-5 specifies requirements for cyber security-minded BIM. It outlines the vulnerabilities to hostile attack to enable clients and contractors to achieve security-minded modelling during all phases of the site/building lifecycle, i.e. concept, design, construction, operation and disposal.

Anthony Burd Head of  Sector, Built Environment at BSI said: “PAS 1192-5 is one of 8 key components  the Government has effectively mandated for companies to use in order to qualify as working to Level 2 BIM, and allowing them to tender for Government contracts from 2016. It tackles cyber security issues head on by supporting and tightening the existing BIM approach. We look forward to including it in the Level 2 digital package which will be available later in 2015.”

PAS 1192-5 addresses the steps required to create and cultivate an appropriate security mindset and secure culture within an organization, including the need to monitor and audit compliance. It outlines security threats to information during asset:

  • Conception
  • Procurement
  • Design
  • Construction
  • Delivery
  • Operation and maintenance
  • Change of use
  • Disposal/demolition

It explains the need for, and application of, trustworthiness and security controls throughouta built asset’s lifecycle (including the full BIM project lifecycle) to deliver a holistic approachencompassing safety, authenticity, availability, confidentiality, integrity, possession, resilience and utility.

PAS 1192-5 also takes a longer view and provides a foundation to support the evolution of future digital built environments - such as intelligent buildings, infrastructure and smart cities. However it does not detail technical architectures for their implementation.

The code of practice was developed using a collaborative consensus-based approach involving such organizations as: BCS — The Chartered Institute for IT, BIM Technologies Alliance, Crossrail, Foreign and Commonwealth Office, Houses of Parliament (Parliamentary Estates Directorate), HS2, The Institute of Asset Management, Laing O’Rourke, Metropolitan Police, Network Rail and University College London.

PAS 1192-5 is relevant to any organization or individual working within BIM, digital built environments and smart asset management projects. It will also be of interest to those involved in the design, construction and delivery of built assets, such as designers, contractors, architects, surveyors, contractors and subcontractors.

Barry Blackwell, from  BIS said: “PAS 1192-5 is an essential piece of guidance for anyone who wants to protect their commercial information and intellectual property. It not only applies to projects employing BIM and the implementation and use of smart asset management, but to any built asset where asset information is created, stored, processed and viewed in digital form. It is also applicable to the capture of digital survey data as part of the day-to-day asset management processes or in anticipation of a future project.”