Category: BIM Security

ThinkBIM Security – 7th December 2016

Share This:

December 2016’s ThinkBIM was particularly memorable for an eye-opening and occasionally frightening view of just how vulnerable the built environment might be to cyber attack, writes Paul Wilkinson of pwcom and thinkBIM Steering Group member.

In May 2015, PAS1192-5 – “Specification for security-minded building information modelling, digital built environments and smart asset management” – became the latest addition to the suite of UK BIM documents, and Turner & Townsend’s Nathan Jones gave us the benefit of a non-construction person’s view of this document. Nathan was recruited into the construction industry after working in the armed forces specialising in military grade IT and security-related technologies.

From his presentation and roundtable contributions, it was clear that he felt existing construction industry IT practices lag behind most other industry sectors in respect of security (“Often IT security is a bit backward in construction”).

This is, of course, hardly surprising. Within the living memory of many people still working in the sector, we mostly exchanged information by paper. But now, in the early years of the 21st century, we are increasingly sharing ‘electronic paper’ – emails instead of letters, Word documents instead of typed reports, PDFs or native files instead of drawings, etc. We already must be vigilant about security: guarding against software viruses, ‘phishing’, hacking, and theft or loss of devices, while also continuing to track, store and protect our communications and intellectual property. (And not always successfully: details of the internal layout of a Royal Palace were recently freely distributed to potential tenderers via an email attachment, Nathan said.)

However, the next stages in the digital transformation of the built environment sector are set to make information management more challenging from a security point of view.

 

From BIM to BASM

As firms begin to share and to combine or ‘federate’ data-rich 3D, 4D (time) and 5D (cost) models, project teams will need to heighten their cyber-security regimes.

A shared 3D model may expose intellectual property to competitors. Moreover, a walk-through visualisation of a new building might expose sensitive information about the building’s design – key structural components, locations of key building services, placement of CCTV or other security equipment, for example. Shared 4D models might reveal periods when assets might be susceptible to sabotage or sites could be vulnerable to theft, while a 5D model could reveal commercially sensitive pricing information to competitors.

Published by the British Standards Institute and the Centre for Protection of National Infrastructure (CPNI), PAS1192-5 is intended to help teams identify and guard against risks including:

  • hostile reconnaissance
  • malicious acts
  • loss or disclosure of intellectual property
  • loss or disclosure of commercially sensitive information, and
  • release of personally identifiable information.

And our already abbreviation-heavy glossary of BIM terms now includes BASM – built asset security management – as a new discipline. Early engagement with a BAS manager will help a project team and the asset owner develop a strong built asset security strategy (BASS) and management plan (BASMP), said Nathan.

People can be our greatest asset, but also our weakest link

Such measures will become more important in an increasingly connected world of not just ‘smart buildings’ but ‘Smart Cities’. We will need to protect information created during delivery of a new built asset, and – just as importantly, and depending on the asset’s sensitivity – protect some or all of the data created by the people and systems in and around that asset, and in any connected assets or infrastructure.

At the people level, precautions might include procedures limiting information access to those with defined roles (I was encouraged that Nathan identified that some Software-as-a-Service collaboration platforms do this well: restricting access to certain files, models or data only to people with defined responsibilities), supported by systems of passes, logins, keys or other forms of authentication.

 

BASM – it’s about people

As with other aspects of BIM, this is certainly not just about technology, but people and process. Awareness raising and training will be important: working practices learned in the days of paper or “spray and pray” email will need to be amended, and data vulnerabilities addressed. Often the weak link will not be the software or hardware, but the people that use them (users noting passwords and PINs on Post-It notes next to their computers, for example), and, as risks cannot be entirely eliminated, Nathan also advised that organisations need plans and processes dictating how they will respond to security breaches.

In one of the roundtable sessions, John Lorimer asked Nathan if this heightened focus on security might counteract recent years’ efforts to get companies and people to share information more readily. “Security should not stop collaboration, so long as it is controlled and people are aware,” Nathan replied, “BIM is actually helping to trigger some security-minded conversations much earlier. We may soon be segmenting our construction supply chains according to those who are security-aware, and those who aren’t.”

 

Success Stories and Data Security – 7th December 2016

Share This:

 

BSI BIM Conference 2nd December 2014 #BISBIM2014

Share This:

Write-up by thinkBIM ambassador, Duncan Reed (@djhreed67)

On December 2nd I wandered along the banks of the Thames, through a very damp London to my second BSI BIM Conference. It had been twelve months since I last attended and BSI has been very busy publishing BIM guidance in the shape of PAS 1192-3:2014 and BS 1192-4:2014 not to mention the even more recent announcement of PAS 1192-5 for Data Security and the fact that our chair, Richard Waterhouse, is also in charge of the NBS-led consortia charged with delivering the Digital Plan of Works and ‘completing’ classification in the form of Uniclass2. But those two little tasks were for another day.

As is traditional for the start of any UK BIM Conference the proceeding opened with Dave Philp (@thephilpster) Director of BIM at Aecom and BIM Task Group, setting the scene, reviewing progress to date and outlining the brave journey into Level 3 – sometime.

davephilppresentationImage from David Philp presentation

Our second speaker was Anne Kemp (@ACKEMPO), Director, BIM Strategy and Development at Atkins for some fantastic, informative, telling and challenging words on BIM as behavioural change. If BIM really is 80% people and process; 20% technology it does make me wonder why we don’t have more people like Anne explaining how to manage this seismic shift in the way construction should be managed and delivered. If you get an opportunity to hear her speak my advice is grab the chance. If you can’t then read this book she recommended – Mind Change: How digital technologies are leaving their mark on our brains by Susan Greenfield.

 

annekemppresentation-cropped

Image from Anne Kemp presentation

After Anne I heard my first ever ‘Security Issues in BIM’ presentation by Alex Luck, Principal of A Luck Associates. BIM may be all about collaboration and sharing but what happens if the data gets into the wrong hands. Some real challenges here for the industry to grapple with – particularly when some are still trying to hold onto data rather than even share in the first place. I hope data security doesn’t get hijacked as a reason by some not to do BIM. The PAS 1192-5 draft for consultation is due out early in the New Year.

Before our first coffee break we were treated to an overview of the 1192 family by Mervyn Richards, OBE, and Director of Avanti Partnership. Merv gave a great review of where we have come, what we’ve achieved and what is still to be done. Key message from him –

“You can’t do Level 2 yet – all the documents aren’t yet in place!”

Coffee break over and we returned to our fourth floor basement business suite to hear Paul Oakley (@OakleyCAD), Associate Director BIM at the BRE explain what the BRE has to offer individuals and businesses for BIM training and support. But Level 2 certification? Hmmm.

Next up was my old Balfour Beatty Group friend Andy Powell (@ajbpow), Head of Building Information Modelling at Parsons Brinckerhoff. Andy gave a great overview on how a business needs to define BIM goals as well as frameworks for a Digital Strategy. PB have adopted the hashtag #digitalpotential More information at their website (and the video) http://pbworld.com/digitalpotential/

 

andykemppresentation

Image from Andy Powell presentation

Rob Manning gave a great overview on PAS 192-3 and in particular the role of the client whilst David Churcher provided some really useful examples of how this document can be implemented. His examples of what Organisational Information Requirements (OIRs) might actually look like were really useful.

davechurcherpresentation

Image from David Churcher presentation

Keeping up?……… just about but fortunately we all had an opportunity to break for lunch, network, or just catch up with BIM colleagues.

Two o’clock and we were all back in our chairs to here Jon Kerbey, Head of Management Systems on HS2 and the man charged with delivering BIM on this scheme. HS2 has already published a BIM Upskilling report this year and Jon outlined some of the finding. Have to say they sound optimistic to my mind but let’s hope UK construction really does rise the challenge of delivering HS2. Their full report can be found at http://assets.hs2.org.uk/sites/default/files/HS2%20Supply%20Chain%20BIM%20Upskilling%20Study%2013-06-14.pdf

After Jon we were treated, and I use the word wisely, to a shock and awe presentation worthy of Dave Philp or even Paul Morell. Nigel Davies  (@NigelPDavies), Director at Evolve, pulled no punches in de-mystifying, de-bunking and generally giving BIM a good roughing up. But in particular businesses over-complicating BIM and over-stating their abilities were his key targets. Let’s get Level 1 right, a sentiment that has been echoed less vocally by previous speakers too. His statistics on where construction think they are, and where they actually are, on the Bew-Richards BIM wedge put me in mind of the BIM analogies with teenage sex.

BIM is like teenage sex

Everyone talks about it…

Nobody really knows how to do it

Everyone thinks everyone else is doing it

So everyone claims they are doing it!

The final speaker the delegates were treated too, after another dose of caffeine and cake, was Nic Nisbet @nicknisbet – the personification of COBie for the UK(?). Nic gave a great overview of the recently published BS1192-4 Code of Practice in his usual dry manner. Also good to hear that COBie for Infrastructure guidance/case studies are due out soon too.

All the days Twitter events have been captured by the Storify link below  https://storify.com/djhreed67/bsi-bim-conference-london-2nd-december-2014

But the last part of the day was handed over to the delegates for a group discussion session. We were split into 5 groups and asked to review the following questions

15.50 – 16.30 Table discussions

How to improve the effectiveness of processes on projects?

How would you promote BIM as a natural progression within the organisation?

Commitment to BIM – what do we need to do – BIM shopping list

So with a group of about 19 we attempted to answer these questions in the time allowed. What did we end up with? A wide-ranging BIM discussion, pretty much around these points but not necessarily being focussed enough to answer the questions, ensued. Despite not having my trusty bundle of Sharpies from last year I was voted in (??) as Group 3 scribe and presenter.

So, in the true style of BIM as a disruptive technology I amended questions to better fit the answers we were identifying.

How to improve the effectiveness of processes on projects?

How would you promote BIM as a natural progression within the organisation?

Commitment to BIM – what do we need to do – BIM shopping list

So re-focussing the question to an answer of

Improve processes, promote BIM (get) commitment

But as a more full answer and summary of discussions we came up with the following response for our Chair, Richard Waterhouse.

  • It’s all about people – and businesses need to determine who is best placed in their business to deliver BIM (it’s not necessarily the IT Manager – remember BIM is a process not technology)
  • We are looking at a paradigm shift, we can’t just tinker around the edges – a great point made by Andy Powell, Parsons Brinckerhoff, in his presentation earlier in the day.
  • Change needs to start with the individual, a person needs to want to change in the first instance. But change also needs to happen at all levels with business leaders giving leadership
  • Businesses need to understand, and address, the fear of change. Change management is vital for BIM to succeed.

Nigeldaviestweet-cropped

  • Businesses need to identify problems, they are normally too quick to offer solutions.
  • Businesses also need to learn to work better with new tools; but these tools need to be appropriate!!
  • Businesses also need to plan for change a long time before the change is going to occur. You just can’t rock up for a project start up meeting and expect to deliver BIM. Also remember that one size most definitely does not fit all – solve the issues not the symptoms.
  • Be aware that some changes will happen so rapidly that there is no time to consider them – let them happen!
  • Still be mindful of commercial realities. The group had a long discussion on the (usual) subject of Capex and Opex. But still very valid at present for the industry. Get the Capex and Opex trams together, shake them up and bring out the best from them both. Don’t think of projects, think of assets, in fact don’t even think of assets think of portfolios. But when thinking this way people and businesses still need to ensure that the micro and macro scales are still aligned.
  • BIM is business transformation – as an industry we all manage projects, BIM is ‘just’ another project to manage.

© 2017 ThinkBIM

Theme by Anders NorenUp ↑