The adoption of Building Information Modelling (BIM) and the increasing use of digital technologies in the design, construction and operation of buildings and infrastructure are transforming the way that architecture, construction and engineering industries work. It will be essential for organisations within these industries to embrace the concept of collaborative working, not only through greater openness and transparency but also through the sharing and use of detailed models and large amounts of digital information. These changes will be required not only in projects developing new assets or solutions, or modifying or disposing of existing ones, but also in the long-term management of assets where lifecycle management will evolve through the increasing capture and analysis of real-time use and condition data.
These advances offer significant and exciting opportunities to asset owners and supply chains to seek innovative solutions to deliver future fiscal, functional, sustainability and growth objectives. However, with the increasing use of, and dependence on information and communications technologies, there is a need to be aware of the vulnerability issues which can arise, and to take appropriate and proportionate control measures to deliver the trustworthiness, safety, resilience and security of digital built assets.
PAS 1192-5:2015 Specification for security-minded building information modelling, digital built environments and smart asset management:
specifies requirements for security-minded management of BIM and digital built environments. It outlines the cyber-security vulnerabilities to hostile attack when using BIM and provides an assessment process to determine the levels of cyber-security for BIM collaboration which should be applied during all phases of the site and building lifecycle.
PAS 1192-5: 2015 Specification for security-minded building information modelling, digital built environments and smart asset management
This standard was commissioned by the Centre for the Protection of National Infrastructure (CPNI), who provided the technical authors for its development with British Standards Institution (BSI) facilitating its production and input from a panel of industry experts. The Publicly Available Specification (PAS) has been developed to integrate a security-minded approach into the construction lifecycle processes as specified in PAS 1192-2 and the asset management processes described in PAS 1192-3 (both of which should be read in conjunction with PAS1192:5).
Recognising that good cyber security alone will be insufficient to protect built assets and related asset information in the collaborative environments which successful BIM implementation needs, the PAS requires the implementation of a holistic approach, addressing security around the aspects of people and process, as well as physical and technological security.
The full PAS1192-5 can be downloaded free of charge from British Standard Institute (BSI) Level 2 BIM portal http://bim-level2.org/standards/
Further guidance to support the implementation of PAS 1192-5 is available at: http://www.cpni.gov.uk/advice/Cross-cutting-advice/Digital-built-assets-and-environments/
Who should use it?
PAS 1192-5 is intended for use by asset owners or, within a project, the Employer. It will also be of interest and relevance to other organizations and individuals involved in the design, construction, maintenance and management of built assets, including those who wish to protect their commercial information and/or intellectual property.
How do I use it?
PAS 1192-5 provides a security-minded framework for applying an appropriate and proportionate approach to managing the security risks that affect a built asset, in whole or in part, asset data and information.
It specifies the processes which will assist organisations in identifying and implementing measures to reduce the risk of loss or disclosure of information which could impact on the safety and security of:
- personnel and other occupants or users of the built asset and its services;
- the built asset itself;
- asset information; and/or
- the benefits the built asset exists to deliver.
A built asset may comprise a building, multiple buildings (e.g. a site or campus) or built infrastructure (e.g. roads, railways, pipelines, dams, docks, etc.). It may include associated land or water, for example, the catchment area for a water company or the navigation channels for a dock and may comprise a portfolio or network of assets.
The PAS adopts a risk management based approach, leading to the production of a Built Asset Security Strategy and Built Asset Security Management Plan. It also introduces the need for a suitably qualified and experienced Built Asset Security Manager to take responsibility for the development, implementation and maintenance of security mindedness throughout the asset lifecycle.
Departmental Security Policies
It is recommended that, where appropriate, PAS1192-5 be used in conjunction with, and any Built Asset Security Management Plan cross-referenced to, other security management policies and plans in place, including those relating to cyber security and cyber resilience.
Cyber Security in Scotland
The Scottish Government published a Cyber Resilience Strategy for Scotland in November 2015. This document should also be read and considered in the development of departmental cyber resilience strategies.
Notes:- Images re-produced with the kind permission of the British Standard Institute.