Developing a security-minded but open and transparent digital built environment sector

The built environment sector in the UK has been undergoing a digital transformation. The homes, workplaces, facilities and infrastructure that clients, designers and builders manage, design, build and maintain incorporate increasing levels of digital technologies and are delivered using connected information systems and digital representations of the completed facilities. Key to this transformation is the Building Information Model (BIM); a digital representation of the physical and functional attributes of a building, which can be used throughout its life cycle. Sectoral initiatives over the next decade envision the rapid exploitation of this capability with significant economic and social impact. The government’s 2016 Digital Built Britain strategy is an enabler of the visions of Smart Cities, Smart Grids and the Digital Economy more broadly. On the supply side of the sector this calls for a seamless integration and sharing of data across projects, organisations and disciplines, and an open collaborative approach to knowledge production. For owners and users of the buildings and infrastructure, the availability of comprehensive real-time information on the configuration, state and use of the built environment will optimise the use of resources and enhance the lives of users and citizens. Extending the digital economy to the built environment will lead to a data and application ecosystem that will support the business and economic opportunities of the future.

The opportunities of an increasingly digital built environment come with a concomitant increase in the vulnerability of facilities and systems to exploitation, disruption or attack. To ensure the security and resilience of sensitive assets (or sensitive aggregations of assets) it will be necessary to protect information about their location and properties, the operational information relating to them, and the personally identifiable information of citizens who navigate and use them. The need to protect asset information in use flows back to the design and construction processes that creates it. A recently issued British Standard (PAS1192-5:2015), developed in collaboration with the Centre for the Protection of National Infrastructure (CPNI), seeks to provide guidance to the industry on how to deliver projects in a “security-minded” manner. This PhD project will study how the industry is responding to this latest facet of its digital transformation to learn how the security objectives are being realised and, using security imperatives as an analytical intervention, to draw lessons for the information needs of enhanced design, construction and operation processes more generally.

Building on previous research in the School of the Built Environment, this research will focus on the projects that deliver and maintain sensitive assets. Construction projects are the sites where construction innovation is developed and negotiated, where ambiguities are resolved, and where strategies are implemented or resisted. The construction sector is already being challenged to move from a fragmented and adversarial culture to one characterised by collaboration, openness and sharing. Built environment managers and professionals are now also being asked to adopt security-minded behaviours and processes in which only specified people are given access only to certain information. PAS1192-5 acknowledges the tension between these two aspirations, noting that BIM adds value to construction delivery by enabling collaboration and transparent, open ways of working and sharing digital information while also claiming that its authors do not seek “in any way to undermine the collaboration on which projects… are centred”. This research will study how projects are implementing, managing and monitoring security-minded BIM in the context of the broader collaborative and open digital transformation of the sector.

The project will produce an empirical study of how construction projects are implementing technological and organisational changes to deliver secure data and foster security-minded behaviours. Research methods will be adopted that will allow for the identification of the challenges and trade-offs encountered during the implementation and management of systems and processes and the assessment of any concomitant risk to the built environment digital infrastructure. We anticipate applying the understanding gained of the socio-technical challenges of implementing information security on construction projects to develop guidance to asset owners, designers and builders, to influence the development of information systems and to contribute to emerging British and International Standards in this area. The project will produce refereed journal and conference paper publications and will feed back the findings to collaborating industry partners.