In the Smart Cities and Smart Buildings of the future, sensor technology, Big Data platforms, artificial intelligence (AI) and autonomous systems will play an increasingly important role. Buildings will more and more be networked with the infrastructure of the modern city through mobile applications in the Internet of Things (IoT). This creates many new entry points for cyber attacks.
Cyber security measures along the entire value-chain and the life cycle of products and processes are therefore also becoming a decisive factor for success in the construction industry.
Cyber Security Management Systems (CSMS), which will soon be required by law for the registration of vehicles, will also play an important role in the construction industry and the real estate sector in the future.
Q: Mr. Schock, the Cyber Security of vehicles will now become relevant for type approval. Do you think that similar regulations will follow for the Cyber Security of buildings?
A: In the automotive industry, it is now recognised that vehicles have become more and more mobile computers that must be considered as part of the Internet of Things (IoT). Beyond its physical limitations like tyres or mudguards the vehicle is part of a so-called end-to-end system. This means that the vehicle must be protected over its entire life-cycle and at all points in the value chain. In addition to the product itself, this includes cloud services, back ends and mobile applications. In future, manufacturers will have to present a certificate of conformity for the management of cyber security for their organisation, their processes and products in order to still be allowed to register vehicles. Our managing director, Dr. Michael Müller, spoke about this topic in an interview a few weeks ago.
Buildings, too, are increasingly networked these days. This already starts with smart home applications such as doorbell systems with video switching, intelligent ovens or entire data buses that can be used to control light and temperature throughout the house. Some modern buildings in a smart city already have a connection to a smart grid and are already fully integrated and networked with the infrastructure through energy supply or mobility services such as charging points. If you draw parallels with the automotive industry, it is only a matter of time that the cyber security of buildings is regulated at the legal level as well, since in a networked infrastructure there are numerous entry points for cyber attacks.
Q: How can the construction industry prepare itself reasonably?
A: One approach would be to look at current best practices from the automotive industry and apply them to the construction industry. For example, control units or sensors that are to be installed in buildings could already be checked for cyber security during the sourcing process. Conversely, for suppliers this means that the processes in development, production and operation in future will have to be adapted to meet the customer’s cyber requirements and to further qualify themselves as a supplier.
The introduction of a so-called Cyber Security Management System (CSMS), which adds the aspect of cyber security to products, processes and organisation, is the best solution for this. In this way, all stakeholders involved in a construction project can ensure that their organisation, as well as their suppliers, are cyber-secure and, in the case of the introduction of a mandatory CSMS certification, that they can continue to implement their construction projects.
Q: We have learnt that the integration of a holistic CSMS is a critical success factor for the housing of the future. Smart Cities, which do not function without networking and thus without areas of attack, require a holistic cyber security strategy. What could such a strategy look like?
A: First of all, you must familiarise yourself with the new networked ecosystem in which a modern Smart City is located today. This system consists of an ever-increasing number of networked sensors, which in theory can turn any product, object or device into a Smart Device. This means that each of these objects has its own individual life cycle and value chain. All these different cycles and chains are affected by cyber security, which is why the integration of a management system should be the central point of any cyber security strategy.
Take a new construction project as an example. First of all, we have different actors here to implement such a project. Usually these are investors, construction planners, the actual construction companies and later the operators. Each party must be clear about what needs to be done on the cyber side to ensure that all interfaces are secured.
Especially investors play an important role when selecting partners and must provide an overall picture including the objectives, e.g. that a smart office building is also cyber-secure. These requirements must be taken into account when selecting partners.
As a construction planner, you need to plan the building’s electrical and electronic systems in a sustainable manner, from the initial idea to the completion of the building. This means that a great deal of expertise in networking, sensor technology and communication systems is required to ensure that Cyber Security is considered and implemented at every step.
During the actual construction of the object, the focus is primarily on project management and the monitoring of the implementation and compliance of cyber activities. All E/E systems, sensors and actuators must be correctly installed and tested for functional safety and cyber security.
Ultimately, operating companies must ensure that the cyber security of the property is permanently guaranteed from the time of final acceptance until the end of the building’s life cycle – either by demolition or rededication. This can be done by a so-called Security Operation Centre (SOC). This SOC monitors the corresponding object 24/7 and reacts in the event of a cyber vulnerability in the shortest possible time to rectify faults or ward off potential attacks.
Q: What role does magility play in this process?
A: We at magility see ourselves as a system integrator of CSMS for the European market. By our partnerships with technology companies such as Argus Cyber Security and high-tech start-ups in the fields of cyber security, sensor technology, AI, etc., as well as the independent certification service provider DEKRA and our international network, we can provide cross-interface advice on strategy and action planning for construction projects. Furthermore we can accompany the CSMS implementation process and the implementation of cyber security measures. To this end, we are also already working with players from the construction industry, such as Drees & Sommer.
Q: Thank you very much for the detailed answers. Would you give us a personal estimation at the end of the interview? Where is the construction industry heading to?
A: The construction industry has been undergoing significant digital change for several years now, and this will continue in the future due to the ever-increasing digital networking of buildings and infrastructure. The automotive industry is currently a pioneer, as regulations with binding measures and deadlines for their implementation have already been announced. In future, however, a CSMS will also have to be implemented for the construction industry, as this is the only way to ensure that the infrastructure is protected and the dangers of cyber attacks for the whole society are minimised. Therefore we advise our customers from the construction industry to deal with the topic CSMS already now in order to be prepared for the future and to take the chance to play a pioneering role in this industry.