Cyber security challenges and vulnerability assessment in the construction industry

Mantha, Bharadwaj R. K.; Soto, Borja García de

doi:10.3311/ccc2019-005

Cited by 49 publications

(33 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Data protection and cybersecurity is a major concern for the construction companies. Mantha and de Soto (2019) implied that the Architecture-Engineering-Construction (AEC) industry has already been experiencing cyberattacks such as stealing private information, accessing unauthrozied files, and remove records. The expansion of digital platforms on…”

Section: Literature Reviewmentioning

confidence: 99%

“…Therefore, the construction companies must work towards developing their infrastructure and organizational structure in terms of handling the cybersecurity risks.. However, there is not yet an avaiable standard to develop a procedure for identifying such risks in the construction industry (Mantha and de Soto, 2019). Hence, data protection and cybersecurity is listed as an essential challenge for the I4.0 implementation in the construction industry due to the fact that the construction companies do not still have a definite plan or procedure to follow for protecting digital assets.…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Investigating major challenges for industry 4.0 adoption among construction companies

Demirkesen

Tezel

2021

ECAM

View full text Add to dashboard Cite

PurposeThe purpose of this study is to explore the challenges hindering the adoption of Industry 4.0 (I4.0) among construction companies.Design/methodology/approachThe construction industry needs innovative technologies due to its complex and dynamic nature. In this respect, the latest trends such as digitalization, building information modeling (BIM), Internet of things (IoT) are of utmost importance in terms of fostering the change in managing projects and encouraging industry practitioners to adopt the change for better performance. This paper focuses on I4.0adoption among construction companies. In this respect, a questionnaire was designed and administered to construction professionals to reveal the challenges in I4.0 adoption among construction firms. The respondents were requested to fill in the questionnaire on the I4.0 efforts of their companies. The questionnaire was intended to collect the perceptions of industry practitioners working at large construction companies. Based on these, the challenges listed were ranked based on their relative importance and success indices. Finally, the Mann–Whitney U test was conducted to test whether statistically significant responses exist among groups of respondents (i.e. young and old companies, large and small, high and low revenue and main area of expertise).FindingsThe results of the study indicated that resistance to change, unclear benefits and gains and cost of implementation are the major important challenges in terms of I4.0 adoption in construction projects. On the other hand, the data analysis implied that the majority of construction organizations successfully deal with the problems arising from lack of standardization, legal and contractual issues and cost of implementing in terms of promoting I4.0 adoption.Research limitations/implicationsThe study is expected to guide construction practitioners in terms of benefitting from I4.0 applications and deliver projects with better outcomes. This study might be used as a guide for the companies aiming to start their I4.0 transformation knowing the challenges and develop strategies for how to handle them. A concrete plan would help them achieve greater performance and benefit from the I4.0 implementation at the maximum level. Finally, the study implies that construction firms shall prepare action plans for handling each challenge listed and monitor their performance based on the planned and actual data of their projects.Originality/valueThis study investigates the major challenges of I4.0 among construction companies. This is one of the important studies, which puts I4.0 focus forefront of the construction industry with a clear identification of challenges that construction organizations have to address to transform their organizations into construction 4.0. The study has the potential to guide both industry practitioners and researchers to develop awareness for the benefits of using the latest technology and fostering innovation. This is expected to create value for construction clients in terms of achieving the product with serious gains such as time and cost.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

Investigating major challenges for industry 4.0 adoption among construction companies

Demirkesen

Tezel

2021

ECAM

View full text Add to dashboard Cite

show abstract

“…With a few exceptions, the publications related to understanding cybersecurity aspects in the construction sector are limited. For example, Mantha and García de Soto (2019) investigated the spread of vulnerability in construction networks using an agent-based modeling approach. They considered two construction networks, one resembling a traditional delivery system in which construction participants are more segregated (e.g., Design-Bid-Build or DBB) and another with higher integration and combination among the different stakeholders (e.g., Integrated Project Delivery or IPD).…”

Section: Cybersecurity Research In the Aec Industrymentioning

confidence: 99%

“…With increasing interest and implementation of digital models and automation, this will be of great concern to the AEC industry. Although (Mantha and García de Soto, 2019) enumerated and taxonomized some of these data elements for a particular delivery method and specific construction stakeholders during the construction phase in the context of cybersecurity, a comprehensive investigation of the information and communication technologies (ICT) across different life cycle phases of the project is still missing. In addition, Parn and Edwards (2019) suggested some measures to secure the stored and managed information through the CDE.…”

Section: Research Area 1 -Information and Data Privacymentioning

confidence: 99%

Cybersecurity in Construction: Where Do We Stand and How Do We Get Better Prepared

Mantha

Soto

2021

Front. Built Environ.

View full text Add to dashboard Cite

The architecture, engineering, and construction (AEC) industry is increasingly becoming digital and more prone to cyber-attacks. Although there are several studies and standards in the cybersecurity domain, experts suggest that domain-specific studies need to be conducted to address the unique challenges faced within each of the different industries. Therefore, several cybersecurity studies have been undertaken for various industries, such as healthcare, manufacturing, telecommunication, and energy. However, this type of study is largely missing in the AEC industry due to different reasons, including lack of awareness. To address that, this study aims to (a) compare and analyze the number of cybersecurity-related documents in the AEC industry with several other industries, and (b) extract and analyze the cybersecurity-related documents data to identify potential future research trends and topics for the AEC community. The Web of Science (WOS) database, consisting of significant and influential journal publications, was used for document retrieval. VOSviewer was used to identify key research topics and trends in the cybersecurity domain and define future cybersecurity research in the AEC industry. WOS document retrieval results that compared the total number of publications corroborated the little to no attention received to cybersecurity investigation in the AEC industry. In addition, the VOSviewer analysis revealed three significant areas of research in the cybersecurity community that provide a reasonably justified roadmap for conducting cybersecurity research in the AEC industry. This study could greatly benefit the AEC research community and potential reaping benefits to the industry by creating more awareness among different stakeholders.

show abstract

“…Due to the inherent nature of construction, almost all the entities are interrelated and hence can compromise and impact each other with very few exceptions. For example, [15] showed how the vulnerability of an individual entity impacts the whole construction network due to the existing information and communication exchange channels. An example of an exception can be when a potential vendor who is not part of the construction project yet, might not have any communication or association with the existing entities (e.g., contractor), and hence the vulnerability of such a potential entity might not have any impact.…”

Section: Scope (S)mentioning

confidence: 99%

Implementation of the Common Vulnerability Scoring System to Assess the Cyber Vulnerability in Construction Projects

Bharadwaj¹,

Yeojin²,

Borja³

2020

Proceedings of the Creative Construction E-Conference 2020

View full text Add to dashboard Cite

The utilization of new technologies coupled with the digitization and automation of the construction industry (known as Construction 4.0) comes with many advantages. For example, it will make the Architecture Engineering and Construction (AEC) industry more connected, accessible, and transparent. However, the inherent nature of these connected systems will make construction networks more vulnerable and prone to cyberattacks. That will compromise not only the confidentiality of sensitive information but also the security of physical assets and project participants. With this background in mind, it is crucial to measure the security of construction networks. There are different systems to evaluate security vulnerabilities of a system, network, organization, or process; one of the most common is the Common Vulnerability Scoring System (CVSS), which provides a numerical score that reflects the severity of a given vulnerability based on specific identified metrics. This paper examines the application of CVSS to quantify and evaluate the vulnerability of project participants that can be used as the groundwork to determine the security vulnerability of construction networks. The objectives of this paper are 1) to examine the advantages and disadvantages of different scoring systems and their applicability to the AEC industry, 2) to systematically apply the identified system to determine scores for some of the most significant construction participants such as the owner, contractor, and worker. The proposed approach will help to assess the vulnerability of project participants and, eventually, the security level of construction networks.

show abstract

Cyber security challenges and vulnerability assessment in the construction industry

Cited by 49 publications

References 12 publications

Investigating major challenges for industry 4.0 adoption among construction companies

Investigating major challenges for industry 4.0 adoption among construction companies

Cybersecurity in Construction: Where Do We Stand and How Do We Get Better Prepared

Implementation of the Common Vulnerability Scoring System to Assess the Cyber Vulnerability in Construction Projects

Contact Info

Product

Resources

About