Publications / 2020 Proceedings of the 37th ISARC, Kitakyushu, Japan

Threat Modeling in Construction: An Example of a 3D Concrete Printing System

Maahir Ur Rahman Mohamed Shibly and Borja Garcia de Soto
Pages 625-632 (2020 Proceedings of the 37th ISARC, Kitakyushu, Japan, ISBN 978-952-94-3634-7, ISSN 2413-5844)

Cybersecurity threats related to new technologies get little attention until an incident occurs, and vulnerabilities are highlighted. In the case of construction projects, any cyber breach, either malicious or incidental, has the potential to cause significant damage. This varies from unauthorized access of sensitive project information to hijacking construction equipment to cause structural damage to the site or harm to personnel. Given the potential implications of threats in cyber-physical systems, and the potential for physical damage to products and personnel, serious consideration from a research perspective is needed. The risk of such attacks occurring is exacerbated in regions such as the UAE, where new technologies, such as 3D printing, are trending. With that in mind, the objective of this study is twofold. First, to raise awareness about the cybersecurity implications of the new technologies adopted by the AEC industry. Second, to understand the core cybersecurity aspect of threat modeling concerning cyber-physical systems applied to construction projects. Several threat modeling methods such as STRIDE, OCTAVE, PASTA, and VAST have been developed. However, they are not easy to adopt by construction professionals who generally have limited knowledge of the cybersecurity domain. To address that, this study aims to develop a preliminary threat modeling approach that is relevant to the construction industry and can be quickly adopted to investigate the current technology being implemented. To demonstrate the practical feasibility of the proposed threat model, we consider an industrial-grade robotic arm system to 3D print construction elements offsite. This threat model will provide insights into a range of different threats that these systems are vulnerable to, allowing us to secure these systems against such threats, and raising awareness about the cybersecurity implications of implementing such technologies in the AEC industry.

Keywords: 3D Concrete Printing; Construction 4.0; Cyber-Physical Systems; Cybersecurity; Cyberattack; CVSS; Risk Propagation; Smart Construction Sites; STRIDE; Threat model; Vulnerability Assessment