Is Your Construction Site Secure? A View from the Cybersecurity Perspective

The construction industry is increasingly using information technologies (IT) and operational technologies (OT) to enhance processes and operations through digitization. Creating, editing, storing, and sharing information in digital environments is only one side of the coin; the other involves monitoring and controlling physical processes on construction sites. Given the nature of construction sites, where humans and machines/equipment work collaboratively, safety concerns are rising. The definition of construction safety did not include cybersecurity aspects when legacy equipment was the only option. However, with the availability of cyber-physical systems (CPSs) on-site and the use of interconnected systems (i.e., IoT) such as site tracking systems and remote-controlled and semi-autonomous machines, the importance of robust cybersecurity is magnified. Therefore, it becomes necessary to understand the threats against each type of networked equipment, analyze the system's vulnerabilities, and assess the risks to provide mitigation methods to improve cybersecurity. Cybersecurity frameworks are effective solutions to assess the current security level, set targets, manage risks, and develop strategies. However, they are usually generic, and customization is needed before employing them in the construction site environment.

Against that background, this study provides an implementation of an existing generic cybersecurity framework that considers the characteristics of construction sites utilizing OT. Different frameworks/standards published by different organizations, such as ISO, NIST, and IET, are reviewed to evaluate their suitability to the construction environment. To illustrate the application of the cybersecurity framework, a hypothetical construction site with autonomous earthmoving equipment is utilized to demonstrate the practical aspects and implementation steps. The advantages and limitations of the suggested framework are discussed. This study sheds light on the specific cybersecurity needs of construction sites with OT and helps to build a security-minded approach within the construction industry.