Vulnerability Assessment of Construction Equipment: An Example for an Autonomous Site Monitoring System

The digital transformation of the construction industry is accelerating with the advances in information technology (IT) and operational technology (OT) and their convergence. While the benefits of such transformation in construction are apparent, cybersecurity aspects are usually overlooked. Cyber-attacks against project information can cause the exposure of confidential project data, intellectual property, and personal information and interruption of project tasks. On the other hand, cybersecurity incidents affecting the OT utilized in the project can lead to misinformation, harm people nearby, or even cause loss of life. Given the criticality of providing robust cybersecurity in construction projects, this study aims to (1) point out the cybersecurity considerations to be taken into account before utilizing autonomous equipment on-site, (2) raise awareness about cybersecurity in construction, and (3) present an example of using vulnerability assessment systems in construction projects. This paper utilizes the Common Vulnerability Scoring System (CVSS) to assess the vulnerabilities and risks of different levels of an autonomous site monitoring system. Four assessors with different backgrounds in cybersecurity and robotic systems performed the assessment. The results revealed the most vulnerable levels of the assessed robotic system, which can be considered as a warning. The assessment suggested in this study can help construction decision-makers identify the levels they need to pay extra attention to before employing a cyber-physical system (CPS) on-site. Utilizing CVSS to conduct a vulnerability assessment for CPSs during the construction phase has not been proposed by any previous study, making this paper novel.