Skip to content

CIBSE is currently upgrading its IT systems to improve core customer functions and increase efficiency and effectiveness. This will mean some website services will be offline until Monday 25 July. Help

Search the knowledge portal

  • PublisherCIBSE
  • Product CodeDE6
  • Number of pages20
  • Publication DateJul 2017
  • ISBN9781906846985

DE6: Security Requirements

CIBSE Members

PDF Format

£25.00

Purchase

Non-members

PDF Format

£50.00

Purchase

DE6: Security Requirements

DE6, part of CIBSE's Digital Engineering series, is intended for those that commission, design, construct and operate built assets to understand the scale of the security implications.

These implications may revolve around national security, commercial security or private security. Each will have individual requirements and this document looks to provoke thought in this regard. The solutions will be a matter for each individual organisation, company or person to ascertain.

This guidance follows the approach of PAS 1192-5:2015, but also addresses other aspects of security not covered by the PAS. It considers aspects to be made that are more specific to the Building Services Engineer, such as Building Management Systems (BMS) and Internet of Things (IoT) devices as used in Building Services systems.

The increasing use of technology in construction has revolutionised the way information is shared, accessed, transferred and used. The advent of Building Information Modelling (BIM) has increased the amount of data transferred and required in these information exchanges. This in turn presents a number of issues to be considered when collaborating on projects, from those responsible for the implementation and administration of information management systems, to the day to day users and operators of the asset.

This document deals with cyber security in terms of planning for and dealing with attacks with reference to other, existing standards and with special interest paid to the elements of building services systems that may represent vulnerabilities to such actions.


Associated publications:
The full set of titles within the Digital Engineering Series, so far published as at July 2017, are listed below. Each is linked to the appropriate page of our website:

We have also provided templates that should help with organise Model Review Meetings, which are available here: 

Model Review Meeting Agenda
Model Review Meeting Minutes


Contents:

Foreword

Introduction

Scope

PAS 1192-5

General principles

Built Asset Security

  -Security manager

  -Built Asset Security Strategy

  -Built Asset Security Management Plan

     -Personnel aspects

     -Process aspects

     -Physical aspects

     -Technical aspects

     -Project logistical security requirements

     -Provision of data or information to third parties

     -Public access to information

     -Public presentations

     -Managing accountability and responsibility for security

     -Monitoring and auditing

   -Review of the BASMP

  -Security Breach/Incident Management Plan

  -Assessment of the potential risks in the event of a security breach or incident

  -Risk mitigation

  -The review process

  -Review of the SB/IMP

Built Asset Security Information Requirements

Working with suppliers

Asset management

Common Data Environments

  -Setup

  -Access

  -Training and awareness

  -Technical integrity

Cyber security

  -Building Management Systems

  -Smart meters

  -Web-enabled devices

  -Internet of Things

Security and building regulations

Questions for the IT Department

  -Boundaries

  -Connectivity

  -Cooperation and coordination

  -Advice for behaviour

  -Updates and maintenance

  -Firewalls between connections

  -Air gaps

  -Intelligence and surveillance

  -Server locations

Dealing with the aftermath

  -Continuity planning

  -Data recovery

  -Public relations

Conclusion

Appendix 1 – Further Reading

References


Author:
Carl Collins

Acknowledgements:
Dwight Wilson–Imtech
Dr Hywel Davies–CIBSE
Martin Howe–SES Engineering
Jeremy Newsome–WSP
Chris Powell–Atelier Ten
Mojca Roženičnik Korošec–Turner & Townsend
BEAMA BIM Steering Group