Skip to content

Search the knowledge portal

  • PublisherCIBSE
  • Product CodeDE6
  • Number of pages20
  • Publication DateJul 2017
  • ISBN9781906846985

DE6: Security Requirements

CIBSE MEMBER PRICE

PDF Format

£0.00

Purchase

STANDARD PRICE

PDF Format

£25.00

Purchase

DE6: Security Requirements

DE6, part of CIBSE’s Digital Engineering Series, is intended for those that commission, design, construct and operate built assets to understand the scale of security implications.

These implications may revolve around national security, commercial security or private security. Each will have individual requirements and this document looks to provoke thought in this regard. The solutions will be a matter for each individual organisation, company or person to ascertain.

This guidance follows the approach of PAS 1192-5:2015, but also addresses other aspects of security not covered by the PAS. It considers aspects to be made that are more specific to the Building Services Engineer, such as Building Management Systems (BMS) and Internet of Things (IoT) devices as used in Building Services systems.

The increasing use of technology in construction has revolutionised the way information is shared, accessed, transferred and used. The advent of Building Information Modelling (BIM) has increased the amount of data transferred and required in these information exchanges. This in turn presents a number of issues to be considered when collaborating on projects, from those responsible for the implementation and administration of information management systems, to the day to day users and operators of the asset.

This document deals with cyber security in terms of planning for and dealing with attacks with reference to other, existing standards and with special interest paid to the elements of building services systems that may represent vulnerabilities to such actions.

Associated publications

The full set of titles within the Digital Engineering Series, so far published as at October 2017, are listed below. Each is linked to the appropriate page of our website:
 

DE1: Pre-qualification Questionnaires (2016)

DE2: Employer's Information Requirements

DE3: BIM Execution Plans

DE4: Common Data Environments

DE5: Asset Information Requirements

DE6: Security Requirements

DE7: Organisation Information Requirements

DE8: Project Information Requirements

We have also provided templates that should help with organise Model Review Meetings, which are available here: 

Model Review Meeting Agenda
Model Review Meeting Minutes

Contents of DE6

  • PAS 1192-5
  • General principles
  • Built Asset Security
    • Security manager
    • Built Asset Security Strategy
    • Built Asset Security Management Plan
    • Security Breach/Incident Management Plan
    • Assessment of the potential risks in the event of a security breach or incident
    • Risk mitigation
    • The review process
    • Review of the SB/IMP
  • Built Asset Security Information Requirements
  • Working with suppliers
  • Asset management
  • Common Data Environments
    • Setup
    • Access
    • Training and awareness
    • Technical integrity
  • Cyber security
    • Building Management Systems
    • Smart meters
    • Web-enabled devices
    • Internet of Things
  • Security and building regulations
  • Questions for the IT Department
    • Boundaries
    • Connectivity
    • Cooperation and coordination
    • Advice for behaviour
    • Updates and maintenance
    • Firewalls between connections
    • Air gaps
    • Intelligence and surveillance
    • Server locations
  • Dealing with the aftermath
    • Continuity planning
    • Data recovery
    • Public relations

Author

Carl Collins - Consultant to CIBSE

Acknowledgements

Dwight Wilson – Imtech
Dr Hywel Davies – CIBSE
Martin Howe – SES Engineering
Jeremy Newsome – WSP
Chris Powell – Atelier Ten
Mojca Roženičnik Korošec – Turner & Townsend
BEAMA BIM Steering Group