Skip to content

Search the knowledge portal

  • PublisherCIBSE
  • Product CodeP_DE6.1
  • Number of pages34
  • Publication DateJan 2019
  • ISBN9781912034079

DE6.1: Cyber security in building services design


PDF Format




PDF Format



DE6.1: Cyber security in building services design

DE6.1, part of CIBSE’s Digital Engineering Series, is intended to assist those that commission, design, construct and operate built assets in understanding the implications of security on building services design. These implications may revolve around national security, commercial security or private security. Each will have individual requirements, and this publication looks to provoke thought in this regard. The solutions will be a matter for each individual organisation, company or person to ascertain.

This guidance considers the risks and threats associated with security, and examines these in the context of building services design and how those considerations should change our approach to basic design considerations; it also identifies the need for dedicated security experts to review and feed into each design.

Building services are increasingly part of the connected world, and this presents outside actors with opportunities to interfere with these services for myriad reasons. Such interference can have commercial or functional implications, and can affect the safety of a built asset; but most of this interference can be avoided by implementing simple changes in design philosophy.

Buildings form an increasingly important part of our national infrastructure as their internal systems become ‘smart’ and connected. They are becoming correspondingly more vulnerable to attack by virtue of their increasing profile and accessibility.
This publication will give readers an understanding of how to carry out a basic risk/ threat assessment, and to understand their own limitations — and thus, help readers to decide when to seek expert help to ensure that building services designs do not cause undue weaknesses to be designed into these vital systems. 


Associated publications

The full set of titles within the Digital Engineering Series, so far published, are listed below. Each is linked to the appropriate page of our website: 

DE1: Pre-qualification Questionnaires (2016)

DE2: Employer's Information Requirements

DE3: BIM Execution Plans

DE4: Common Data Environments

DE5: Asset Information Requirements

DE6: Security Requirements

DE6.1: Cyber security in building services design

DE7: Organisation Information Requirements

DE8: Project Information Requirements DE9: Application of Soft Landings and Government Soft Landings in Building Services Engineering

We have also provided templates that should help with organise Model Review Meetings, which are available here: 

Model Review Meeting Agenda
Model Review Meeting Minutes

Contents of DE6.1:

  • Introduction
  • Scope
  • Terms and definitions
  • Analysis
    • Context Analysis
    • Risk Analysis
      • Stage one: Setting the case for security
      • Stage two: Assess security requirements
      • Stage three: Understand the design
      • Stage four: Cause and effect
    • Risk Appetite
  • Solutions
    • Basic wins
    • Complex solutions
  • Conclusion

Andrew Krebs - Hoare Lea LLP

Technical advisors
Hugh Boyes - Bodvoc Ltd
Carl Collins - Consultant to CIBSE
John Taylor - Hoare Lea LLP

Matt Crunden - Legrand Electric Ltd
Miguel Castro - Schindler Ltd
Gavin Dunstan - SES Engineering Services