Paul Glass and Jill Hamilton of Taylor Wessing’s cyber security team consider the benefits and risks of internet-enabled technology during the construction and occupation of buildings
The evolution of the digital built environment is well under way. Digital innovation and BIM technology have the capacity to transform the process of design, construction and management of smart buildings and smart cities.
Connected home technology is one of the fastest-growing areas of the “internet of things” or IoT. Smart security, smart thermostats, connected appliances and smart lighting are at the forefront of smart devices in the home, which tend to focus on convenience, remote operation and energy efficiency.
Whether its smart lock systems in student accommodation, home air-conditioning connected to the user’s phone, voice recognition systems like Amazon’s Alexa, or remotely accessed video doorbells, more and more interconnected technologies are becoming a part of buildings.
New buildings are being constructed to integrate such technologies, not only by incorporating connectivity but by installing technology to monitor performance and help tackle defects or wear and tear as early as possible.
More widely, smart environments and smart cities are already in use through internet-controlled building management systems, in-traffic management systems where variable speed limits ease congestion, and apps that feed real-time information about train delays to users.
However, smart cities are not only about technology and exploiting the power of open data but also about how that data is then shared to enable a city to function better. Smart cities are, too, about managing the physical assets such as buildings, and creating smart city infrastructure that will enable better decisions to be made about the future maintenance and use of those assets.
The role of construction
The construction and engineering industry can play a major part in smart building and smart city development, not only in developing new and smarter buildings and infrastructure but also in upgrading existing buildings.
New technologies can assist with monitoring assets, for example by enabling the age and design life of an existing building or structure to be defined. Knowing how infrastructure and buildings are going to perform throughout their design life will enable users to be proactive rather than reactive in managing those assets.
The installation of innovative fibre optic and wireless sensor networks in the tunnels at some of the new Crossrail station sites is a good example of the use of new technologies.
Analysis of the data collected will provide insights into the performance of construction materials in the tunnels, allowing upgrades to be managed efficiently and reducing the need for disruptive maintenance.
While smart technology can bring huge benefits to users, it also has enormous potential to generate and transmit both personal and anonymised data to third parties, and this is susceptible to hacking.
Hackers could use the information obtained to bypass security systems or to reconnoitre a building for terrorism or other criminal purposes, or else use the data for commercial gain by exploiting intellectual property or holding the information to ransom.
Competitors may also seek to gain access in order to steal intellectual property, or to steal or leak commercially sensitive or confidential information. They may also want to sabotage the project, or to delay or prevent construction progressing.
In addition, the ongoing use of the smart aspects of a building into its occupational phase means that the risks extend beyond the construction phase. Long-term provision therefore needs to be made for the management of these risks.
All of those involved in the construction industry will increasingly need to be aware of the potential security risks when working with smart technologies, to manage and defend digital and physical assets from cyber attacks.
Being able to demonstrate robust cyber security policies and compliance with regulations and guidelines will become a key part of tendering for projects, as will the ability to evidence regular updates and testing of those policies.
Additionally, the ability to comply with appropriate encryption processes and other security requirements imposed on a project will be critical. Employers will want to know that there is a culture of security awareness within an organisation to back up those policies and procedures.
For those procuring smart buildings, it will be important to include appropriate provisions in contracts to manage the risk of cyber crime. This should include providing for appropriate processes and protocols, as well as making clear the responsibilities for managing them.
Contracts will also need to appropriately allocate insurance obligations to ensure that there is cover in place should there be an attack.
The government has recently launched its Secure by Design review, to develop a privacy by design approach to IoT devices. This is initially intended to result in a code of practice for home IoT devices, but we also expect to see cyber security becoming a more integral part of contracts for construction and engineering projects in the near future.
Paul Glass is a partner in the disputes and investigations group and Jill Hamilton a senior counsel in the construction and engineering group at Taylor Wessing. For more information on the firm’s cyber security team go to united-kingdom.taylorwessing.com/en/cybersecurity