BIM can expose buildings to cyber attack, engineers warned

BIM models can be turned into tools that help people pull off criminal acts, according to security experts

Hugh Boyes

Hugh Boyes

Government security specialists are becoming increasingly concerned that Building Information Modelling (BIM) is creating a ‘soft underbelly’ in buildings that could be exploited by terrorists and cyber criminals to create havoc in highly sensitive facilities.

A number of speakers at the CIBSE Building Performance Conference said engineers needed to be more ‘security minded’ when sharing information via BIM models, and warned that many were giving ‘unfettered access’ to sensitive and compromising information that extended beyond the buildings being designed into neighbouring infrastructure.

Many models show details of critical elements of sensitive sites; the location of hidden cables and access facilities; and even blast calculations for steelwork on tender documents sent outside the UK.

Hugh Boyes from the Cyber Security Centre at Warwick University said: ‘We should be really worried about where our technology is taking us in terms of security’. He warned that the vulnerabilities being created by unsecured building engineering elements were as significant as weaknesses exploited by web hackers.

‘BIM models can be turned into tools to help people pull off criminal acts,’ said Boyes, who pointed out that many project teams and their clients had no idea how their information was being used, and who had access to models that were freely posted on the internet. Often design teams will share complete building models with suppliers, which should only have access to the specific parts relevant to their activity.