New technologies are utilized in an increasingly diverse built environment. Digitalization increases efficiency and makes everyday life smoother. On the other hand, with innovations, information security risks have increased. Today, information security and consideration of cyber threats is a key part of planning the built environment.
Digital technology is increasingly used in the built environment, which increases vulnerability to cyber influence. For example, remotely controlled building automation systems used by public buildings, such as hospitals, schools, critical industrial production or water supply, require cyber preparedness at different stages of their life cycle. Disturbances can be caused either by directly influencing the digital systems of real estate or by causing interruptions in, for example, electricity production.
Cyber security related to finished buildings plays a central role in maintenance security work in the construction industry. In 2018, Digipool's cyber team prepared digital security guidelines for the KIRA sector, the Digital Security Guidelines for Real Estate. In addition, in cooperation between Rakennus and Digipools and the Rakennusteitosäätiö, guidelines for the digital security of buildings and the digital security of security systems have been drawn up to guide the industry more comprehensively.
The entities that publish guidelines in the real estate and construction sector are Rakennustietosäätiö (RT guidelines), Sähköinfo Oy (ST guidelines) and Rakennusininsoorliitto RIL ry.
Considering digital security in the everyday life of builders
Companies in the construction industry must take digital security into account in a wide area as part of the risk management of both the company and the construction projects. Digital security includes, among other things, business continuity management and preparedness, cyber security, information security and data protection issues.
Digital security in the construction industry can be viewed from three perspectives: the actual product, i.e. the building, and the company. The operation of construction sites and production facilities is part of companies' digital security.
On construction sites, digital security is concretized in network and information security as well as physical security. In terms of network and data security, the most important thing is to ensure that firewalls, strong passwords and updated data security software are used on the site to prevent unauthorized access to data or the network. Physical threats at the construction site include theft and vandalism.
The contractor is responsible for the automation and building technology of the object that is in the construction phase, including their plan and implementation information, as well as remote management before handing over to the customer. The same rules must be followed in the maintenance of the systems, including digital security, as during use, so that the use of the finished object can start without problems.
Digital security must be taken into account in all phases of the construction project throughout the project's life cycle, starting from planning and ending with operation during operation. Companies must anticipate digital security in business risks and ensure that personnel understand their own role in the organization's digital security as a whole. Often the weakest link in digital security is the actions of a single person. In addition to this, companies must ensure that the digital security of their own and purchased products and services is in order, both in terms of their own business and security of supply.
Steps to digital security
Digital security management: Companies must have a long-term plan to support business continuity and sustainable raising of the maturity level to match the threat and risk field. Digital systems must be kept up to date and it is also important to carry out regular checks and audits to ensure digital security.
Continuity planning: It is recommended to secure the continuity of business operations by preparing for even large-scale disruptions that affect the entire organization, and not just the technical disruption management of a single service produced by e.g. a partner. Concrete steps to prepare are regular backups and active user rights management and monitoring.
Safety culture: Comprehensive development of digital security awareness and expertise, e.g. personnel training. Staff awareness of the importance of digital security is important and staff should know how to identify malicious emails, avoid suspicious websites and report potential security issues.
It is important to note that digital security practices can vary by company, construction site, and product. It is recommended to consult experts and follow the given information security practices and regulations.
Instructions
Elsewhere online
- Digipool
Digital vocabulary from A to Z
Tips and links to different AI applications
- Artificial intelligence.fi: a comprehensive list of different AI applications and their descriptions.
- Somestari.fi: the page hints at the Grog service, which can be used to test different applications. Groq testing tutorial on YouTube.
- Perplexity app offers the answers with references and is a good choice for those looking for information. Perplexity utilizes RAG technology, where information is retrieved step by step from suitable sources and passed to the language model for an answer. Test Perplexity in search "what are HVAC cyber threats". You get straight to the sources. Read more: Information about RAG technology in Tiv's article