BIM-enabled facilities management (FM): a scrutiny of risks resulting from cyber attacks

Building information modelling (BIM) creates a golden thread of information of the facility, which proves useful to those with the malicious intent of breaching the security of the facility. A cyber-attack incurs adverse implications for the facility and its managing organisation. Hence, this paper aims to unravel the impact of a cybersecurity breach, by developing a BIM-facilities management (FM) cybersecurity-risk-matrix to portray what a cybersecurity attack means for various working areas of FM.

This study commenced with exploring cybersecurity within various stages of a BIM project. This showcased a heightened risk of cybersecurity at the post-occupancy phase. Hence, thematic analysis of two main domains of BIM-FM and cybersecurity in the built environment led to the development of a matrix that illustrated the impact of a cybersecurity attack on a BIM-FM organisation.

Findings show that the existing approaches to the management of cybersecurity in BIM-FM are technology-dependent, resulting in an over-reliance on technology and a lack of cybersecurity awareness of aspects related to people and processes. This study sheds light on the criticality of cyber-risk at the post-occupancy phase, highlighting the FM areas which will be compromised as a result of a cyber-attack.

This study seeks to shift focus to the people and process aspects of cybersecurity in BIM-FM. Through discussing the interconnections between the physical and digital assets of a built facility, this study develops a cyber-risk matrix, which acts as a foundation for empirical investigations of the matter in future research.