As early beneficiaries of the hyper-connected phenomenon known as Internet of things, construction firms are already reaping the rewards – but they are doing so at a risk

Cyber 1

From advanced micro sensors that self-detect imminent and potentially costly repairs to ultra-sophisticated tagging and tracking systems, the internet of things (IoT) is taking the construction industry by storm. But the opportunities are not without risks.

At its core, the IoT is a simple concept: objects or construction materials are connected to machines or devices through electronic tags and hooked up to the internet, thus enabling several objects to communicate with each other. In this hyper-connected system, data can be captured on, for example, the availability of steel, iron and cement and used to pre-empt supply chain downtime or to monitor the health of machinery, allowing for early maintenance and repairs.

Some companies are pushing the boundaries of innovation further still, by constructing ‘smart’ or energy-efficient buildings.

Leading by example, IBM has applied its smart building initiative – tools to better manage energy consumption and reduce operating costs – to its own premises.

From 2009, the firm began renovating its manufacturing sites, installing hundreds of thousands of sensor points so it could connect equipment via the internet and control its energy consumption onsite.

In its Rochester, Minnesota site for example – the firm’s 7th highest energy-consuming building – more than 250,000 sensor points were installed across 3.2 million square feet. Sensors were attached to high-energy consuming equipment and then connected to analytics devices. Significant amounts of data and intelligence were collected about the output of each machine, which was then used to optimise high-energy consuming equipment. This helped IBM make 8%-worth of savings.

Additionally, the sensors have been used to detect machine faults and, through IoT connections, alerts can be sent to maintenance specialists, with a call to address the issue imminently.

“Because of the extra information we can now give engineers, they are more likely to be able to fix the problem first time,” says Trevor Miles, smarter buildings, real estate and facilities management consulting lead at IBM Global Business Services, UK and Ireland. “Engineers can often do the work in about half the man-hours that would otherwise be required if they didn’t have that level of information,” he adds.

However, as some experts were quick to point out, such advancements have the potential to be highly disruptive. A hyper-connected construction site – with hundreds of connected objects and devices – is open to cyber risk, says John Roberts, construction industry leader for the UK at Willis.

“Systems can be attacked externally unless adequate protections are in place, ” he says.

“People can construct a building and find out, once the building has been completed, that their models have been infiltrated [by hackers] and that some key design criteria have been changed.”

In addition, a cyber attack could shut down vital operating and security systems. “Examples of this can be found in fire and camera security systems, which hackers can potentially turn on and off. Additionally, they could set off sprinklers – which can all be achieved by infiltrating these systems.”

Minimising the risks

IoT has already started to redefine the risk equation for many enterprises, highlighting more than ever the importance of effective risk management.

Being aware of the risks is the first step and incorporating cyber security measures should follow swiftly, says IBM’s Miles.

“Often, what people will do is build in multiple levels of security, so if a hacker gets through the first level, they can’t do anything too serious at that point.

“Some devices may be programmed to go into a fail-safe mode if there’s interference.”

He adds that software and virtual gateways must be kept up to date, so that there are no “historic vulnerabilities just waiting to be exploited.”

Indeed IoT is not without its risks. But if the IBM example is anything to go by, the risk may be worth taking…

But only if coupled with the right risk prevention defence.