In May 2017, a ransomware attack exploited outdated operating systems in the U.K., resulting in the temporary shutdown of 16 hospitals. Two months later, credit reporting agency Equifax revealed that hackers used an application vulnerability to leak the personal information of more than 143 million Americans. Cyberattacks such as these risk more than sensitive information; they also jeopardize valuable capital. Cybereconomic data company Cybersecurity Ventures predicts that global ransom payout costs in 2017 will exceed $5 billion—15 times the amount paid in 2015. And according to technology research firm Gartner, global information security spending will reach $93 billion in 2018.
The statistics are staggering, especially since business workflows and assets have largely gone digital. Architects and builders have welcomed significant shifts in their digital workflow with cloud-based BIM software for remote project coordination, internet file hosting for global accessibility, and virtual workspaces for team communication. And the end results—the buildings themselves—are slowly but increasingly connected to Internet of Things (IoT) networks, with building management systems storing user information on everything from HVAC usage to lighting preferences.
Consider the following hypothetical scenarios: a hacker targeting an architecture firm could expose sensitive data about a client’s confidential business operations; a data breach at Dropbox could expose any one of the 1.5 billion DWG (drawing) files currently stored on the platform; and a cyberattack focused on a building control system in a hospital or airport could put the safety of its occupants at risk.
These situations are certainly on the minds of technology leaders at any architecture firm doing government, infrastructure, defense, or corporate work. Below, design and information technology (IT) professionals explain how they stay one step ahead of cyberattacks through secure cloud platforms, prioritizing network security, and integrating blockchain.
Balancing Security and Collaboration in the Cloud
As Woods Bagot’s principal of technical innovation based in New York, Shane Burger has witnessed his firm’s digital tools become increasingly connected to the cloud. Instead of storing CAD files and 3D models on local hard drives, these files now live on internet-based services, allowing practitioners from the firm’s offices worldwide to work together on a project. However, the transition to the cloud was not without its risks. The Breach Level Index estimates that 4.9 million data records are lost or stolen globally every day.
Thus, businesses relying on the cloud need to secure their data. “It’s a balance,” Burger says, “On the one hand, our teams need to be able to share their data with their teams and clients as freely as possible, but we also need to consider how digital data is being securely controlled and accessed.” Woods Bagot balances these requirements by establishing an internal list of approved cloud services for employees to use. These services are set up under enterprise agreements with providers that address security and intellectual property.
Autodesk, the software giant behind AutoCAD and Revit, is one such provider that has been strategically connecting their programs to cloud platforms, such as BIM 360, for collaboration since 2013. Reeny Sondhi, Autodesk vice president and chief of product and cloud security and compliance, focuses on implementing cloud strategies that address the top security threats facing the company's customers. For many of Autodesk's clients, security weaknesses still boil down to vulnerabilities associated with individual user passwords. In Verizon’s 2017 Data Breach Investigations report, researchers found that 80 percent of hacking-related breaches leveraged weak or guessable passwords. Sondhi notes the importance of sharing this information so Autodesk's customers can better protect themselves. “It’s a joint responsibility,” she says. “Setting strong passwords, using two-factor authentication, and using federated identity and single sign-on reduce the risk of stolen passwords.”
Complying with New Cybersecurity Standards
For global firm HDR, digital security standards are often dictated by new client requirements. “We believe that cloud collaboration adds value to our projects,” says Rachel Riopel, AIA, digital design principal based in the firm’s Omaha, Neb., office. “But we also need these technologies to comply with the policies of the clients we work with. Many of our government projects have security standards that impact how we use our tools.”
To keep up with evolving standards and compliance requirements, HDR tasked an internal IT team with tracking the latest developments in policy and its potential consequences for the firm’s data strategies in the future. One resource was the National Institute of Standards and Technology's 2017 publication of a cybersecurity self-assessment handbook that introduced new standards for increased security on the transmission and storage of controlled unclassified information. For architects and builders, this information could include data about facilities. The requirements affect anyone with a government contract.
“We discovered that some of our commonly used tools [including our cloud-based collaboration platforms] didn’t fully comply with the new requirements,” Riopel says. This realization meant devising production strategies and workflows that didn’t rely on cloud services. “We had to find alternatives to meet the new standards and deliver our projects successfully.”
Software companies are also taking steps to protect their users. According to Autodesk’s product security website, the company regularly performs third-party audits on its platforms to ensure compliance with industry best practices and standards. “We continue to bolster our infrastructure and network security and are also focused on increasing our compliance efforts,” Sondhi says.
Is Blockchain the Future of Security?
To say that blockchain—a digital ledger that chronologically and securely tracks transactions, including those involving cryptocurrencies like Bitcoin—is experiencing a great deal of hype in the media would be an understatement. Blockchain has been cited as a technology poised to disrupt banking, healthcare, manufacturing, and nearly every supply chain imaginable. Participants in a blockchain can collectively agree and verify any transaction without the need for a centralized authority, making a blockchain’s records nearly tamper-proof—a very appealing concept for cybersecurity.
As an example, Kristoffer Josefsson, chief technology officer of New York–based blockchain development company Foam, is creating applications for using the technology in GPS, which is used to locate an object or person in the world, but also vulnerable to hacking. This weakness made the headlines in 2017 after several U.S. Navy ship collisions raised concerns about the ability of navigation systems to be tampered. “When we apply blockchain to the problem of geospatial location,” Josefsson says, “proof of location is given when everyone on the blockchain agrees on the truth.”
Greenville, S.C.–based human factors and information architecture consultant Joseph Manganelli, AIA, believes that blockchains may become a necessity as built environments and cities become smarter. “The complexity of a city with an infinite number of parameters makes the idea of centralized system impractical,” Manganelli says. Blockchain could be used to securely regulate devices that track anything from available parking to infrastructure maintenance such that all devices in the network are able to verify the validity of their reports. “Blockchain offers a way for fast and cheap validation of transactions for a decentralized network of devices,” he adds.
Though potential uses of blockchain in architecture and construction are still speculative, Manganelli outlined other potential applications in a January presentation at the National Institute of Building Sciences’ Building Innovation conference: Blockchain could help track and secure deliveries to project sites, enable more accurate post-occupancy benchmarking by storing data on decentralized networks, and save money and man-hours by reducing transaction times, the number of staff necessary to process transactions, and the potential for mistakes.
As buildings and communities increasingly become interconnected, Manganelli says, architects are in the unique position to manage and utilize collected data once blockchain technology becomes accessible: “As an industry, if we are in a position to document and dictate how things are supposed to function and interact, and if that’s a relatively low-risk and high-profit thing to do, we would be fools not to do it.”