CIVIL ENGINEERING 365 ALL ABOUT CIVIL ENGINEERING



IntroductionArguably, the construction industry is far from achieving the level of maturity required to reach Industry 4.0, which requires the networking of the physical world and the use of cyber-physical systems (CPSs) (Klinc and Turk 2019). However, there is no doubt that it is going through a considerable digital transformation. The construction industry is going through a digitization process with the rapid proliferation of technology utilized in each project phase. These efforts to digitize and automate the industry are often named Construction 4.0, which consists of two main aspects: digitizing information and using digital technologies to control and monitor physical assets (García de Soto et al. 2020). The former involves, with the utilization of building information modeling (BIM) technologies, creating digital information models to support design, construction, and operation and maintenance (O&M) phases (Azhar 2011). The latter includes the use of CPSs, which is considered a key concept of Construction 4.0 (Klinc and Turk 2019).CPSs have two domains that cannot be considered independent from each other, namely information technologies (IT)—cyber domain—and operational technologies (OT)—physical domain (Givehchi et al. 2017). These two domains have had a long and isolated history. Eventually, the convergence between them became inevitable due to the invaluable benefits such as improved security risk analysis, improved automation, increased control over the operations, and enhanced tracking in different industries such as water, oil and gas, and manufacturing (Harp and Gregory-Brown 2015). At the same time, cybersecurity is becoming an overarching concern for both IT and OT domains, and many frameworks, standards, and guidance have been developed to address these concerns. Some prominent examples are ISO/International Electrotechnical Commission (IEC) 27001:2013 (ISO/IEC 2013), identifying IT security requirements; “Framework for Improving Critical Infrastructure Cybersecurity v1.1” by the National Institute of Standards and Technology (NIST) (NIST 2018), addressing both OT and IT security; and “Guide to Industrial Control Systems (ICS) Security (NIST SP 800-82)” (Stouffer et al. 2015) by NIST, particularly addressing OT security.Cybersecurity in ConstructionWhile digitization benefits can be obvious, some of the associated risks can be difficult to identify. The amount of valuable digital information in construction projects increases with the growing use of digital tools for creating designs, engineering calculations, and schedules, and the utilization of centralized common data environments (CDEs) for storing these files (García de Soto et al. 2020). Moreover, the increasing use of complex CPSs—utilizing controllers, sensors, and actuators—is making its way into automated sites and off-site fabrication (i.e., modular construction) in the construction industry (BSI 2015). Digitization augments the cybersecurity concerns in construction as it did in other industries (Mantha et al. 2021). There have been significant examples of cyber incidents that occurred in the recent past. For example, Turner Construction Co. was subjected to a cyberattack in March 2016, and many current and former employees’ tax information was exposed (Sawyer and Rubenstone 2019). In 2013, the blueprints (i.e., building layouts) of the Australian Intelligence Service headquarters were stolen by hackers through project computers (Watson 2018). These cyber incident examples are pertinent to financial and information losses. On the other side, cyber-physical attacks against construction sites can lead to physical injuries and casualties with the increasing use of CPSs during construction activities. Therefore, due diligence in ensuring required security measures against cyber threats and raising employee cyber awareness are paramount for the construction sector.Research efforts by academics, government efforts by enforcing security-minded construction regulations, and security standards and frameworks specifically prepared for construction can prepare the sector for upcoming cyber and physical security challenges (Sonkor 2020). Some studies have focused on the OT cybersecurity aspects of the O&M phase due to the building management/automation systems installed in buildings with complex HVAC, mechanical, and electrical systems. Boyes (2013) addressed cybersecurity risks in intelligent buildings; Pärn and Edwards (2019) and Pärn and García de Soto (2020) pointed out cyber-physical threats confronting critical infrastructure (CI) operations; Gračanin et al. (2018) proposed a biologically inspired security system for smart buildings. When the design and construction phases are considered, the literature on cybersecurity in construction has been focusing on IT rather than OT as the advances in information digitization have been more rapid than the digitization of physical operations during construction activities. Turk and Klinc (2017), Nawari and Ravindran (2019b), and Safa et al. (2019) identified the potential use of blockchain technology in construction management, and Shemov et al. (2020) proposed a blockchain platform to enhance some of the challenges faced in the construction supply chain. There have been few research efforts covering the cybersecurity aspects of physical operations on construction sites, such as Mantha et al. (2020b) and Mantha and García de Soto (2020) proposing the implementation of the common vulnerability scoring system (CVSS) to construction networks and García de Soto et al. (2020) suggesting further research considering cyber threats against increasingly digitized and automated construction site activities.Operational TechnologyOT can be defined as “hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes, and events” (Gartner, n.d.). Therefore, the difference between OT and IT is that the former deals with physical processes, while the latter focuses on processing and distribution of data (Hahn 2016). It is also necessary to define industrial control system (ICS) since it is closely related to OT (Hahn 2016). ICS is an umbrella term that covers various control systems such as supervisory control and data acquisition (SCADA) systems and distributed control systems (DCSs), which are utilized in environments such as CIs, smart buildings, and automated manufacturing (Stouffer et al. 2015; Harp and Gregory-Brown 2015). Considering that most of the current ICSs have evolved from physical control systems by implementing IT functions (Stouffer et al. 2015), this paper does not assume a subset/superset relationship between ICS and OT. Instead, OT is considered the essence of ICS since ICS’s primary purpose is to monitor and control physical processes along with various ancillary tasks (Hahn 2016).In the past, OT systems counted on security through obscurity. In most cases, that was sufficient since the connectivity was low (i.e., the systems were more isolated), and the different systems were operated manually or by proprietary controls (Mansfield-Devine 2019; Harp and Gregory-Brown 2015). Moreover, an attack against OT systems was not considered since there were no identified cyber threats (Mansfield-Devine 2019). This has changed with the OT-IT convergence and networked industrial systems [i.e., Industrial Internet of Things (IIoT)]. The difference in the characteristics of OT and IT brought the need for different cybersecurity requirements. Today’s ICSs with both OT and IT domains require high availability since CIs (e.g., power grids, nuclear plants, and water/gas systems) and manufacturing require near-zero downtime (Hahn 2016). Another necessity is to prioritize the safety of employees and the surrounding environment due to the physical aspects (Hahn 2016). Construction is no different when it comes to the cybersecurity concerns that stem from the utilization of OT.The cybersecurity awareness toward OT has been growing since the Stuxnet incident in 2010 that targeted Iran’s nuclear plant, Natanz, and damaged around 25% of its centrifuges enriching uranium (Piggin 2014; Zetter 2014). After the Stuxnet incident, other disastrous attacks have been reported. Shamoon malware attacked Saudi Arabia’s state-owned oil company Saudi Aramco (Dhahran, Saudi Arabia) and Qatari natural gas company RasGas (Doha, Qatar) in 2012, destroying data and leaving infected systems unusable (Hemsley and Fisher 2018). In 2015, an attack against Ukrainian energy distribution companies left almost 250,000 people without electricity, making this incident the first publicly known power grid cyberattack (Hemsley and Fisher 2018). In February 2021, the Bruce T. Haddock Water Treatment Plant in Oldsmar, Florida, was hacked by an attacker (Margolin and Pereira 2021). The plant was using an outdated operating system that allowed the hacker to access the computer system and alter the chemical levels of the water supply (Margolin and Pereira 2021). The intrusion was detected before any major damage occurred (Margolin and Pereira 2021).While there are numerous studies on the cybersecurity of OT in different sectors such as manufacturing, oil and gas, and power and utilities, limited literature has been produced considering the construction industry. However, compromised construction equipment or robotic systems equipped with sensors and controllers could cause serious injuries or even loss of life (Boyes 2015). A report published by Trend Micro Research (Andersson et al. 2019) revealed that millions of vulnerable radio frequency (RF) controller units are installed on industrial machinery (e.g., cranes) and used in different industries, including construction. In addition to tower cranes, automated earthmoving machinery, reinforcement positioning robots, automated steel structure assembly machines (Bock and Linner 2016), and three-dimensional (3D) concrete printers are some other examples with OT components that, if compromised, can pose a danger to construction projects and surrounding people (e.g., construction workers and operators). Another concept relevant to the use of CPSs in construction projects is digital twins (DT). Grieves and Vickers (2017) define DT as creating the virtual equivalent of a physical product that enables obtaining any related information. DT can be utilized for real-time monitoring purposes on construction sites (Kan and Anumba 2019), which might increase the cyber threat surface by providing hackers with access to the accurate locations of the machinery and workers. On the other side, monitoring the changes on-site with DT algorithms can help take prompt actions in hazardous situations caused by compromised OT components.The importance and relevance of CI explain why the existing literature focuses on the O&M phase of such infrastructure (e.g., industrial plants, power grids, and water treatment plants) compared to other phases or infrastructure. Past experiences have resulted in environmental hazards or power outages that affected hundreds of thousands, proving that both IT and OT systems are vulnerable to cyberattacks. Digitization, automation, and increasing OT use during the construction phase have led to the proliferation of similar cybersecurity concerns for all project types (not only CI related) and different project phases (not only O&M); however, OT-related cybersecurity studies are limited in the construction literature. This study provides a systematic review to explore the current state of the art, identify research gaps, and provide suggestions for advancement/future research to close the gaps identified.The rest of this article is organized as follows. The “Research Methodology” section shows the steps of the bibliometric analysis and literature review. Each step is described in detail. Then, various research themes are derived from the analysis following the research methodology. Each theme is scrutinized by reviewing the related publications, and, as a result, gaps and suggestions are identified in the section “Research Themes.” The “Discussion” section gathers the findings from the review of different themes and provides an overview of the study. The limitations of this research are enumerated and discussed in the section “Limitations.” Finally, “Conclusion and Outlook” section recapitulates the critical findings of the research and identifies future directions.Research ThemesThere are four different colored clusters in Fig. 4 that represent four different research themes. One of the parameters determining the number of clusters on VOSviewer is the resolution. The number of clusters increases in proportion to the resolution value (Van Eck and Waltman 2020). For this analysis, the resolution value was set to 0.9. The colors of each cluster were assigned automatically by VOSviewer, and the color does not have a particular meaning as the network visualization option was used for Fig. 4.VOSviewer creates the clusters based on the similarities of the words (Van Eck and Waltman 2010). The similarity between two words is calculated using the similarity measure named the association strength (Van Eck and Waltman 2010). Eq. (1) shows the formula to calculate the similarity (sij) between the words i and j. In that equation, cij refers to the number of co-occurrences of the words i and j, and wi and wj refer to the total number of occurrences of the words i and j (Van Eck and Waltman 2010). After similarities are calculated by Eq. (1), similar words are grouped to form the clusters (Van Eck and Waltman 2010). To assist with the replicability of this study, interested readers can find the data used to analyze the different publications using VOSviewer. All the Scopus files (e.g., .csv bibliographic files) and VOSviewer files (e.g., map and network files with .txt extension) can be found in (Sonkor and García de Soto 2021) (1) The clusters in Fig. 4 are (1) green cluster (the right bottom part): construction automation and cyber-physical systems, (2) yellow cluster (the left up part): intelligent control systems and cybersecurity aspects, (3) blue cluster (the right up part): digital transformation of the construction industry and cybersecurity aspects, and (4) red cluster (the left bottom part): network security for operational technologies. The titles of the clusters aim to summarize each cluster as much as possible, considering the research context. In Fig. 4, the circle (and text) size of each keyword gives an indication of the number of publications in which the keyword occurs—the size increases in proportion to the number of occurrences. For example, in the investigated publications, network security was used more frequently than cyberattacks, which can also be understood by comparing their circle and text sizes in Fig. 4. The location of the circles indicates the relatedness of the keywords in terms of co-occurrences, in which more related keywords are demonstrated with closer circles. For example, critical infrastructures is located near public works in the blue cluster (upper right-hand side of Fig. 4), which illustrates that they are often included together in the publications. The related keywords are connected with colored lines that are thicker in width if the relatedness is high. For example, the curved line between network security (red cluster) and embedded systems (green cluster) is thicker than the line between embedded systems and controllers (green cluster), which shows the stronger link of the former keyword couple.The keywords in each cluster and their number of occurrences are presented in Table 4. These keywords should be considered in the context of each cluster, e.g., the keyword robotics under the green cluster should be interpreted as the robotics developed for the construction industry.Table 4. Number of keyword occurrences in each clusterTable 4. Number of keyword occurrences in each clusterKeywordKeyword occurrenceEmbedded systems12Robotics11Cyber-physical systems10Automation5Construction automation5Construction equipment5Controllers5Industrial robots4Man machine systems3Intelligent control15SCADA systems10Legacy systems4Security of data4Control system analysis3Learning systems3Building information modeling5Architectural design4Information and communication technologies4Internet of Things4Risk assessment4Accident prevention3Blockchain technology3Critical infrastructures3Public works3Network security13Intrusion detection systems6Computer crime4Crime4Cyberattacks4Computation theory3Data acquisition3Monitoring3Programmable logic controllers3Water treatment3Fig. 5 shows a Sankey diagram that provides a mapping between the three search categories from Table 2 (i.e., construction and OT, construction and cybersecurity, and OT and cybersecurity) and the four clusters identified from VOSviewer (as provided in Table 4; Fig. 4). The number of publications is located under the category names, under the cluster names, and on the links that connect categories to clusters. This diagram only involves the 55 publications that remained after the detailed screening (i.e., Step 6).Each publication was mapped to a cluster based on its keywords (e.g., a publication with the keyword intelligent control was mapped to the yellow cluster). Publication numbers presented in Table 2 (under the second column from the right) and Fig. 5 do not match since there are publications that were mapped to more than one cluster based on their keywords. For example, if a publication was returned by Search 11, which belongs to the OT and cybersecurity category, and if this publication includes both public works and network security keywords, it was mapped to both the blue cluster and red cluster in Fig. 5. Table 5 shows the publications that were mapped to multiple clusters and to which clusters they were mapped.Table 5. Publications mapped to more than one clusterTable 5. Publications mapped to more than one clusterSearch categoryPublicationsGreen clusterYellow clusterBlue clusterRed clusterConstruction and OTLundeen et al. (2017, 2019) and Gu et al. (2018)x—x—Construction and OTTamayo et al. (2017)x——xConstruction and cybersecurityBoyes (2015)——xxOT and cybersecurityBabu et al. (2017), Sugumar and Mathur (2017), and Kobara (2016)xxxxOT and cybersecurityDuque Anton et al. (2019), Zhang et al. (2019), Adepu and Mathur (2018), and Yang and Zhao (2015)xx—xOT and cybersecurityAhmed and Mathur (2017), Khan et al. (2017), and Khorrami et al. (2016)x——xOT and cybersecurityGenge et al. (2017)—xxxOT and cybersecurityMashkina and Garipov (2018), Zhang et al. (2016), Drias et al. (2015), and Knowles et al. (2015)—xx—OT and cybersecurityLin et al. (2017), Terai et al. (2017), Ullah and Mahmoud (2017), and Cruz et al. (2016)—x—xThe numbers of publications that remained after the detailed screening are 19 for construction and OT, 11 for construction and cybersecurity, and 25 for OT and cybersecurity, as given in Table 2. In Fig. 5, the numbers of publications for each category are 23, 12, and 55, respectively. This difference shows that the publications under the category of OT and cybersecurity were mapped to the most variety of clusters compared to the other categories. Fig. 5 also shows that the green cluster (i.e., construction automation and cyber-physical systems) comprises the highest number of publications, 33. Since the green cluster’s focus is construction automation and CPSs, it is related to both construction and OT and OT and cybersecurity categories to a large extent. That explains the high number of publications that fall under the green cluster.Interpretations of each cluster (representing a research theme) from VOSviewer are provided in the following subsections. Each cluster’s publications are analyzed and interpreted in the context of this research (i.e., the cybersecurity of OT in the construction phase of construction projects) to identify the existing gaps and suggest future directions for research.Green Cluster: Construction Automation and Cyber-Physical SystemsThe green cluster involves publications mainly related to construction automation, robotics, and the cybersecurity of CPSs. The top three most occurring keywords are embedded systems, robotics, and cyber-physical systems, as provided in Table 4. The term embedded systems covers all hardware and software designed to perform specific functions within larger systems (Omnisci, n.d.). Therefore, it is widely used in the articles related to robotics, such as Melenbrink et al. (2020), Ha et al. (2019), and Bulgakov et al. (2018), and CPSs, such as Ahmed and Mathur (2017), Khan et al. (2017), and Kobara (2016).Various types of robots are being developed to perform specific tasks on construction sites (Pan et al. 2020; Bock and Linner 2016), such as steel wall framing assembly (Tamayo et al. 2017; Bock and Linner 2016), earthmoving (Melenbrink et al. 2020; Gurko et al. 2019; Ha et al. 2019; Czarnowski et al. 2018; Gu et al. 2018; Bock and Linner 2016), bricklaying (Dakhli and Lafhaj 2017; Bock and Linner 2016), and 3D printing of structural elements (Melenbrink et al. 2020; Gharbia et al. 2019; Bock and Linner 2016; Mantha et al. 2020a). These robots, equipped with OT and IT components, aim to save time, improve productivity, reduce cost, and enhance safety during the construction phase (Carra et al. 2018; Tamayo et al. 2017; Bock and Linner 2016). Autonomous systems are also demanded in the military domain, and there have been substantial improvements in military construction utilizing networked robotics, CPSs, and control systems (Ha et al. 2019). Besides autonomous systems, remotely controlled construction equipment is becoming ubiquitous, especially for working in postdisaster areas (Inoue and Yoshimi 2018), performing demolition tasks (Bock and Linner 2016), and performing construction tasks in remote and challenging environments (Melenbrink et al. 2020). Golubeva and Konshin (2016) analyzes the compatibility of WiMAX wireless technology to improve such construction machines’ communication and operation control systems. In addition, several studies have proposed methods for autonomous equipment trajectory planning and generation (Gurko et al. 2019; Yousefizadeh et al. 2019) and sensing and modeling the actual environment for adaptive work (Liang et al. 2019b; Lundeen et al. 2017, 2019).One of the most prominent challenges in construction automation, also differentiating it from other sectors, is to develop such technologies to operate in unstructured, unstable, and changing environments (Melenbrink et al. 2020; Liang et al. 2019a; Carra et al. 2018; Lundeen et al. 2017; Bock and Linner 2016). Moreover, human–machine collaboration on-site requires greater attention to the safety aspect, which constitutes another challenge for automation technologies (Liang et al. 2019b; Yousefizadeh et al. 2019; Czarnowski et al. 2018; Gu et al. 2018). These challenges magnify the importance of cybersecurity on construction sites equipped with autonomous, semiautonomous, and remote-controlled machines. Moreover, utilizing such technologies on military construction sites can draw the terrorist hacker groups’ attention. Even though there has been a significant effort to develop the mentioned technologies, cybersecurity aspects received scant attention (Mantha and García de Soto 2019) from scholars and the construction industry.Gaps and suggestions: the review of the publications related to the green cluster suggests that the cybersecurity aspects have been mostly overlooked in construction automation publications. Even though the significance of safety has been emphasized, the potential cyber threats that might lead to safety hazards have not been frequently mentioned. Therefore, future studies should focus on managing the cyber threat surface that grows with OT utilization on construction sites. The construction-specific threat modeling approach and vulnerability analysis presented in Mantha et al. (2020a) and Mantha and García de Soto (2019) are pioneering examples in this direction and can be used as an inspiration for future research. In the green cluster, the publications focusing on the cybersecurity aspects of OT and CPSs (Duque Anton et al. 2019; Zhang et al. 2019; Adepu and Mathur 2018; Ahmed and Mathur 2017; Babu et al. 2017; Khan et al. 2017; Sugumar and Mathur 2017; Khorrami et al. 2016; Kobara 2016; Schlegel et al. 2015; Wang et al. 2015; Yang and Zhao 2015) can shed light on similar problems in the construction phase even though the workplace dynamics are different from other sectors (Mantha et al. 2020a).Yellow Cluster: Intelligent Control Systems and Cybersecurity AspectsThe yellow cluster covers publications that mainly focus on cybersecurity aspects of control systems. Three keywords that occur most frequently are intelligent control, SCADA systems, and legacy systems. ICSs that consist of IT components, as well as OT, enable intelligent control of processes (McLaughlin et al. 2016). Therefore, intelligent control is frequently used as a keyword in the yellow cluster since most publications are related to the cybersecurity of ICSs.The increasing connectivity of ICSs with IT implementation has made them open to the external world and exposed them to potential cybersecurity vulnerabilities (Duque Anton et al. 2019; Babu et al. 2017; Genge et al. 2017; Ullah and Mahmoud 2017; McLaughlin et al. 2016; Zhang et al. 2016; Drias et al. 2015; Knowles et al. 2015; Yang and Zhao 2015). Although the IT implementation causes an increase in vulnerabilities, the risk assessment and cybersecurity mitigation methods designed for IT do not adequately address ICS security issues (McLaughlin et al. 2016; Zhang et al. 2016; Drias et al. 2015). The widespread use of ICSs in CIs (e.g., smart grids and water treatment plants) further increases the significance of cybersecurity (Li et al. 2019; McLaughlin et al. 2016; Drias et al. 2015; Yang and Zhao 2015) as the availability has a high priority in such environments (Drias et al. 2015), and the physical outcomes might be devastating (Duque Anton et al. 2019; McLaughlin et al. 2016). Renowned CI attacks, such as Stuxnet, augmented academia’s attention toward this subject (McLaughlin et al. 2016), and therefore a considerable number of articles targeted security vulnerabilities of ICSs (Graham et al. 2016), especially considering CIs. Mashkina and Garipov (2018) proposed a threat modeling method for SCADA systems in a cognitive map form; Zhang et al. (2019), Adepu and Mathur (2018), Lin et al. (2017), Terai et al. (2017), Ullah and Mahmoud (2017), and Cruz et al. (2016) developed bespoke intrusion and cyberattack detection systems for ICSs; and Sugumar and Mathur (2017) proposed an approach to test the effectiveness of attack detection methods for the systems requiring high availability. Another proposition made by researchers is implementing artificial intelligence (AI) in cybersecurity to reduce the workload of security analysts (Parisi 2019). On the other side, Akinosho et al. (2020) suggests that machine learning and other AI branches can be used for creating malware and cyberattacks. Therefore, when analyzing AI in the OT cybersecurity context, it should be considered a cyber threat generation tool as well as a possible countermeasure.Gaps and Suggestions: the review of the publications from this cluster reveals that previous cybersecurity studies relevant to OT have mostly focused on CIs due to the major attacks in the past and potential physical outcomes. Therefore, the testbeds used in the experiments and the methods proposed in the articles considered the dynamics and characteristics of CIs—mostly water treatment plants. None of the articles reviewed in this cluster analyzed construction sites that utilize OT for automation, control, and monitoring of construction tasks. The scarce number of examples of large-scale cyberattacks against construction sites in the past partly explains this phenomenon. Future research should focus on adapting the existing ICS cybersecurity solutions to increasingly autonomous construction environments without waiting for disastrous events. This can be achieved by interdisciplinary collaborations with the relevant fields such as Computer Science and Electrical and Electronics Engineering.Blue Cluster: Digital Transformation of the Construction Industry and Cybersecurity AspectsThe blue cluster predominantly focuses on the cybersecurity aspects of digitization in the construction sector. The most used keywords in this cluster are building information modeling, architectural design, and information and communicationtechnologies. BIM is one of the driving factors of the construction industry’s digital revolution, together with the use of CDEs (Pärn and Edwards 2019; Boyes 2015). Therefore, seeing building information modeling as the most occurring keyword in the blue cluster is not surprising.Together, BIM and CDE engender an improved collaboration among the stakeholders of construction projects at every stage (Nawari and Ravindran 2019a; Pärn and Edwards 2019; Boyes 2015). The centralization and digitization of information enhance the efficiency during design, construction, and O&M phases; however, the growing cyberattack surface is inevitable (Pärn and Edwards 2019; Boyes 2015; Richey and Sawyer 2015). Nawari and Ravindran (2019a), Pärn and Edwards (2019), and Safa et al. (2019) suggest employing blockchain technology for improved change tracking, reliable storage of sensitive data, and data ownership. While providing security for project information (e.g., sensitive pricing data, confidential 3D drawings, and personal data) is of paramount importance (Nawari and Ravindran 2019a; Pärn and Edwards 2019; Safa et al. 2019; Grundy 2017; Boyes 2015), considering safety-critical physical outcomes also becomes needed with the proliferating use of CPSs on construction sites and in built environments (Pärn and Edwards 2019; Gračanin et al. 2018; Grundy 2017; Boyes 2015). For this reason, Boyes (2015) suggests augmenting the Parkerian Hexad (i.e., confidentiality, integrity, availability, authenticity, possession, and utility) security model with two more facets, safety and resilience, for thoroughly addressing CPS security. Gračanin et al. (2018) and Grundy (2017) focus on cybersecurity aspects of building management systems considering critical building components, such as sensors, actuators, and controllers, utilized during the O&M phase of smart built environments. Pärn and Edwards (2019) specifically emphasizes the need for the identification of bespoke cyber threats and mitigation methods for CIs. Finally, Adepoju and Aigbavboa (2020) analyzes the skill gaps in the construction industry, focusing on Nigeria, and concludes that cybersecurity is one of the domains in which construction professionals are highly incompetent.Gaps and suggestions: the publications related to the blue cluster show that most of the literature on cybersecurity in construction primarily focuses on the threats against information security. Although some of the articles (Pärn and Edwards 2019; Gračanin et al. 2018; Grundy 2017; Boyes 2015) pointed out the safety aspects of potential cyber threats against the construction industry, all of them were related to the O&M phase. Therefore, cyber threats confronting the construction phase remain to be investigated. Based on the concerns raised regarding the potential physical damages resulting from cyberattacks, the construction phase should receive greater attention by future research on construction cybersecurity. It is also important to learn from past experiences to confront cyber threats with more confidence. However, Richey and Sawyer (2015) mention that most cyberattacks against construction firms remain classified to protect commercial reputation. Therefore, it would be beneficial to establish a database for cyberattacks in the construction industry, and encouraging all firms involved to share their experience, while protecting their reputation, can help reveal precious lessons learned from the past to shed light on the future.Red Cluster: Network Security for Operational TechnologiesThe red cluster primarily focuses on the methods and mechanisms to enhance the network security of the systems utilizing OT. The top three most frequently used keywords are network security, intrusion detection systems, and computer crime. The transition from legacy systems to networked digital systems increases the attention toward network security for control systems (Babu et al. 2017). Therefore, network security appears as a frequently used keyword in the red cluster.Networked ICSs such as SCADA systems, DCSs, and programmable logic controllers (PLCs) are embedded with components such as actuators, sensors, and controllers to control and monitor physical processes (Ahmed and Mathur 2017; Babu et al. 2017; Terai et al. 2017). The use of these components makes these systems transcend the boundaries of cyberspace and affect the real physical world (Kobara 2016). Therefore, potential cybersecurity issues of these systems may pose a danger to people and environmental safety (Babu et al. 2017; Kobara 2016). Physical components utilized with computation and communication infrastructures turn ICSs into complex CPSs (Zhang et al. 2019; Adepu and Mathur 2018; Khan et al. 2017; Kobara 2016). The complexity of these systems and often-used legacy systems that have not been designed with security in mind (Duque Anton et al. 2019) raise the challenge of timely detecting cyber threats before any physical outcome occurs (Zhang et al. 2019). This challenge has led researchers to study more accurate and effective methods for intrusion and anomaly detection for ICSs. Zhang et al. (2019) proposed a cyberattack detection system that deploys a defense-in-depth strategy and provides multilayer defense to give the defenders additional time before any adverse result occurs. The method developed by Adepu and Mathur (2018) aims to detect intrusions in real time by identifying anomalies in the process behavior. Another intrusion detection method was proposed by Ahmed and Mathur (2017), which compares the actual noise patterns collected from the sensors with reference noise patterns to detect potential attacks on CPSs. Genge et al. (2017) focus on the network design to improve cybersecurity by dividing the network into smaller security zones. Genge et al. (2017) built an integer linear programming problem to formulate the ICS network design. Lastly, an ICS risk assessment framework called CyRA, which focuses on privacy and security, was introduced in Sani et al. (2019).Gaps and suggestions: analyzing the publications related to the red cluster unveiled that a significant number of researchers have focused on the cybersecurity aspects of OT in manufacturing and CIs. Many methods and frameworks have been developed to address the vulnerabilities and detect the potential threats in ICS networks. However, the only publication pertinent to the construction cybersecurity in the red cluster is Boyes (2015), which does not explicitly discuss the construction phase. Even though the studies related to the control systems in CIs can inspire future research about the cybersecurity of OT in construction, some differences should be considered. One notable difference is that ICSs utilized in CIs, such as SCADA, PLC, and DCS, are designed to be used mostly in structured environments such as factories, plants, and smart buildings. Moreover, the tasks that are monitored and controlled in these environments are relatively organized and repetitive. However, construction sites are usually unstructured, and there is a great variety of tasks performed by a variety of equipment and different parties (i.e., contractors, subcontractors, and suppliers). Considering future constructions, providing a network that will connect various technologies such as autonomous machinery, 3D printers, remotely controlled equipment, and site tracking camera systems can have specific challenges. One major challenge is providing a communication infrastructure to connect equipment with various purposes, design principles, and security levels while ensuring robust cybersecurity. To address this challenge and understand the existing threat landscape, potential cybersecurity vulnerabilities and characteristics of construction equipment should be analyzed individually. Therefore, future studies should focus on developing comprehensive threat modeling methodologies targeting increasingly digitalized construction sites.The gaps identified in the reviewed clusters, their importance in the context of OT, and potential remedies and suggestions to bridge the identified gaps are summarized in Table 6.Table 6. Gaps, OT-related interpretations and challenges, and potential remedies and suggestions from 55 publications remaining after the detailed screening (i.e., Step 6)Table 6. Gaps, OT-related interpretations and challenges, and potential remedies and suggestions from 55 publications remaining after the detailed screening (i.e., Step 6)ClusterPublicationsGapsOT-related interpretations and challengesPotential remedies and suggestionsGreen cluster (Construction automation and cyber-physical systems)Bulgakov et al. (2018), Carra et al. (2018), Czarnowski et al. (2018), Gu et al. (2018), Inoue and Yoshimi (2018), Dakhli and Lafhaj (2017), Lundeen et al. (2017), Tamayo et al. (2017), Bock and Linner (2016), Golubeva and Konshin (2016), Adepoju and Aigbavboa (2020), Akinosho et al. (2020), Mantha et al. (2020a), Mantha and García de Soto (2019), Nawari and Ravindran (2019a), Pärn and Edwards (2019), Safa et al. (2019), Gračanin et al. (2018), Grundy (2017), Boyes (2015), Richey and Sawyer (2015), Zhang et al. (2019), Ahmed and Mathur (2017), Babu et al. (2017), Genge et al. (2017), Khan et al. (2017), Sugumar and Mathur (2017), Khorrami et al. (2016), McLaughlin et al. (2016), Zhang et al. (2016), Drias et al. (2015), Knowles et al. (2015), and Yang and Zhao (2015)•Cybersecurity aspects have been lacking in construction automation publications.•Potential safety hazards related to security breaches and cyber threats in construction environments have not been commonly mentioned.•Studies on cyberattack detection systems specific to the construction environment have been lacking in the literature.•Construction automation requires the use of OT and IT together on-site.•The physical interaction between OT and humans increases the concerns about the potential physical damages in case of cyberattacks against construction sites.Yellow cluster (Intelligent control systems and cybersecurity aspects)Liang et al. (2019b), Duque Anton et al. (2019), Li et al. (2019), Sani et al. (2019), Adepu and Mathur (2018), Mashkina and Garipov (2018), Ahmed and Mathur (2017), Genge et al. (2017), Khan et al. (2017), Lin et al. (2017), Sugumar and Mathur (2017), Terai et al. (2017), Ullah and Mahmoud (2017), Cruz et al. (2016), Graham et al. (2016), Khorrami et al. (2016), Kobara (2016), Zhang et al. (2016), Drias et al. (2015), and Wang et al. (2015)•The reviewed articles and the testbeds utilized in these articles mostly considered the dynamics and characteristics of CIs, most commonly water treatment plants, and did not consider the construction environments and tasks.•Large-scale cyberattacks against CIs in the past explain the research focus, to a large extent, being directed toward environments such as water treatment plants and smart grids.•There have not been considerable cyberattacks against OT utilized in construction in the past.•ICS cybersecurity solutions from the existing studies, such as Genge et al. (2017), Terai et al. (2017), Ullah and Mahmoud (2017), Cruz et al. (2016), and Zhang et al. (2016), can be adapted considering increasingly autonomous and digitized construction environments.•To better analyze the cybersecurity issues in construction and provide robust solutions, interdisciplinary collaborations with the departments such as Computer Science and Electrical and Electronics Engineering should be encouraged.Blue cluster (Digital transformation of the construction industry and cybersecurity aspects)Melenbrink et al. (2020), Pan et al. (2020), Gharbia et al. (2019), Gurko et al. (2019), Ha et al. (2019), Liang et al. (2019a), Lundeen et al. (2019), Yousefizadeh et al. (2019), Gu et al. (2018), Inoue and Yoshimi (2018), Golubeva and Konshin (2016), Duque Anton et al. (2019), Adepu and Mathur (2018), Mashkina and Garipov (2018), Genge et al. (2017), Khan et al. (2017), Lin et al. (2017), Drias et al. (2015), and Wang et al. (2015)•Construction cybersecurity articles have primarily focused on information security. Cyber threats confronting the construction phase and the potential safety outcomes of OT-related cybersecurity breaches have been overlooked.•The construction phase of construction projects that utilize control systems and networked devices may be targeted by both OT- and IT-related cyberattacks due to the convergence between these two types of technology.•The construction phase should receive more attention from scholars for future cybersecurity research.•As claimed by Richey and Sawyer (2015), most cyberattacks against construction firms remain classified. Therefore, construction companies should be encouraged to share their adverse cyberattack experiences without damaging their reputation.Red cluster (Network security for operational technologies)Pan et al. (2020), Bock and Linner (2016), Sani et al. (2019), Zhang et al. (2019), Ahmed and Mathur (2017), Babu et al. (2017), Genge et al. (2017), Khan et al. (2017), Lin et al. (2017), Sugumar and Mathur (2017), Terai et al. (2017), Ullah and Mahmoud (2017), Khorrami et al. (2016), Kobara (2016), McLaughlin et al. (2016), Zhang et al. (2016), Drias et al. (2015), and Schlegel et al. (2015)•Many methods and frameworks have been developed to address the cybersecurity of OT in structured environments such as manufacturing and smart buildings. There has been a lack of interest in the cybersecurity of unstructured environments such as construction sites.•One of the challenges of future construction sites is providing a secure communication network that connects the equipment and devices with different purposes and design principles such as 3D printers, autonomous construction equipment, and site tracking camera systems.•Future studies should focus on understanding potential cybersecurity vulnerabilities of interconnected construction equipment individually.•Threat modeling methods, similar to Khan et al. (2017), and cybersecurity assessment frameworks, similar to Sani et al. (2019) and Cruz et al. (2016), targeting unstructured construction environments should be proposed in future studies.The “Research Themes” section scrutinized each cluster individually to identify the lacking aspects in the reviewed literature and suggested potential remedies based on the reviewed publications and the authors’ experience and point of view. The following section aims to present the synergy between different clusters and provides a holistic perspective about the cybersecurity of OT in the construction phase.DiscussionAs indicated in the “Research Methodology” section, the literature search was divided into three categories: (1) construction and OT, (2) construction and cybersecurity, and (3) OT and cybersecurity. Categories 2 and 3 include cybersecurity-related publications, which have overlapping aspects and solutions to common security problems. The main cybersecurity aspects include cybersecurity threat modeling, cyber-physical security, and cyberattack detection. All have been summarized in the rightmost column of Table 3. Fig. 6 shows the percentages of the most frequently mentioned aspects in both cybersecurity-related search categories. It reveals the dominance of smart built environments in the construction and cybersecurity category, which can be explained by the growing cyber threat surface with the utilization of building management and automation systems. While the benefits of integrating intelligent devices into built environments (e.g., improved maintenance, energy efficiency, and enhanced well-being of the occupants) are evident, the cybersecurity risks that increase with the involvement of third parties (e.g., building management companies) emerge as a significant challenge (Grundy 2017). In the OT and cybersecurity category, cyberattack detection is the most prevalent topic among the reviewed publications. The significance of timely detecting intrusions and anomalies in industrial systems for preventing irreversible damages explains this common research interest.When looking at the country from the authors of different publications, we can get an insight into which countries focus the most on each research category. Fig. 7 summarizes this information. When calculating the percentages for publications with authors from different countries, all countries were counted. For the three categories, most publications are from authors in the US. The United Kingdom, Germany, and China are the second most prominent countries in the construction and cybersecurity, construction and OT, and OT and cybersecurity categories, respectively. The United Arab Emirates, Russia, and United Kingdom are the third most prominent countries for those categories in the respective order.The analysis of the previous clusters revealed significant gaps in the prevailing literature pertinent to the context of this research. For example, the green cluster presented the disrupting technologies toward autonomous construction sites with improved human–machine collaboration. The unstructured and changing environment in construction was underscored in the construction automation literature. The studies to address this challenge, such as the methods to sense and model the surrounding environment for adaptive work, have been conducted. On the other hand, the blue cluster presented a concise overview of the existing construction cybersecurity literature. The suggestions to overcome raising cybersecurity concerns in the construction industry have been provided in the related publications. However, the analysis of these two clusters reveals the lack of overlap between them. Even though the safety aspects were emphasized in the green cluster articles and the safety-related outcomes resulting from cybersecurity compromises were mentioned in the blue cluster articles, the construction phase has not been discussed in the literature from an OT cybersecurity perspective.In the green and blue clusters, there is little mention of cybersecurity concerns related to human involvement in construction activities. The utilization of machinery and equipment (including robotic systems) requires people to be involved at different stages (e.g., during preparation, operation, and maintenance). The interference of humans in processes makes them the weak link and the source of vulnerabilities against cyber threats such as social engineering. For this reason, the human-in-the-loop concept was expected to be seen in the reviewed publications to point out this concern. Another missing research topic in the reviewed construction-related publications is AI. Only Akinosho et al. (2020) provided an overview of the existing studies that propose the use of deep learning to overcome construction challenges and discuss its limitations. Considering that the utilization of AI has been a popular research topic in many fields (e.g., finance and entertainment) since its advent—especially with the emergence of new algorithms—(Akinosho et al. 2020), the green and blue clusters were expected to include more publications related to it. Last but not least, the DT concept was expected to be encountered in the publications reviewed under the green and blue clusters. DT has a great potential to enable more efficient processes and a significant cost reduction in the construction industry (Kan and Anumba 2019). Therefore, the lack of publications focusing on DT is a significant gap in construction research.The articles in the yellow and red clusters predominantly emphasized the increase in cybersecurity vulnerabilities of ICSs with the implementation of IT. Those articles have mostly focused on OT in CI environments due to the need for high availability, potential destructive outcomes, and past cyberattacks against CIs. Networked systems and the use of control and monitoring devices such as sensors, controllers, and actuators have been identified as the leading cause of increasing cyber threats. Moreover, the potential danger against the people and the environment in case of cybersecurity breaches on ICSs has been highlighted. The reviewed studies in the yellow and red clusters proposed novel methods to timely detect anomalies and intrusions into the ICSs to be able to take immediate actions before facing any destructive results. However, the proposed methods only focused on structured environments such as the O&M of power plants, smart grids, and smart buildings. The lack of research toward OT utilized in unstructured environments such as construction sites was revealed after reviewing yellow and red clusters.Given the gaps in all clusters, this research emphasizes the need for greater attention from academia toward potential cybersecurity issues on construction sites. The existing construction research already mentions the importance of safety since even the utilization of robotic equipment requires people to be present on-site, sometimes in close contact with machines. Therefore, the concerns regarding the potential physical outcomes underlined in the ICS cybersecurity publications are also valid for the construction domain. The cybersecurity studies conducted for ICSs in manufacturing and CI environments can guide future research targeting the construction phase. Bespoke intrusion detection systems and threat modeling methods for OT on construction sites are necessary and can be developed based on the existing literature pertinent to ICSs. However, the distinct dynamics and characteristics of construction, such as the variety of equipment/machinery and different parties, should not be overlooked while adapting the existing methods.References Adepoju, O. O., and C. O. Aigbavboa. 2020. “Assessing knowledge and skills gap for construction 4.0 in a developing economy.” J. Public Aff. 2020: e2264. https://doi.org/10.1002/pa.2264. Adepu, S., and A. Mathur. 2018. “Distributed attack detection in a water treatment plant: Method and case study.” IEEE Trans. Dependable Secure Comput. 18 (1): 86–99. https://doi.org/10.1109/TDSC.2018.2875008. Ahmed, C. M., and A. P. Mathur. 2017. “Hardware identification via sensor fingerprinting in a cyber physical system.” In Proc., 2017 IEEE Int. Conf. on Software Quality, Reliability and Security Companion (QRS-C), 517–524. Prague, Czech Republic: IEEE. https://doi.org/10.1109/QRS-C.2017.89. Akinosho, T. D., L. O. Oyedele, M. Bilal, A. O. Ajayi, M. D. Delgado, O. O. Akinade, and A. A. Ahmed. 2020. “Deep learning in the construction industry: A review of present status and future innovations.” J. Build. Eng. 32 (Nov): 101827. https://doi.org/10.1016/j.jobe.2020.101827. Bock, T., and T. Linner. 2016. Construction robots: Elementary technologies and single-task construction robots. Cambridge, UK: Cambridge University Press. Boyes, H. A. 2013. “Cyber security of intelligent buildings: A review.” In Proc., 8th IET Int. System Safety Conf. Incorporating the Cyber Security Conf., 1–7. Cardiff, UK: IET. https://doi.org/10.1049/cp.2013.1698. BSI (British Standards Institution). 2015. Specification for security-minded building information modelling, digital built environments and smart asset management. PAS 1192-5:2015. London: BSI. Bulgakov, A., T. Kruglova, and T. Bock. 2018. “A cyber-physical system of diagnosing electric drives of building robots.” In Proc., ISARC 2018: 35th Int. Symp. on Automation and Robotics in Construction, 16–23. Edinburgh, UK: International Association for Automation and Robotics in Construction. https://doi.org/10.22260/isarc2018/0003. Carra, G., A. Argiolas, A. Bellissima, M. Niccolini, and M. Ragaglia. 2018. “Robotics in the construction industry: State of the art and future opportunities.” In Proc., ISARC 2018 – 35th Int. Symp. on Automation and Robotics in Construction, 866–873. Edinburgh, UK: International Association for Automation and Robotics in Construction. https://doi.org/10.22260/isarc2018/0121. Chen, Q., B. García de Soto, and B. T. Adey. 2018. “Construction automation: Research areas, industry concerns and suggestions for advancement.” Autom. Constr. 94 (Oct): 22–38. https://doi.org/10.1016/j.autcon.2018.05.028. Cruz, T., L. Rosa, J. Proenca, L. Maglaras, M. Aubigny, L. Lev, J. Jianmin, and P. Simões. 2016. “A cybersecurity detection framework for supervisory control and data acquisition systems.” IEEE Trans. Ind. Inf. 12 (6): 2236–2246. https://doi.org/10.1109/TII.2016.2599841. Czarnowski, J., A. Dąbrowski, M. Maciaś, J. Główka, and J. Wrona. 2018. “Technology gaps in human-machine interfaces for autonomous construction robots.” Autom. Constr. 94 (Oct): 179–190. https://doi.org/10.1016/j.autcon.2018.06.014. Drias, Z., A. Serhrouchni, and O. Vogel. 2015. “Analysis of cyber security for industrial control systems.” In Proc., 2015 Int. Conf. on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 1–8. New York: IEEE. https://doi.org/10.1109/SSIC.2015.7245330. Duque Anton, S. D., A. Hafner, and H. D. Schotten. 2019. “Devil in the detail: Attack scenarios in industrial applications.” In Proc., 2019 IEEE Symp. on Security and Privacy Workshops (SPW), 169–174. New York: IEEE. https://doi.org/10.1109/SPW.2019.00040. García de Soto, B., A. Georgescu, B. R. K. Mantha, Ž. Turk, and A. Maciel. 2020. “Construction cybersecurity and critical infrastructure protection: Significance, overlaps, and proposed action plan.” Preprints 2020050213. https://doi.org/10.20944/preprints202005.0213.v1. Gharbia, M., A. Y. Chang-Richards, and R. Y. Zhong. 2019. “Robotic technologies in concrete building construction: A systematic review.” In Proc., ISARC 2019—36th Int. Symp. on Automation and Robotics in Construction, 10–19. Edinburgh, UK: International Association for Automation and Robotics in Construction. https://doi.org/10.22260/isarc2019/0002. Givehchi, O., K. Landsdorf, P. Simoens, and A. W. Colombo. 2017. “Interoperability for industrial cyber-physical systems: An approach for legacy systems.” IEEE Trans. Ind. Inf. 13 (6): 3370–3378. https://doi.org/10.1109/TII.2017.2740434. Golubeva, T., and S. Konshin. 2016. “The research of possibility of sharing use of wireless and mobile technologies for organizing the radio channels of operation control system of earthmoving and construction machines.” In Proc., 2016 Int. Conf. on Intelligent Networking and Collaborative Systems (INCoS), 9–14. New York: IEEE. https://doi.org/10.1109/INCoS.2016.24. Gračanin, D., A. D’Amico, M. Manuel, W. Carson, M. Eltoweissy, and L. Cheng. 2018. “Biologically inspired safety and security for smart built environments: Position paper.” In Proc., 2018 IEEE Symp. on Security and Privacy Workshops (SPW), 293–298. New York: IEEE. https://doi.org/10.1109/SPW.2018.00047. Graham, J., J. Hieb, and J. Naber. 2016. “Improving cybersecurity for industrial control systems.” In Proc., 2016 IEEE 25th Int. Symp. on Industrial Electronics (ISIE), 618–623. New York: IEEE. https://doi.org/10.1109/ISIE.2016.7744960. Grieves, M., and J. Vickers. 2017. “Digital twin: Mitigating unpredictable, undesirable emergent behavior in complex systems.” In Transdisciplinary perspectives on complex systems, edited by F. J. Kahlen, S. Flumerfelt, and A. Alves, 85–113. Cham, Switzerland: Springer. Grundy, C. 2017. “Cybersecurity in the built environment: Can your building be hacked?” Corporate Real Estate J. 7 (1): 39–50. Gu, R., R. Marinescu, C. Seceleanu, and K. Lundqvist. 2018. “Formal verification of an autonomous wheel loader by model checking.” In Proc., FormaliSE 2018: 6th Conf. on Formal Methods in Software Engineering, 74–83. New York: Association for Computing Machinery. https://doi.org/10.1145/3193992.3193999. Gurko, A., I. Kyrychenko, and A. Yaryzhko. 2019. “Trajectories planning and simulation of a backhoe manipulator movement.” In Proc., Second Int. Workshop on Computer Modeling and Intelligent Systems (CMIS-2019), 771–785. Zaporizhzhia, Ukraine: Zaporizhzhia National Technical Univ. Hahn, A. 2016. “Operational technology and information technology in industrial control systems.” In Vol. 66 of Cyber-security of SCADA and other industrial control systems, edited by E. Colbert and A. Kott, 51–68. Cham, Switzerland: Springer. Inoue, M., and T. Yoshimi. 2018. “Automatic tracking camera system for construction machines by combined image processing.” In Proc., ISARC 2018—35th Int. Symp. on Automation and Robotics in Construction, 630–636. Edinburgh, UK: International Association for Automation and Robotics in Construction. https://doi.org/10.22260/isarc2018/0086. ISO/IEC (International Electrotechnical Commission). 2013. Information technology: Security techniques: Information security management systems: Requirements. ISO/IEC 27001:2013. Geneva: ISO/IEC. Kan, C., and C. Anumba. 2019. “Digital twins as the next phase of cyber-physical systems in construction.” In Proc., ASCE Int. Conf. on Computing in Civil Engineering 2019, 256–264. Reston, VA: ASCE. https://doi.org/10.1061/9780784482438.033. Khan, R., K. McLaughlin, D. Laverty, and S. Sezer. 2017. “STRIDE-based threat modeling for cyber-physical systems.” In Proc., 2017 IEEE PES Innovative Smart Grid Technologies Conf. Europe (ISGT-Europe), 1–6. New York: IEEE. https://doi.org/10.1109/ISGTEurope.2017.8260283. Klinc, R., and Ž. Turk. 2019. “Construction 4.0: Digital transformation of one of the oldest industries.” Econ. Bus. Rev. 21 (3): 393–410. https://doi.org/10.15458/ebr.92. Knapp, E. 2011. Industrial network security: Securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems. Amsterdam, Netherlands: Elsevier. Knowles, W., D. Prince, D. Hutchison, J. F. P. Disso, and K. Jones. 2015. “A survey of cyber security management in industrial control systems.” Int. J. Crit. Infrastruct. Prot. 9 (Jun): 52–80. https://doi.org/10.1016/j.ijcip.2015.02.002. Li, X., C. Zhou, Y. C. Tian, and Y. Qin. 2019. “A dynamic decision-making approach for intrusion response in industrial control systems.” IEEE Trans. Ind. Inf. 15 (5): 2544–2554. https://doi.org/10.1109/TII.2018.2866445. Liang, C. J., V. R. Kamat, and C. C. Menassa. 2019a. “Teaching robots to perform construction tasks via learning from demonstration.” In Proc., ISARC 2019—36th Int. Symp. on Automation and Robotics in Construction, 1305–1311. Edinburgh, UK: International Association for Automation and Robotics in Construction. https://doi.org/10.22260/isarc2019/0175. Liang, C. J., K. M. Lundeen, W. McGee, C. C. Menassa, S. H. Lee, and V. R. Kamat. 2019b. “A vision-based marker-less pose estimation system for articulated construction robots.” Autom. Constr. 104 (Aug): 80–94. https://doi.org/10.1016/j.autcon.2019.04.004. Lin, C. T., S. L. Wu, and M. L. Lee. 2017. “Cyber attack and defense on industry control systems.” In Proc., 2017 IEEE Conf. on Dependable and Secure Computing, 524–526. New York: IEEE. https://doi.org/10.1109/DESEC.2017.8073874. Lundeen, K. M., V. R. Kamat, C. C. Menassa, and W. McGee. 2017. “Scene understanding for adaptive manipulation in robotized construction work.” Autom. Constr. 82 (Oct): 16–30. https://doi.org/10.1016/j.autcon.2017.06.022. Lundeen, K. M., V. R. Kamat, C. C. Menassa, and W. McGee. 2019. “Autonomous motion planning and task execution in geometrically adaptive robotized construction work.” Autom. Constr. 100 (Apr): 24–45. https://doi.org/10.1016/j.autcon.2018.12.020. Mantha, B., B. García de Soto, and R. Karri. 2021. “Cyber security threat modeling in the AEC industry: An example for the commissioning of the built environment.” Sustainable Cities Soc. 66 (Mar): 102682. https://doi.org/10.1016/j.scs.2020.102682. Mantha, B. R. K., and B. García de Soto. 2019. “Cyber security challenges and vulnerability assessment in the construction industry.” In Proc., Creative Construction Conf., 29–37. Budapest, Hungary: Budapest Univ. of Technology and Economics. https://doi.org/10.3311/ccc2019-005. Mantha, B. R. K., B. García de Soto, and R. Karri. 2020a. “Cyber security threat modeling in the construction industry: A countermeasure example during the commissioning process.” Preprints https://doi.org/10.31224/osf.io/gn78a. Mantha, B. R. K., Y. Jung, and B. García De Soto. 2020b. “Implementation of the common vulnerability scoring system to assess the cyber vulnerability in construction projects.” In Proc., Creative Construction E-Conf. 2020, 117–124. Budapest, Hungary: Budapest Univ. of Technology and Economics. https://doi.org/10.3311/ccc2020-030. Mashkina, I., and I. Garipov. 2018. “Threats modeling and quantitative risk analysis in industrial control systems.” In Proc., 2018 Int. Russian Automation Conf., RusAutoCon 2018, 1–5. New York: IEEE. https://doi.org/10.1109/RUSAUTOCON.2018.8501694. McLaughlin, S., C. Konstantinou, X. Wang, L. Davi, A. R. Sadeghi, M. Maniatakos, and R. Karri. 2016. “The cybersecurity landscape in industrial control systems.” Proc. IEEE 104 (5): 1039–1057. https://doi.org/10.1109/JPROC.2015.2512235. Mohamed Shibly, M. U. R., and B. García de Soto. 2020. “Threat modeling in construction: An example of a 3D concrete printing system.” In Proc., ISARC 2020: 37th Int. Symp. on Automation and Robotics in Construction, 625–632. Edinburgh, UK: International Association for Automation and Robotics in Construction. https://doi.org/10.22260/isarc2020/0087. Nawari, N. O., and S. Ravindran. 2019a. “Blockchain and building information modeling (BIM): Review and applications in post-disaster recovery.” Buildings 9 (6): 149. https://doi.org/10.3390/buildings9060149. NIST. 2018. Framework for improving critical infrastructure Cybersecurity v1.1. Gaithersburg, MD: NIST. Pan, M., T. Linner, W. Pan, H. Cheng, and T. Bock. 2020. “Structuring the context for construction robot development through integrated scenario approach.” Autom. Constr. 114 (Jun): 103174. https://doi.org/10.1016/j.autcon.2020.103174. Parisi, A. 2019. Hands-on artificial intelligence for cybersecurity: Implement smart AI systems for preventing cyber attacks and detecting threats and network anomalies. Birmingham, UK: Packt Publishing. Pärn, E. A., and D. Edwards. 2019. “Cyber threats confronting the digital built environment: Common data environment vulnerabilities and block chain deterrence.” Eng. Constr. Archit. Manage. 26 (2): 245–266. https://doi.org/10.1108/ECAM-03-2018-0101. Pärn, E. A., and B. García de Soto. 2020. “Cyber threats and actors confronting the Construction 4.0.” In Construction 4.0: An innovation platform for the built environment, edited by A. Sawhney, M. Riley, and J. Irizarry, 441–459. London: Routledge. Sani, A. S., D. Yuan, P. L. Yeoh, J. Qiu, W. Bao, B. Vucetic, and Z. Y. Dong. 2019. “CyRA: A real-time risk-based security assessment framework for cyber attacks prevention in industrial control systems.” In Proc., 2019 IEEE Power & Energy Society General Meeting (PESGM), 1–5. New York: IEEE. https://doi.org/10.1109/PESGM40551.2019.8973948. Schlegel, R., S. Obermeier, and J. Schneider. 2015. “Structured system threat modeling and mitigation analysis for industrial automation systems.” In Proc., 2015 IEEE 13th Int. Conf. on Industrial Informatics (INDIN), 197–203. New York: IEEE. https://doi.org/10.1109/INDIN.2015.7281734. Shemov, G., B. García de Soto, and H. Al Khzaimi. 2020. “Blockchain applied to the construction supply chain: A case study with threat model.” Front. Eng. Manage. 7 (4): 564–577. https://doi.org/10.1007/s42524-020-0129-x. Sonkor, M. S. 2020. “Collaborative BIM environments: Mitigating cybersecurity threats in the design phase.” M.S. thesis, Dept. of Civil Engineering, Univ. of Ljubljana. Sonkor, M. S., and B. García de Soto. 2021. “Data used for review of operational technology on construction sites. V1.” Accessed May 6, 2021. https://doi.org/10.7910/DVN/EPQP3X. Stouffer, K., V. Pillitteri, S. Lightman, M. Abrams, and A. Hahn. 2015. Guide to Industrial Control Systems (ICS) Security NIST Special Publication 800-82 Revision 2. Gaithersburg, MD: NIST. Sugumar, G., and A. Mathur. 2017. “Testing the effectiveness of attack detection mechanisms in industrial control systems.” In Proc., 2017 IEEE Int. Conf. on Software Quality, Reliability and Security Companion (QRS-C), 138–145. New York: IEEE. https://doi.org/10.1109/QRS-C.2017.29. Tamayo, E., M. Bardwell, A. Qureshi, and M. Al-Hussein. 2017. “Automation of a steel wall framing assembly.” In Proc., ISEC 2017: 9th Int. Structural Engineering and Construction Conf.: Resilient Structures and Sustainable Construction, 1–6. Valencia, Spain: ISEC Press. https://doi.org/10.14455/isec.res.2017.19. Terai, A., S. Abe, S. Kojima, Y. Takano, and I. Koshijima. 2017. “Cyber-attack detection for industrial control system monitoring with support vector machine based on communication profile.” In Proc., 2nd IEEE European Symp. on Security and Privacy Workshops (EuroS&PW), 132–138. New York: IEEE. https://doi.org/10.1109/EuroSPW.2017.62. Tranfield, D., D. Denyer, and P. Smart. 2003. “Towards a methodology for developing evidence-informed management knowledge by means of systematic review.” Br. J. Manage. 14: 207–222. https://doi.org/10.1111/1467-8551.00375. Ullah, I., and Q. H. Mahmoud. 2017. “A hybrid model for anomaly-based intrusion detection in SCADA networks.” In Proc., 2017 IEEE Int. Conf. on Big Data (Big Data), 2160–2167. New York: IEEE. https://doi.org/10.1109/BigData.2017.8258164. Wang, P., A. Ali, and W. Kelly. 2015. “Data security and threat modeling for smart city infrastructure.” In Proc., 2015 Int. Conf. on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 1–6. New York: IEEE. https://doi.org/10.1109/SSIC.2015.7245322. Yang, W., and Q. Zhao. 2015. “Cyber security issues of critical components for industrial control system.” In Proc., 2014 IEEE Chinese Guidance, Navigation and Control Conf. (CGNCC), 2698–2703. New York: IEEE. https://doi.org/10.1109/CGNCC.2014.7007593. Yousefizadeh, S., J. de Dios Flores Mendez, and T. Bak. 2019. “Trajectory adaptation for an impedance controlled cooperative robot according to an operator’s force.” Autom. Constr. 103: 213–220. https://doi.org/10.1016/j.autcon.2019.01.006. Zhang, F., H. A. D. E. Kodituwakku, J. W. Hines, and J. Coble. 2019. “Multilayer data-driven cyber-attack detection system for industrial control systems based on network, system, and process data.” IEEE Trans. Ind. Inf. 15 (7): 4362–4369. https://doi.org/10.1109/TII.2019.2891261. Zhang, Q., C. Zhou, N. Xiong, Y. Qin, X. Li, and S. Huang. 2016. “Multimodel-based incident prediction and risk assessment in dynamic cybersecurity protection for industrial control systems.” IEEE Trans. Syst. Man Cybern. Syst. 46 (10): 1429–1444. https://doi.org/10.1109/TSMC.2015.2503399.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *