Operational Technology on Construction Sites: A Review from the Cybersecurity Perspective

Arguably, the construction industry is far from achieving the level of maturity required to reach Industry 4.0, which requires the networking of the physical world and the use of cyber-physical systems (CPSs) (Klinc and Turk 2019). However, there is no doubt that it is going through a considerable digital transformation. The construction industry is going through a digitization process with the rapid proliferation of technology utilized in each project phase. These efforts to digitize and automate the industry are often named Construction 4.0, which consists of two main aspects: digitizing information and using digital technologies to control and monitor physical assets (García de Soto et al. 2020). The former involves, with the utilization of building information modeling (BIM) technologies, creating digital information models to support design, construction, and operation and maintenance (O&M) phases (Azhar 2011). The latter includes the use of CPSs, which is considered a key concept of Construction 4.0 (Klinc and Turk 2019).

CPSs have two domains that cannot be considered independent from each other, namely information technologies (IT)—cyber domain—and operational technologies (OT)—physical domain (Givehchi et al. 2017). These two domains have had a long and isolated history. Eventually, the convergence between them became inevitable due to the invaluable benefits such as improved security risk analysis, improved automation, increased control over the operations, and enhanced tracking in different industries such as water, oil and gas, and manufacturing (Harp and Gregory-Brown 2015). At the same time, cybersecurity is becoming an overarching concern for both IT and OT domains, and many frameworks, standards, and guidance have been developed to address these concerns. Some prominent examples are ISO/International Electrotechnical Commission (IEC) 27001:2013 (ISO/IEC 2013), identifying IT security requirements; “Framework for Improving Critical Infrastructure Cybersecurity v1.1” by the National Institute of Standards and Technology (NIST) (NIST 2018), addressing both OT and IT security; and “Guide to Industrial Control Systems (ICS) Security (NIST SP 800-82)” (Stouffer et al. 2015) by NIST, particularly addressing OT security.

The essence of a systematic review is collecting all relevant research data, refining it by removing redundant information, and giving a summary of what is remaining (Grant and Booth 2009). According to Cook et al. (1997), what makes systematic reviews different from narrative reviews is employing a repeatable process and including a criterion-based literature selection from comprehensive sources.

Even though the integration of OT to IT systems and its cybersecurity implications are new research topics in the construction field, there is already extensive literature available on them independent from construction. For this reason, employing a systematic review was needed to reduce the high number of publications in these topics in a structured and repeatable way. However, the methodology introduced as follows does not only possesses systematic review characteristics. It also shows integrative reviews’ attributes as it synthesizes various literature from several fields and integrates them to address the research question of this study. The process flow demonstrated in Fig. 1 was developed to follow a systematic and reproducible research approach. The different components of Fig. 1 are described in the following subsections.

There are four different colored clusters in Fig. 4 that represent four different research themes. One of the parameters determining the number of clusters on VOSviewer is the resolution. The number of clusters increases in proportion to the resolution value (Van Eck and Waltman 2020). For this analysis, the resolution value was set to 0.9. The colors of each cluster were assigned automatically by VOSviewer, and the color does not have a particular meaning as the network visualization option was used for Fig. 4.

VOSviewer creates the clusters based on the similarities of the words (Van Eck and Waltman 2010). The similarity between two words is calculated using the similarity measure named the association strength (Van Eck and Waltman 2010). Eq. (1) shows the formula to calculate the similarity ($s_{ij}$) between the words $i$ and $j$. In that equation, $c_{ij}$ refers to the number of co-occurrences of the words $i$ and $j$, and $w_i$ and $w_j$ refer to the total number of occurrences of the words $i$ and $j$ (Van Eck and Waltman 2010). After similarities are calculated by Eq. (1), similar words are grouped to form the clusters (Van Eck and Waltman 2010). To assist with the replicability of this study, interested readers can find the data used to analyze the different publications using VOSviewer. All the Scopus files (e.g., .csv bibliographic files) and VOSviewer files (e.g., map and network files with .txt extension) can be found in (Sonkor and García de Soto 2021)

The clusters in Fig. 4 are (1) green cluster (the right bottom part): construction automation and cyber-physical systems, (2) yellow cluster (the left up part): intelligent control systems and cybersecurity aspects, (3) blue cluster (the right up part): digital transformation of the construction industry and cybersecurity aspects, and (4) red cluster (the left bottom part): network security for operational technologies. The titles of the clusters aim to summarize each cluster as much as possible, considering the research context. In Fig. 4, the circle (and text) size of each keyword gives an indication of the number of publications in which the keyword occurs—the size increases in proportion to the number of occurrences. For example, in the investigated publications, network security was used more frequently than cyberattacks, which can also be understood by comparing their circle and text sizes in Fig. 4. The location of the circles indicates the relatedness of the keywords in terms of co-occurrences, in which more related keywords are demonstrated with closer circles. For example, critical infrastructures is located near public works in the blue cluster (upper right-hand side of Fig. 4), which illustrates that they are often included together in the publications. The related keywords are connected with colored lines that are thicker in width if the relatedness is high. For example, the curved line between network security (red cluster) and embedded systems (green cluster) is thicker than the line between embedded systems and controllers (green cluster), which shows the stronger link of the former keyword couple.

The keywords in each cluster and their number of occurrences are presented in Table 4. These keywords should be considered in the context of each cluster, e.g., the keyword robotics under the green cluster should be interpreted as the robotics developed for the construction industry.

Fig. 5 shows a Sankey diagram that provides a mapping between the three search categories from Table 2 (i.e., construction and OT, construction and cybersecurity, and OT and cybersecurity) and the four clusters identified from VOSviewer (as provided in Table 4; Fig. 4). The number of publications is located under the category names, under the cluster names, and on the links that connect categories to clusters. This diagram only involves the 55 publications that remained after the detailed screening (i.e., Step 6).

Each publication was mapped to a cluster based on its keywords (e.g., a publication with the keyword intelligent control was mapped to the yellow cluster). Publication numbers presented in Table 2 (under the second column from the right) and Fig. 5 do not match since there are publications that were mapped to more than one cluster based on their keywords. For example, if a publication was returned by Search 11, which belongs to the OT and cybersecurity category, and if this publication includes both public works and network security keywords, it was mapped to both the blue cluster and red cluster in Fig. 5. Table 5 shows the publications that were mapped to multiple clusters and to which clusters they were mapped.

The numbers of publications that remained after the detailed screening are 19 for construction and OT, 11 for construction and cybersecurity, and 25 for OT and cybersecurity, as given in Table 2. In Fig. 5, the numbers of publications for each category are 23, 12, and 55, respectively. This difference shows that the publications under the category of OT and cybersecurity were mapped to the most variety of clusters compared to the other categories. Fig. 5 also shows that the green cluster (i.e., construction automation and cyber-physical systems) comprises the highest number of publications, 33. Since the green cluster’s focus is construction automation and CPSs, it is related to both construction and OT and OT and cybersecurity categories to a large extent. That explains the high number of publications that fall under the green cluster.

Interpretations of each cluster (representing a research theme) from VOSviewer are provided in the following subsections. Each cluster’s publications are analyzed and interpreted in the context of this research (i.e., the cybersecurity of OT in the construction phase of construction projects) to identify the existing gaps and suggest future directions for research.

As indicated in the “Research Methodology” section, the literature search was divided into three categories: (1) construction and OT, (2) construction and cybersecurity, and (3) OT and cybersecurity. Categories 2 and 3 include cybersecurity-related publications, which have overlapping aspects and solutions to common security problems. The main cybersecurity aspects include cybersecurity threat modeling, cyber-physical security, and cyberattack detection. All have been summarized in the rightmost column of Table 3. Fig. 6 shows the percentages of the most frequently mentioned aspects in both cybersecurity-related search categories. It reveals the dominance of smart built environments in the construction and cybersecurity category, which can be explained by the growing cyber threat surface with the utilization of building management and automation systems. While the benefits of integrating intelligent devices into built environments (e.g., improved maintenance, energy efficiency, and enhanced well-being of the occupants) are evident, the cybersecurity risks that increase with the involvement of third parties (e.g., building management companies) emerge as a significant challenge (Grundy 2017). In the OT and cybersecurity category, cyberattack detection is the most prevalent topic among the reviewed publications. The significance of timely detecting intrusions and anomalies in industrial systems for preventing irreversible damages explains this common research interest.

When looking at the country from the authors of different publications, we can get an insight into which countries focus the most on each research category. Fig. 7 summarizes this information. When calculating the percentages for publications with authors from different countries, all countries were counted. For the three categories, most publications are from authors in the US. The United Kingdom, Germany, and China are the second most prominent countries in the construction and cybersecurity, construction and OT, and OT and cybersecurity categories, respectively. The United Arab Emirates, Russia, and United Kingdom are the third most prominent countries for those categories in the respective order.

The analysis of the previous clusters revealed significant gaps in the prevailing literature pertinent to the context of this research. For example, the green cluster presented the disrupting technologies toward autonomous construction sites with improved human–machine collaboration. The unstructured and changing environment in construction was underscored in the construction automation literature. The studies to address this challenge, such as the methods to sense and model the surrounding environment for adaptive work, have been conducted. On the other hand, the blue cluster presented a concise overview of the existing construction cybersecurity literature. The suggestions to overcome raising cybersecurity concerns in the construction industry have been provided in the related publications. However, the analysis of these two clusters reveals the lack of overlap between them. Even though the safety aspects were emphasized in the green cluster articles and the safety-related outcomes resulting from cybersecurity compromises were mentioned in the blue cluster articles, the construction phase has not been discussed in the literature from an OT cybersecurity perspective.

In the green and blue clusters, there is little mention of cybersecurity concerns related to human involvement in construction activities. The utilization of machinery and equipment (including robotic systems) requires people to be involved at different stages (e.g., during preparation, operation, and maintenance). The interference of humans in processes makes them the weak link and the source of vulnerabilities against cyber threats such as social engineering. For this reason, the human-in-the-loop concept was expected to be seen in the reviewed publications to point out this concern. Another missing research topic in the reviewed construction-related publications is AI. Only Akinosho et al. (2020) provided an overview of the existing studies that propose the use of deep learning to overcome construction challenges and discuss its limitations. Considering that the utilization of AI has been a popular research topic in many fields (e.g., finance and entertainment) since its advent—especially with the emergence of new algorithms—(Akinosho et al. 2020), the green and blue clusters were expected to include more publications related to it. Last but not least, the DT concept was expected to be encountered in the publications reviewed under the green and blue clusters. DT has a great potential to enable more efficient processes and a significant cost reduction in the construction industry (Kan and Anumba 2019). Therefore, the lack of publications focusing on DT is a significant gap in construction research.

The articles in the yellow and red clusters predominantly emphasized the increase in cybersecurity vulnerabilities of ICSs with the implementation of IT. Those articles have mostly focused on OT in CI environments due to the need for high availability, potential destructive outcomes, and past cyberattacks against CIs. Networked systems and the use of control and monitoring devices such as sensors, controllers, and actuators have been identified as the leading cause of increasing cyber threats. Moreover, the potential danger against the people and the environment in case of cybersecurity breaches on ICSs has been highlighted. The reviewed studies in the yellow and red clusters proposed novel methods to timely detect anomalies and intrusions into the ICSs to be able to take immediate actions before facing any destructive results. However, the proposed methods only focused on structured environments such as the O&M of power plants, smart grids, and smart buildings. The lack of research toward OT utilized in unstructured environments such as construction sites was revealed after reviewing yellow and red clusters.

Given the gaps in all clusters, this research emphasizes the need for greater attention from academia toward potential cybersecurity issues on construction sites. The existing construction research already mentions the importance of safety since even the utilization of robotic equipment requires people to be present on-site, sometimes in close contact with machines. Therefore, the concerns regarding the potential physical outcomes underlined in the ICS cybersecurity publications are also valid for the construction domain. The cybersecurity studies conducted for ICSs in manufacturing and CI environments can guide future research targeting the construction phase. Bespoke intrusion detection systems and threat modeling methods for OT on construction sites are necessary and can be developed based on the existing literature pertinent to ICSs. However, the distinct dynamics and characteristics of construction, such as the variety of equipment/machinery and different parties, should not be overlooked while adapting the existing methods.

This study employs a systematic method to search for relevant publications, screen them to obtain a more focused set of results, and categorize them into different clusters to conduct a more organized analysis. However, several limitations deserve consideration for improving the results of the study. These limitations are enumerated as follows:

Disruptive robotics and automation technologies are altering the way construction sites operate. There are many benefits of OT utilization on-site; however, the unstructured and continuously changing construction environment with close human–machine interactions raises cyber and physical safety concerns. This research sees robust cybersecurity as an essential requirement to establish a safe working environment for physically involved people and the surrounding environment. This study presents a systematic bibliometric analysis to raise awareness toward the cybersecurity aspects of OT use during the construction phase, identify gaps in the existing literature, and provide suggestions for future research. The analysis included three categories of publication search: (1) construction and OT, (2) construction and cybersecurity, and (3) OT and cybersecurity. The number of publications returned from the searches on the Scopus database was narrowed down from 1,004 to 55 after a rigorous refinement process. The selected 55 publications were used to visualize the keyword co-occurrences utilizing VOSviewer software. The visualization helped categorize the studies into four research themes, namely (1) construction automation and cyber-physical systems, (2) intelligent control systems and cybersecurity aspects, (3) digital transformation of the construction industry and cybersecurity aspects, and (4) network security for operational technologies. The identified themes are not entirely distinct, and there were significant overlaps among them. Reviewing the publications under each theme revealed the gaps in the existing literature related to the cybersecurity of OT in construction. The main identified gaps are (1) lack of cybersecurity perspective in the construction automation publications, (2) lack of focus on the construction phase in the construction cybersecurity research, and (3) lack of bespoke threat modeling and intrusion detection methods for construction sites.

For closing the identified gaps, the main suggestions provided were (1) conducting studies particularly targeting the cybersecurity of OT on construction sites, (2) adapting the methods and frameworks proposed for ICSs in CIs into the construction phase considering its distinct characteristics, and (3) investigating the potential threats against the construction networks connecting various technologies such as autonomous machinery, 3D printers, remotely controlled equipment, and site tracking camera systems. The challenges to overcome the cybersecurity issues and provide safer working places are the (1) unstructured construction environment and constantly changing site conditions, (2) variety of equipment and different parties involved such as contractors, subcontractors, and suppliers, and (3) lack of cybersecurity awareness in the construction industry. This research does not suggest that construction stakeholders become cybersecurity experts; however, cybersecurity training modules can be provided to raise awareness and establish the required competencies. Moreover, cybersecurity consultants/experts can be hired to perform risk analyses, detect vulnerabilities, and suggest mitigation strategies. Even though large construction companies have roles such as chief technology officer (CTO) and chief information security officer (CISO) in their organization charts, the same practice should also be encouraged among the relatively smaller enterprises. In the future, 5G and Wi-Fi 6 networks can be commonly used for delivering high-speed wireless internet on construction sites. Therefore, construction companies should consider the cybersecurity implications before utilizing these technologies to enhance their processes.

Future research will help to gain a better understanding of the specific characteristics and challenges of the OT utilized during the construction phase by analyzing the autonomous and remote-controlled equipment. Methods to evaluate security levels on construction sites and preventive strategies will be studied considering the OT-specific challenges. The patterns behind the generation of cyberattacks against the construction industry will be analyzed, considering the impact of adopting novel construction technology. Possible adaptations of the available cybersecurity assessment frameworks considering the construction site conditions and construction equipment will be explored.

Some or all data, models, or code generated or used during the study are available in a repository online in accordance with funder data retention policies. The repository can be found at https://doi.org/10.7910/DVN/EPQP3X.

The authors thank the Center for Cyber Security at New York University Abu Dhabi (CCS-NYUAD) for the support provided for this study.