Details

The adoption of Building Information Modeling (BIM) and Common Data Environments (CDE) in construction has increased the need for robust security and privacy frameworks, especially as these platforms increasingly leverage cloud-based technologies. This paper examines the mechanisms required to protect sensitive project data in BIM and CDE environments, including financial data, intellectual property and personal data. It emphasises the crucial role of trust — cognition-based, affect-based and system-based — in promoting safe and collaborative workflows and explores the concept of digital trust as a foundation for reliable partnerships in cloud-based construction environments. A critical analysis of ISO 19650-5 identifies significant gaps in addressing the complexity of cyber security and argues for explicit technical guidelines to protect against cyber threats. It also highlights inconsistencies in the transparency of security practises of widely used BIM and CDE providers and emphasises the need for improved disclosure to increase user trust. To provide a structured approach to threat mitigation, we introduce the Process for Attack Simulation and Threat Analysis (PASTA) framework and demonstrate its applicability in aligning business and technical risks within BIM and CDE workflows. In addition, this paper proposes to integrate security requirements into the BIM Execution Plan (BEP) to improve alignment across all project phases. Recommendations are provided for providers and users to establish a trust-based approach to information security that ensures compliance with standards and promotes the resilience of construction workflows. This paper highlights practical pathways to enhance the security of BIM and CDE implementations, focusing on robust technical safeguards and the role of trust in collaborative projects.