A Scoping Review for Cybersecurity in the Construction Industry

The 4th industrial revolution and its inherent digitalization are changing every aspect of the construction industry. However, these technological transformations bring new challenges, including cybersecurity. Although a number of studies in recent years have aimed to analyze cybersecurity issues in the construction sector, further research investment in this area is vital. The first step towards identifying needed and promising research directions in this domain is to systematically analyze the existing body of knowledge and detect knowledge gaps. This study addresses this need through a systematic scoping review designed based on the Preferred Reporting Items for Systematic Reviews and Meta-Analysis extension for Scoping Review (PRISMA-ScR). To synthesize the existing knowledge, the extracted information is mapped with multiple benchmarks, including the National Institute of Standards and Technology (NIST) framework for cybersecurity management. The outcomes of the scoping review indicated that, from the construction perspective, the existing literature mainly focuses on a few areas, including Building Information Modeling (BIM), while other digital systems such as construction robots and prefabrication platforms need to be considered in future works. In terms of cybersecurity management, most of the existing studies focus on identifying risks and protecting assets. Other aspects of cybersecurity management, including detecting intrusions, responding to threats, and recovering from cyber-attacks need to be addressed in future studies. Regarding the technology-mediated countermeasures, the existing studies have explored only a limited number of potential solutions with a considerable focus on Blockchain-based systems, while the application of other countermeasures such as network virtualization can be a basis for future studies. Finally, the existing studies focused on procedural guidelines lack systematic solutions for areas including integrated cyber risk management and organizational change.