Skip to main content
DE6.1: Cyber security in building services design (2019) (pdf)
Back To All Knowledge Items

DE6.1: Cyber security in building services design (2019) (pdf)

Standard Rate
£35.00  +VAT
Member Rate

DE6.1, part of CIBSE’s Digital Engineering Series, is intended to assist those that commission, design, construct and operate built assets in understanding the implications of security on building services design. These implications may revolve around national security, commercial security or private security. Each will have individual requirements, and this publication looks to provoke thought in this regard. The solutions will be a matter for each individual organisation, company or person to ascertain.

A webinar on this topic was held in April 2019 - to view the webinar, click here:

Cyber security in building services design: webinar

This guidance considers the risks and threats associated with security, and examines these in the context of building services design and how those considerations should change our approach to basic design considerations; it also identifies the need for dedicated security experts to review and feed into each design.

Building services are increasingly part of the connected world, and this presents outside actors with opportunities to interfere with these services for myriad reasons. Such interference can have commercial or functional implications, and can affect the safety of a built asset; but most of this interference can be avoided by implementing simple changes in design philosophy.

Buildings form an increasingly important part of our national infrastructure as their internal systems become ‘smart’ and connected. They are becoming correspondingly more vulnerable to attack by virtue of their increasing profile and accessibility.

This publication will give readers an understanding of how to carry out a basic risk/ threat assessment, and to understand their own limitations — and thus, help readers to decide when to seek expert help to ensure that building services designs do not cause undue weaknesses to be designed into these vital systems. 

We have also provided templates that should help with organise Model Review Meetings, which are available here: 

Model Review Meeting Agenda

Model Review Meeting Minutes

Contents of DE6.1:

  • Introduction
  • Scope
  • Terms and definitions
  • Analysis
    • Context Analysis
    • Risk Analysis
      • Stage one: Setting the case for security
      • Stage two: Assess security requirements
      • Stage three: Understand the design
      • Stage four: Cause and effect
    • Risk Appetite
  • Solutions
    • Basic wins
    • Complex solutions
  • Conclusion


Andrew Krebs - Hoare Lea LLP

Technical advisors

Hugh Boyes - Bodvoc Ltd

Carl Collins - Consultant to CIBSE

John Taylor - Hoare Lea LLP


Matt Crunden - Legrand Electric Ltd

Miguel Castro - Schindler Ltd

Gavin Dunstan - SES Engineering Services

Share this page