Extending Ifc for IT Security

Hi,
I would like to express some IT security facts about building
automation devices.

My conclusion so far is that there is little work done in relation with It security.

Thus I have to extend some IFC schemas ( IFCs 4 ? / BAMie subset ?) and/or define
new Psets in order to be able to model these facts.

The facts could be device related, helping to answer questions
such as

• “Does this device possess some identifiable firmware” ?
• “Is the firmware associated to a device upgradable ?”,
• “Is the device intended to contains some GDPR regulated data”,

Facts may also be more general, helping for example to answer to
“Does the device maker and/or the contractor owns a dedicated
communication channel for vulnerability disclosures related to the device” ?

My question is : would it be sufficient to express these properties
as Psets or will it be required to extend the step schema ?

Regards,

J.-M.

I think first of all you should find which “standards” and “protocols” are good enough?

If there is not standard and/or protocol then you have to have some home-made ones

And I think it would be good you develop them based on IDM/MVD approach and in the near future bSI accepts them and adds them to schema

Thanks for your answer.

Maybe used a bad section for my question as I do not want to extend the ifc standard itself.
What’s I’m looking for is a way to express the security properties while staying in the ifc4 frame.

I’ll have a look to the IDM/MVD approach …