Firms working on joint venture construction projects, such as HS2, have been offered first-of-its-kind cyber security advice from a collaboration of government and industry experts
A new construction cyber security guide has been developed in a unique collaboration between experts from industry and the National Cyber Security Centre (NCSC), the Department for Business, Energy and Industrial Strategy (BEIS) and the Centre for the Protection of National Infrastructure (CPNI).
The construction cyber security advice, published in the Information Security Best Practice guide, is tailored specifically and aims to help firms protect the data they create, store and share in major joint venture projects.
It includes input from firms with experience in joint ventures, including major infrastructure contracts such as HS2 and Crossrail.
The Information Security Best Practice guide sets out how to:
- Establish information security governance and accountability within the joint venture and ensure board-level engagement
- Identify staff to hold responsibility for assessing specific information security risks and developing a shared information security strategy
- Understand the specific risks and any regulatory requirements for the joint venture, and deciding on a shared risk appetite
- Develop and agree on a shared information security strategy to manage and mitigate the risks holistically, including physical, personnel and cyber risks.
Globally, the construction industry continues to be one of the most targeted sectors by online attackers and businesses of all sizes are at risk
Sarah Lyons, NCSC deputy director for economy and society resilience, said: “Joint ventures in construction are responsible for some of the UK’s largest building projects and the data they handle must be protected to keep crucial infrastructure safe.
“Failure to protect this information not only impacts individual businesses but can jeopardise national security, so it’s vital joint ventures secure their sites, systems and data.
“By following this new guidance – a first-of-its-kind collaboration between industry and government – construction firms can help put a holistic strategy in place to effectively manage their risks.”
Data and digital technology present security challenges
Business minister Lord Callanan said: “Data and digital technology are key to making a more productive, competitive and sustainable construction industry.
“However, this new technology presents challenges that businesses must protect themselves and their stakeholders against.
“This new guidance, produced in partnership between industry and Government, will help construction firms keep their information safe, ensuring building projects are delivered on time and securely.”
Cyberattacks are becoming increasingly intelligent
Jon Ozanne, chief information officer at Balfour Beatty, said: “With cyberattacks becoming increasingly more intelligent, cyber security and protecting our own, our employees, our supply chain and customers’ data has never been more important.
“The introduction of the new Information Security Best Practice guide will play a key role in helping to combat the operational risks faced across the sector; raising the standard and educating those to the measures required to protect against cyber threats.”
NCSC offers businesses cyber security advice to protect from online threats
Andy Black, chief information security officer at Sir Robert McAlpine, said: “Cross industry collaboration is important to help the construction sector level up its approach to information security.
“We are grateful for this opportunity to share our expertise and collaborate with our peers, the NCSC, BEIS and CPNI to develop this best practice guide for Joint Ventures.”
Earlier this year, the NCSC released cyber security advice to construction businesses to protect from online threats.