CONSTRUCTION BUSINESSES working together on major building projects have been offered ‘first-of-its-kind’ security advice from industry and Government. The all-new Information Security Best Practice Guidance aims to help these firms in keeping sensitive data safe from attackers by offering tailored advice on how to securely handle the data they create, store and share in joint venture projects.
The document is the manifestation of a unique collaboration between experts from industry and the National Cyber Security Centre, the Department for Business, Energy and Industrial Strategy and the Centre for the Protection of National Infrastructure. It includes input from firms with experience in joint ventures, including major infrastructure contracts such as HS2 and Crossrail, where information security risks are particularly relevant due to their typically large size, value and complexity.
By following the recommended steps, businesses can improve their physical, personnel and cyber security, in turn making themselves less attractive targets for malicious actors as threats – including ransomware – continue to pose a significant problem on the global stage.
Sarah Lyons, deputy director for economy and society resilience at the National Cyber Security Centre, explained: “Joint ventures in construction are responsible for some of the UK’s largest building projects. The data they handle must be protected to keep crucial infrastructure safe. Failure to safeguard this information not only impacts individual businesses, but can also jeopardise national security, so it’s vital joint ventures secure their sites, systems and data.”
Lyons added: “By following this new guidance, which is a ‘first-of-its-kind’ collaboration between industry and Government, construction firms can realise an holistic strategy for effectively managing their risks.”
Government and industry collaboration
As stated, the new guidance is a collaboration between Government and industry members of a National Cyber Security Centre-convened trust group that brings together expertise, experience and input from dozens of companies in the sector.
Business Minister Lord Callanan observed: “Data and digital technology are key to making a more productive, competitive and sustainable construction industry. However, this new technology presents challenges against which businesses must protect themselves and their stakeholders. This new guidance, produced in partnership between industry and Government, will help construction firms keep their information safe, ensuring that building projects are delivered on time and securely.”
The 44-page document sets out precisely why information security absolutely matters for joint ventures and offers a recommended approach to be taken when it comes to managing the risks. That approach includes:
*establishing information security governance and accountability within the joint venture and ensuring Board-level engagement
*identifying staff to hold responsibility for assessing specific information security risks and developing a shared information security strategy
*understanding the specific risks and any regulatory requirements for the joint venture and deciding on a shared risk appetite
*developing and agreeing on a shared information security strategy to manage and mitigate the risks holistically, including physical, personnel and cyber risks
Globally, the construction industry continues to be one of the most targeted sectors for the online attackers. Businesses of all sizes are at risk.Jon Ozanne, Chief Information Officer at Balfour Beatty, informed Security Matters: “With cyber attacks becoming increasingly more intelligent, cyber security and protecting our employees, supply chains and customer data has never been more important. The introduction of the new Information Security Best Practice Guide will play a key role in helping to combat the operational risks faced across the sector, raising the standard and educating on the measures required to protect against today’s cyber threats.”
Andy Black, Chief Information Security Officer at Sir Robert McAlpine, added: “Cross-industry collaboration is important to help the construction sector level up its approach to information security. We’re grateful for this opportunity to share our expertise and collaborate with our peers in developing this Best Practice guide for joint ventures.”
Earlier this year, the National Cyber Security Centre published cyber security guidance in tandem with the Chartered Institute of Building aimed at helping small and medium-sized businesses to improve their resilience.
Other National Cyber Security Centre resources aimed at helping organisations manage cyber security risks include the ‘Board Toolkit’ to facilitate essential conversations between Board members and their technical experts and the ‘Exercise-in-a-Box Toolkit’, which is designed to help organisations test their incident response plans in a safe environment.