NCSC shares tips to help secure major construction projects
The UK’s National Cyber Security Center (NCSC) has just released a 44-page guide to help construction joint ventures secure their sensitive data from attackers and manage information security risks.
Introduced as a “first of its kind” safety document by the NCSC on Tuesday, August 23, 2022, the Information Security Best Practices Guide stems from a collaboration between the UK’s lead technical authority on cybersecurity, the Department for Business, Energy and Industrial Strategy (BEIS) and the Center for the Protection of National Infrastructure (CPNI).
In this guide, construction companies will be able to find a set of personalized advice from industry and government experts.
The recommended approach includes the need to “identify personnel responsible for assessing specific information security risks and developing a shared information security strategy” and to “understand the specific risks and any regulatory requirements of the joint venture, and deciding on a shared risk appetite,” for example. It also promotes comprehensive security risk management within joint ventures.
“By following the recommended steps, organizations can improve their physical, personal and cyber security, making them less attractive targets for malicious actors as threats – including ransomware – continue to be a significant problem globally. , [and as] the construction industry continues to be one of the sectors most targeted by online attackers and businesses of all sizes are at risk. NCSC announcement.
The guide also includes contributions from companies with experience in joint ventures, including large infrastructure contracts such as HS2 and Crossrail.
“Construction joint ventures are responsible for some of the largest construction projects in the UK and the data they manage must be protected to keep critical infrastructure secure. Failure to protect this information not only impacts individual businesses, but can also jeopardize national security. It is therefore vital that joint ventures secure their sites, systems and data,” said Sarah Lyons, NCSC Deputy Director for Economic and Societal Resilience.
“Cross-industry collaboration is important to help the construction industry improve its approach to information security,” concluded Andy Black, CISO of British construction company Sir Robert McAlpine, who contributed to the guide.