GCHQ’s National Cyber Security Centre (NCSC) has set out the cyber security protocols for construction joint ventures working on infrastructure projects.
The new Information Security Best Practice guide aims to help those in JVs keep sensitive data safe from attackers. It offers advice on how to securely handle the data they create, store and share in JV projects.
The guide sets out why information security matters for JVs and recommends approaches to manage the risks. The recommendations include:
- establishing information security governance and accountability within the JV and ensuring board level engagement;
- identifying staff to take responsibility for assessing specific information security risks and developing a shared information security strategy;
- understanding the specific risks and any regulatory requirements for the JV and deciding on a shared risk appetite; and
- developing and agreeing on a shared information security strategy to manage and mitigate the risks holistically. This includes physical, personnel and cyber risks.
The protocols proposed in the guidance document are recommended, but not mandatory.
Cross-industry support
The report is supported by Balfour Beatty, BAM, Galliford Try, Morgan Sindall and Sir Robert McAlpine.
Jon Ozanne, chief information officer at Balfour Beatty, said: “With cyber attacks becoming increasingly more intelligent, cyber security and protecting our own, our employees’, our supply chain’s and customers’ data has never been more important.
“The Information Security Best Practice guide will play a key role in combatting the operational risks faced across the sector. It will raise the standard and educate those in the measures required to protect against cyber threats.”
Andy Black, chief information security officer at Sir Robert McAlpine, added: “Cross-industry collaboration is important to help the construction sector level up its approach to information security.”
Jeopardising national security
Sarah Lyons, NCSC deputy director for economy and society resilience, said: “Joint ventures in construction are responsible for some of the UK’s largest building projects. The data they handle must be protected to keep crucial infrastructure safe.
“Failure to protect this information not only impacts individual businesses, but can also jeopardise national security. So it’s vital joint ventures secure their sites, systems and data.
“By following this new guidance construction firms can help put a holistic strategy in place to effectively manage their risks.”
A Chartered Institute of Building and NCSC guide is available to help SMEs protect themselves against cyber attacks.
Don’t miss out on BIM and digital construction news: sign up to receive the BIMplus newsletter.