of the United Kingdom National Cyber Security Center (NCSC) has released refreshed guidelines for construction firms working on major infrastructure projects, eg HS2Developed in collaboration with both government and industry.
The NCSC For example, the kingpin of the construction sector has worked side by side Balfour Beatty And Sir Robert McAlpineas well as Department of Business, Energy and Industrial Strategy (BEIS) and the Center for National Infrastructure Protection (CPNI), the DOG project that addresses information security risks in extreme size, value and complexity.
The resulting best practice guidelines – which are now available to interested parties Download from NCSC website – Advises organizations to help protect sensitive data from malicious actors by providing useful advice on data created, stored and shared in joint venture projects. It covers physical, personnel and cyber security.
“Construction joint ventures are responsible for some of the UK’s largest building projects and the data they handle must be protected to protect critical infrastructure,” said Sarah Lyon, deputy director for economy and society resilience at the NCSC.
“Failure to protect this information not only affects individual businesses but can threaten national security, so it’s important joint ventures secure their sites, systems and data.
“Following these new guidelines – a first-of-its-kind collaboration between industry and government – can help construction companies develop a holistic strategy to effectively manage their risks.”
“As cyber attacks become increasingly sophisticated, cyber security and protecting our own, our employees’, our supply chain’s and customers’ data has never been more important,” added Balfour BT CIO John Ozan.
“The introduction of the new information security best practice guide will play an important role in helping to address the operational risks faced across the sector; Raising standards and educating them on the necessary measures to protect against cyber threats.”
Sir Robert McAlpine CISO Andy Black said: “Cross industry collaboration is key to helping the construction sector level its approach to information security. We are grateful for this opportunity to share our expertise and collaborate with our colleagues, NCSC, BEIS and CPNI, to develop these best practice guidelines for joint ventures.”
The guide’s recommendations include:
- establishing information security governance and accountability within construction joint ventures and securing board-level involvement;
- Identify personnel who will be responsible for assessing specific information security risks, and developing a shared information security strategy;
- Understanding the specific risks and any regulatory requirements for the joint venture and agreeing a shared risk appetite between all parties;
- and developing and agreeing on a shared information security strategy to manage and mitigate risks holistically, including physical, personnel and cyber risks.
Earlier this year, the NCSC issued more general cyber guidance for the construction industry, aimed more at small and medium-sized firms and sole traders or contractors. This guide was co-authored by Chartered Institute of Building (CIOB), can be found here.
This guide is divided into two parts, the first aimed at helping construction owners and managers understand why they need to pay attention to cyber security and why it is important, and the second aimed at providing more practical advice for staff with responsibility for IT equipment. Within construction companies and on building sites.