Blog: Constructing a more secure digital future
Recent government figures show construction firms are less likely than others to put cyber security at the top of their agendas. Weightmans’ Paul Lowe explains why and suggests what contractors can do to protect themselves.
The construction industry does not prioritise cyber security highly enough - and the sector must educate itself in this vital area as the speed and extent of digitalisation accelerates.
A major government survey published last year by the Department of Culture Media & Sport showed that only 43 per cent of construction businesses have sought information or advice on cyber threats in the last 12 months, compared to 58 per cent of companies generally.
This is despite the fact that the construction sector is now increasingly susceptible to data security issues, thanks to its reliance on digitised information from the design stage, right through the entire lifecycle of a project.
A lot of the digital information shared during a construction project is commercially sensitive, and not only has substantial value to the people directly involved in, but also to those in the supply chain. This is only going to increase as the reliance the sector places on technology increases.
One of the major trends in the construction world in the last five years, particularly for design, is the growth in the adoption of Building Information Modelling (BIM) – a way of digitally coordinating design data.
Take, for example, building an apartment block. This process needs to incorporate numerous services, such as electrics, water and gas, while at the same time coordinating with the structural design elements of the building. BIM enables digitised information and drawings to be brought together into one model, often 3D computer generated. Its applications and versatility have made it a crucial component of the design process on most major construction projects.
However, as BIM becomes more important, threats to the security of digital data become greater. We’re already seeing cyber-criminals take advantage of the commercial value bound up in these digitised models, and this will only get worse as said hackers become increasingly sophisticated.
The integrated nature of BIM creates other threats. If designers and contractors are joining together a range of different designs and information from consultants who have different data, and this information is being pooled, there is the potential risk for hackers attacking one designer to affect the broader project.
There is a risk then of a domino effect, which could cause costly delays. In the construction world, projects run to a tight schedule, often linked to the timetable of the investors backing them. Any disruption as a result of interference in the design and construction process, represents a significant financial risk to everyone in the procurement chain.
So, what should the industry be doing? Certainly, contractors and consultants can tighten up their approach to information security. There are international standards on information security that can be followed to control the way data is handled, transferred, processed, and stored. This results in a higher level of awareness of the value of the data you hold, as well as the need to maintain and protect it.
Developers generally call the shots in the construction world, and could take a leadership role in recognising the value of the data involved in their projects. If they wanted, a developer could require data security standards to be met by all parties involved, as a way to promote vigilance.
Finally, the insurers are offering increasingly sophisticated cover for cyber security and data breaches. The industry also has the knowledge and expertise to give guidance and best practice advice on the most suitable courses of action on risk awareness and risk avoidance.