At our January Digital Drop-In we focussed on cyber security in the construction sector. As the sector increases its use of digital technologies the issues surrounding cyber security in the sector are becoming ever-more apparent.
We were joined by Derrick Madir, Managing Director of IT consultancy Coubari and Oliver T., Civil Engineering, Architecture & Construction Engagement Lead from the National Cyber Security Centre (NCSC).
Derrick presented some stark facts about the sector’s approach to cyber security, an area where the sector has traditionally underinvested, despite being the second highest target for cyber attacks in 2020. On most key measures from having a dedicated lead on cyber security through policies and reporting the sector lags behind the average – for example 67% of businesses have cyber security policies in place compared with just 58% in the construction sector. Factors that contribute to poor cyber security such as Bring Your Own Device (BYOD) are significantly higher in the sector compared with the national average, 65% versus 50%.
Derek provided a six-point strategic plan for people to consider when applying cyber security in their businesses:
Download Coubari presentation
The National Cyber Security Centre (NCSC) spoke about their ongoing work to improve the cyber security resilience of businesses in the sector. They presented NCSC Products & Services offered to industry. Their role is to simplify cyber security for government and businesses and to enable knowledge sharing.
A key part of the role is to understand the challenges facing the sector and develop products and solutions tailored to the sector. They have been working with the IET on a Code of Practice for Cyber Security in the Built Environment and with Considerate Constructors on guidance for site based activities.
Their latest publications, presented at the session, can be found on the NCSC website
The group were keen to understand how to balance the issues around costs and protection. This requires a culture change to look at preventative costs rather than dealing with costs once an incident occurs.
There is considerable NSCS approved training available and the team are planning on putting on workshops targeted specifically at SMEs.
There was considerable discussion around the issues of balancing the need to communicate this effectively without putting a sector that has traditionally lagged behind in embracing digital technologies off. The next session will explore how emerging technologies such as AI can be used to help and how to ensure responsible take-up and communication of those technologies.
It was agreed that the winner of the Digital Category of the National #CEAwards on 29 January 2021 would be invited with a presentation on the winning project to the session in March 2021.
Please contact us at [email protected]