The first-of-its-kind security advice is the result of months of collaboration between industry and government in a bid to fend of the risk of cyber attacks.
The 44-page aims to help construction firms keep sensitive data safe from attackers by offering tailored advice on how to securely handle the data they create, store and share in joint venture projects.
Balfour Beatty, Bam, Galliford Try, Morgan Sindall and Sir Robert McAlpine were all involved in producing the guidance, alongside the Centre for the Protection of National Infrastructure (CPNI) and the National Cyber Security Centre (NSCC), which is a division of Government Communications Headquarters (GCHQ).
Cyber threats 鈥 including ransomware 鈥 continue to pose a significant problem globally, the authors say. By following the recommended steps, businesses can improve their physical, personnel and cyber security, making themselves less attractive targets for malicious actors.
NCSC deputy director Sarah Lyons said: 鈥淛oint ventures in construction are responsible for some of the UK鈥檚 largest building projects and the data they handle must be protected to keep crucial infrastructure safe.
鈥淔ailure to protect this information not only impacts individual businesses but can jeopardise national security, so it鈥檚 vital joint ventures secure their sites, systems and data.
鈥淏y following this new guidance 鈥 a first-of-its-kind collaboration between industry and government 鈥 construction firms can help put a holistic strategy in place to effectively manage their risks.鈥
The guide sets out why information security matters for joint ventures and offers a recommended approach to take to manage the risks, including:
- establishing information security governance and accountability within the joint venture and ensuring board-level engagement
- identifying staff to hold responsibility for assessing specific information security risks and developing a shared information security strategy
- understanding the specific risks and any regulatory requirements for the joint venture, and deciding on a shared risk appetite
- developing and agreeing on a shared information security strategy to manage and mitigate the risks holistically, including physical, personnel and cyber risks.
Globally, the construction industry continues to be one of the most targeted sectors by online attackers and businesses of all sizes are at risk.
Balfour Beatty chief information officer Jon Ozanne said:鈥淲ith cyberattacks becoming increasingly more intelligent, cyber security and protecting our own, our employees, our supply chain and customers鈥 data has never been more important.
鈥淭he introduction of the new Information Security Best Practice guide will play a key role in helping to combat the operational risks faced across the sector; raising the standard and educating those to the measures required to protect against cyber threats.鈥
Sir Robert McAlpine chief information security officer Andy Black added: 鈥淐ross industry collaboration is important to help the construction sector level up its approach to information security. We are grateful for this opportunity to share our expertise and collaborate with our peers, the NCSC, BEIS and CPNI to develop this best practice guide for joint ventures.鈥
Business minister Lord Callanan said:鈥淒ata and digital technology are key to making a more productive, competitive and sustainable construction industry. However, this new technology presents challenges that businesses must protect themselves and their stakeholders against.
鈥淭his new guidance, produced in partnership between industry and government, will help construction firms keep their information safe, ensuring building projects are delivered on time and securely.鈥
Earlier this year the NCSC published with the Chartered Institute of Building aimed at helping small and medium-sized businesses improve their resilience.
Other NCSC resources aimed at helping organisations manage cyber security risks include the , to facilitate essential conversations between board members and their technical experts, and the which helps organisations to test their incident response plans in a safe environment.
Got a story? Email news@theconstructionindex.co.uk