Cybersecurity in construction
When risks are accessed in the construction industry it typically brings to mind worker safety and the question of on-time delivery by subcontractors and supply chain vendors or payment by clients. However, with technology increasingly being incorporated into construction it has opened up the industry to an entirely new type of threat.
Smart technology is being increasingly introduced to manage systems and these applications vary from smart motorways, to building heating or cooling systems, power supply, lift operations and security systems. Not to mention data servers which may contain BIM systems, blueprints and supplier or employee data. Cybersecurity is something that the construction industry should be concerned about, especially with the new GDPR regulations. Yet the overall feeling in the industry seems to be that it isn’t a priority – it should be.
Everyone is vulnerable
Hackers are only too aware of the opportunities that exist as more industries start to embrace technology. While headlines have been made with cyberattacks that have been made on financial institutions, the implications for the construction and infrastructure sectors are actually a lot more scary.
Imagine a hacker is able to access the smart systems controlling motorways or rail systems, they could cause accidents, and bring transportation systems to a standstill. In Kiev in December 2016 the city experienced a city wide black out which was thought to be as a result of a cyberattack. One small vulnerability can open up cities to a great deal of risk with regards to smart technology in infrastructure.
Is there a solution?
Industry experts advise that a proactive approach is needed in construction to improve cybersecurity. Those companies that start implementation first will have the competitive advantage and will be less likely to become targets because there will be many other easier targets around.
Additionally, companies need to take into consideration how to build more secure systems and manage them from a holistic perspective. Vulnerabilities often occur at the point of integration and hackers only need a small window to get through. Having a master systems architect that can review all systems and integrations and identify vulnerabilities is important, especially in large corporations that have thousands of employees and suppliers, and run multiple operations systems.
Assuming individual systems are secure is not enough, there need to be proactive policies in place geared towards making sure that vulnerabilities are closed up. Otherwise it’ll only be a matter of time before a cyberattack becomes a reality.