Hours before the Paris Olympics opening ceremony, several main high speed rail routes within France were sabotaged. Fires were set on the signally systems, presumably with the intention of causing chaos.
Attacks on transport infrastructure are not new and fortunately in this case the damage was quickly repaired, but what’s more concerning are the attacks that go unseen. Those that occur in cyber space and are harder to flag and often only become known once significant damage or disruption has already occurred.
We tend to think of cybercriminals targeting financial institutions and global corporations, using ransomware to garner big payouts. But threat actors are proving that no company or institution is immune. Small companies and even hospitals have been targeted. There really is no honour among thieves – and with transport and utilities infrastructure becoming more digitised, they’re equally vulnerable
As recently as May 2024, UK energy infrastructure was hit by a cyberattack targeting a vendor that facilitates payments between suppliers and customers. This highlights that it doesn’t always need to be a direct attack to be destructive.
As infrastructure is upgraded, automated and digitised, it’s essential that cybersecurity is part of that. The challenge is that engineers and project managers may know a great deal about construction and developing infrastructure, but few understand the intricacies of cybersecurity.
In cybersecurity a common saying is that it’s hard to protect against what you don’t know. In other words, a lack of cybersecurity knowledge puts construction and infrastructure at risk. There are far too many people today who like causing chaos, whether it’s for a minute of fame or more nefarious reasons, and infrastructure is a likely target.
Given how complex cybersecurity is, construction professionals can’t be expected to have all the answers. Even those is cybersecurity have a hard time keeping ahead of threats. But what construction can do is improve their understanding of where vulnerabilities can occur and at least know what’s valuable and worth protecting.
The starting point is to understand how key assets are digitised and connected. This can help identify access points, known system vulnerabilities and gateways where additional security measures can be implemented. Where new systems are being set up to do so with the guidance of cybersecurity professionals. Finally, having security policies in place and training staff on basic precautions can go a long way to reducing risks.
For construction professionals, expanding basic understanding of cybersecurity is worthwhile. As more infrastructure is digitised, keeping it safe is equally important.