The Construction Industry and Cybersecurity: It’s Game On, Not Game Over

Cybersecurity in the Construction IndustryTheft has always lurked throughout the dark recesses of the construction industry.

Stolen machinery and building supplies amount to hundreds of millions of pounds in losses each year. In fact, a 2017 UK government survey revealed an insidious new type of theft; nearly seven out of ten large businesses have suffered a cyber breach or attack at some point, adding up to hundreds of billions in losses.

Cybercrime can severely cripple a construction company’s livelihood. Filched supplies from a construction site are one thing; losing control over one’s intellectual capital is another. The low rate of technology adoption within the industry is impacting organizations’ growth and revenue – not to mention security. However, don’t despair. The industry can redeem itself by beginning to incorporate cyber safe technology into their processes.

BIM and CDE: an opportunity

Building information modelling (BIM) presents us with such an opportunity. It is BIM rather than other topics that is driving a significant step change in the information security demands from owners, which then ripple through to suppliers. BIM supports owners’ demands for data security by linking costs and scheduling with a more detailed, structured, data set of a built asset. This nD treasure trove of information becomes even more powerful when BIM is integrated with a common data environment (CDE). Together, BIM and CDE efficiently handle the information processes in a plan-build-operate lifecycle and help reduce the operations and maintenance of a completed asset.

The power duo of BIM and CDE are not entirely immune to danger, however. A ransomware attack on BIM and CDE could prevent a construction team’s access to critical data or applications. Even more threatening, a digital thief may access vital information on a highly sensitive project, such as a prison or nuclear power plant. In a 2014 survey conducted by the University of Bolton, nearly half of the respondents, mostly comprised of construction professionals regularly working with BIM, agreed that hacking poses a threat to BIM’s security.

Data sovereignty: looking ahead

Government and industry experts have issued a series of proposals and regulations designed to counter the threat facing BIM and cloud computing. The PAS 1192 5 advisory document helps organizations who are trying to protect their data security. The proposal supports digitally-built environments, including intelligent buildings and smart cities, by providing a framework to manage security risks that affect a built asset.

However, data sovereignty is a larger issue that most vendors anticipated. Even well-provisioned SaaS platforms must continue to boost their investment in security. Infrastructure as a Service (IaaS) and Software as a Service (SaaS) vendors such as Amazon and Aconex have broadened their implementation of infrastructure and services across more countries to meet local data sovereignty demands, resulting in increased complexity and overheads.

Surprisingly, company employees are one of the greatest threats to data integrity. Sophisticated phishing schemes may lure unsuspecting employees into accidentally triggering a cyberattack. Passwords are another inherently poor safeguard, and, the adoption of two-factor authentication has been slower than anticipated. The industry clearly has more work ahead to ensure data integrity. In the meantime, amidst the threats to data security, the cloud has performed admirably well for nearly two decades.

“Cloud computing is more secure than anything your IT department can do given the budget they have to work with,” says analyst Denis Pombriant of Beagle Research Group. “It just is. Is it fool-proof? No, but in the dispute between good guys and bad guys, cloud makes it a fair fight.”

Ready to learn more about how Aconex can help you improve security on your next program or across your portfolio? We’re happy to provide you with a live demo.

Steve Cooper

Steve Cooper

General Manager UK & Ireland at Oracle's Aconex
Steve Cooper is General Manager UK & Ireland at Oracle's Aconex, a leading collaborative construction and engineering management software.
Steve Cooper