NCSC Shares Guidance to Help Secure Large Construction Projects

The UK’s National Cyber Security Centre (NCSC) has just published a 44-page guide to help construction joint ventures secure their sensitive data from attackers and manage information security risks.

Presented as a “first-of-its-kind” security document by the NCSC on Tuesday, August 23, 2022, the Information Security Best Practice Guidance stems from a collaboration between the UK’s lead technical authority on cyber security, the Department for Business, Energy and Industrial Strategy (BEIS) and the Centre for the Protection of National Infrastructure (CPNI).

In this guide, construction firms will be able to find a set of tailored advice from industry and government experts.

The recommended approach includes the need for “identifying staff to hold responsibility for assessing specific information security risks and developing a shared information security strategy,” and “understanding the specific risks and any regulatory requirements for the joint venture, and deciding on a shared risk appetite,” for instance. It also promotes holistic management of security risks within joint ventures.

“By following the recommended steps, businesses can improve their physical, personnel and cyber security, making themselves less attractive targets for malicious actors as threats – including ransomware – continue to pose a significant problem globally, [and as] the construction industry continues to be one of the most targeted sectors by online attackers and businesses of all sizes are at risk,” reads the NCSC announcement.

The guide also includes input from firms with experience in joint ventures, including major infrastructure contracts such as HS2 and Crossrail.

“Joint ventures in construction are responsible for some of the UK’s largest building projects and the data they handle must be protected to keep crucial infrastructure safe. Failure to protect this information not only impacts individual businesses but can jeopardize national security, so it’s vital joint ventures secure their sites, systems and data,” said Sarah Lyons, NCSC Deputy Director for Economy and Society Resilience.

“Cross industry collaboration is important to help the construction sector level up its approach to information security,” concluded Andy Black, CISO at British construction company Sir Robert McAlpine, who contributed to the guide. 

What’s Hot on Infosecurity Magazine?