GCHQ launches cyber attack guidance for construction firms

The UK’s spy chiefs have published cyber security guidance aimed at the UK construction industry.

Working with the Chartered Institute of Building (CIOB), the Cyber Security for Construction Businesses guide from the National Cyber Security Centre (NCSC) – which forms part of GCHQ – is tailored to protect contractors and other firms in the sector.

Last year, Construction News revealed that experts at major contractors were drawing up guidance for the industry to use to head off cyber attacks while working in joint ventures.

A string of tier one contractors have been hit by cyber attacks over the past three years, including Bam Construct, Interserve, Bouygues UK, RMD Kwikform and Amey. Engineering consultant Arup saw its payroll company hit last January.

The GCHQ-backed guidance is aimed at small and medium-sized firms as businesses that rely more on digital tools and ways of working, such as using 3D modelling packages, GPS equipment and business management software.

Construction businesses of all sizes continue to be targets for cyber attackers due to the sensitive data they hold and high-value payments they handle.

The guide offers practical advice for each stage of construction, from design to handover, and sets out the common cyber threats the industry faces, including from spear phishing, ransomware and supply chain attacks.

The new guidance is split into two parts: the first is aimed at helping business owners and managers understand why cyber security matters, and the second aimed at advising staff responsible for IT equipment and services within construction companies on actions to take.

The advice outlines seven steps for boosting resilience, covering topics including creating strong passwords; backing up devices; how to avoid phishing attacks; collaborating with partners and suppliers; and preparing for and responding to incidents.

CIOB chief executive Caroline Gumble said: “The consequences of poor cyber security should not be underestimated. They can have a devastating impact on financial margins, the construction programme, business reputation, supply chain relationships, the built asset itself and, worst of all, people’s health and wellbeing.

“As such, managing data and digital communications channels is more important than ever.”

NCSC deputy director for economy and society resilience Sarah Lyons said: “As construction firms adopt more digital ways of working, it’s vital they put protective measures in place to stay safe online – in the same way you’d wear a hard hat on site.

“That’s why we’ve launched the new Cyber Security for Construction Businesses guide to advise small and medium-sized businesses on how to keep their projects, data and devices secure.

“By following the recommended steps, businesses can significantly reduce their chances of falling victim to a cyber attack and build strong foundations for their overall resilience.”

The guide can be downloaded via the NCSC website.

Leave a comment