Cybersecurity in the construction sector

Cybersecurity in the construction sector

The public construction industry is responsible for critical infrastructure, an important foundation in our society. The systems embedded in all the critical infrastructure are integrated and centralized; thereby, the risk of vulnerable attacks, intrusions, etc., is high. We all know that digital tools are very important in planning, erecting, and managing our infrastructure. The trust is also that widespread digitalization will help the industry to be more efficient and cost-efficient in construction to meet the needs of the market.

An important source of efficiency is sharing information via common tools and channels. However, when critical information is shared between many different parties, risks arise.

Digital working methods and tools create vulnerabilities, especially when handling sensitive information. This is especially unfortunate in the rapidly growing cybercrime, where organizations, citizens and companies are constantly being targeted. Personal responsibility and attitudes are crucial for good cyber security. This applies regardless of whether you perform professionally or as a private person. As a result, awareness needs to be increased and routines for working with these issues (i.e. intrusion and attacks) introduced in our industry.

In 2019, KRESP Projektledning AB received funding in cooperation with KTH (and partners, i.e. Jiniba and 4IQ) to conduct a development project to investigate this important aspect of the construction sector in Sweden. This project was part of the programme Smart Built Environment.  The strategic innovation programme called Smart Built Environment is a plan that outlines how the built environment sector can contribute to Sweden’s journey to the global forefront of the new opportunities of digitalization so that we can achieve intelligent, sustainable cities, manage our resources more efficiently and reduce carbon emissions. The aims of this programme are to take a holistic approach to the opportunities that digitalization can bring and to catalyze the dissemination of new opportunities and business models across the sector. The programme also ensures the commitment and support of public sector stakeholders and the long-term government investment that is a prerequisite for success.

Within the project, they investigated cyber security outside the protection perimeter for digitization processes. A threat model could be formulated with stakeholders, and a prototype regarding a portal with guidelines and methods could be developed. The project was a first step towards increased knowledge about different types of cybercrime within the framework of the Smart Built Environment.

Maybe the most important result is the need to work together. Just imagine a normal construction project where many companies and lots of people share information through multiple digital tools and platforms. At the site, in common projects, they are, in fact, working outside the safe perimeter of their own organization. Luckily the sector has a history of collaboration to meet the client’s and society’s requirements. A good example is the combined resources put together enabling us to reduce accidents in the sector: Håll Nollan This is an association working for safe construction with 100 members nationwide (it means to keep the zero, i.e. zero killed or injured at the sites in Sweden).

Another good example is ID06. The ID06 has, in collaboration with the construction industry, created a standard for ID cards (ID06) to be used by people at our sites. With this identification initiative, we can share information and reduce the risk of economic crimes etc.  We have developed a similar approach to cyber and digital threats.

Through the development project, KRESP started the process by drawing attention to the industry around security risks and vulnerabilities. They also worked on finding and spreading knowledge to reduce risks and formulating requirements for Cyber Security in projects and management.

Now a few years later, I am Sally is ready to support this sector. In Sally, your security ally, we have gathered the tools and processes we need to take further steps to increase safety. Sally is the platform you need in your daily business to

  • Reduce your risk profile.
  • Manage your cyber and digital risks.
  • Support and develop your team.

We are able to monitor the risk 24/7 if needed. Take a look at iamsally.io today, and let’s be in touch soon.