Guide includes input from National Cyber Security Centre and Centre for the Protection of National Infrastructure

Government cyber security bosses have launched new advice for construction firms working on major building projects such as HS2.

The new Information Security Best Practice guide aims to help these firms keep sensitive data safe from attackers by offering advice on how to securely handle the data on joint venture projects.

The guide is a collaboration between experts from industry and the National Cyber Security Centre (NCSC), the Department for Business, Energy and Industrial Strategy and the Centre for the Protection of National Infrastructure.


Source: Shutterstock

Several high-profile firms in the industry have been targeted by cyber attacks in recent years

>> Free webinar: Introduction to Smart Buildings and cyber security: New Guidance and Best Practices on the security of Smart Built Environments: IoTSF

>> Free webinar: Cybersecurity in construction

It includes input from firms with experience in joint ventures, including major infrastructure contracts such as HS2 and Crossrail, where information security risks are particularly relevant due to their typically large size, value and complexity.

The aim is that, by following the recommended steps, businesses can improve their physical, personnel and cyber security, making themselves less attractive targets.

Sarah Lyons, NCSC deputy director for economy and society resilience, said: “Joint ventures in construction are responsible for some of the UK’s largest building projects and the data they handle must be protected to keep crucial infrastructure safe.

“Failure to protect this information not only impacts individual businesses but can jeopardise national security.”

Construction businesses of all sizes continue to be targets for cyber attackers due to the data they hold and high-value payments they handle, with firms including Bouygues, Bam, Tilbury Douglas when it was known as Interserve, Zaha Hadid and Arup all falling prey to attack in recent years.

Earlier this year, the NCSC published cyber security guidance with the Chartered Institute of Building aimed at helping small and medium-sized businesses improve their resilience.