UK NCSC Issued Best Practises To Boost JV Data Security

To help contractual joint ventures on large infrastructure projects strengthen data security, the government’s National Cyber Security Centre has developed best practise guidelines. The government and business worked together for months to develop the ground-breaking security guidance in an effort to reduce the risk of cyberattacks.

The 44-page Information Security Best Practice chapter gives specialised guidance on how to safely handle the data that construction firms create, store, and share in joint venture projects in an effort to assist them in safeguarding sensitive information from attackers. The National Cyber Security Centre (NSCC), a part of Government Communications Headquarters, the Centre for the Protection of National Infrastructure (CPNI), Balfour Beatty, Bam, Galliford Try, Morgan Sindall, and Sir Robert McAlpine all participated in the development of the guidelines.

According to the authors, ransomware and other cyberthreats continue to be a major problem on a global scale. Businesses can increase their physical, employee, and cyber security by taking the suggested actions, making them less appealing targets for nefarious actors. Partnerships in construction are accountable for some of the largest building projects in the UK, and the data they manage must be protected to keep essential infrastructure safe, Sarah Lyons, NCSC deputy director, said.

Joint ventures must secure their sites, systems, and data since the failure to safeguard this information affects not only individual enterprises but can even jeopardise national security.

Construction enterprises can assist in developing a comprehensive strategy to efficiently manage their risks by adhering to the new guidance, which is the result of a ground-breaking partnership between industry and government. The guide explains why information security is important for joint ventures and provides a suggested strategy to mitigate the risks, such as:

  • Creating information security governance, accountability, and board involvement inside the joint venture.
  • Understanding the possible risks and any regulatory standards for the joint venture and deciding on a shared risk appetite.
  • Identifying people to be responsible for assessing specific information security risks and implementing a shared information security strategy.
  • Creating and approving a joint information security strategy to manage and mitigate risks, including physical, human, and cyber threats, in a comprehensive manner.

Businesses of all sizes are at risk since the construction sector remains one of the most targeted industries globally by internet attackers.

With cyberattacks growing more clever, cyber security and protecting its own, the employees, the supply chain, and customers’ data has never been more vital, said Jon Ozanne, chief information officer at Balfour Beatty. The release of the new Information Security Best Practice guide will play a crucial part in aiding in the mitigation of operational risks faced by the sector as a whole; raising the standard and enlightening people to the precautions necessary to protect against cyber threats.

Andy Black, chief information security officer of Sir Robert McAlpine, added that industry collaboration is critical to assist the construction sector raise the bar on information security. They are appreciative of the chance to work with the NCSC, BEIS, and CPNI, as well as their peers, to establish this best practise guideline for joint ventures.

Data and digital technologies are essential to creating a more productive, competitive, and sustainable construction industry, according to business minister Lord Callanan. However, because of the risks this new technology poses, organisations must take precautions to safeguard their stakeholders and themselves.

This new guidance, created in collaboration between business and government, will aid building enterprises in protecting their information and ensuring the timely and secure completion of projects. In an effort to help small and medium-sized enterprises increase their resilience, the NCSC and the Chartered Institute of Building published cyber security recommendations earlier this year.

The Board Toolkit, which facilitates crucial discussions among board members and their technical people, and the Exercise in a Box toolkit, which helps organisations test their incident response strategies in a secure setting, are additional NCSC resources aimed at assisting organisations in managing cyber security risks.