The construction of the Hoover Dam, one of the wonders of the modern industrial world, began in 1931 and was completed in 1935. To deliver this gigantic structure, the team faced many challenges, including extreme temperatures, difficult soil conditions, lack of access to the construction site, and executing the work in poor economic times.
But, at least, one thing they did not have to worry about at that time was the possibility of hackers breaking into their systems. Completing this massive, iconic structure required 21,000 employees, 4.4 million cubic yards of concrete, and 45 million pounds of reinforced steel. But not a single computer.
More Technology, More Challenges
Today, the construction industry is being challenged by new threats. In a world increasingly connected by technology, companies must ensure they have the proper controls, infrastructure, and procedures to protect the proprietary information they manage as part of the construction process, including bids and proposal information, blue prints and designs, and materials pricing.
This highly confidential information is very valuable to those looking to perform industrial espionage, achieve access to client or employee information, or just steal data to obtain a competitive advantage.
Moreover, the introduction of new technologies and expanded use of big data analytics has heightened concerns about individual privacy rights, moving many countries to regulate the processing of personal information, the EU’s GDPR being one of the most far reaching. This has created a complex regulatory-compliance regime for companies, especially those that operate in multiple jurisdictions, and raised the stakes for safeguarding employee and customer data.
The consequences of data breaches can be catastrophic for any company. If malicious actors gain access to information and systems that are critical for running the business, the reputation of the impacted organization may be damaged significantly, which, at the end of the day, will affect employees and their families, customers, vendors, and suppliers.
For this reason, we are committed to protecting the information we are entrusted by our customers and employees with an award-winning information security program and third-party accreditations that certify our information security practices. These include the ISO/IEC 27001:2013 certification, which specifies the requirements for establishing, implementing, maintaining and continually improving our information security management system, and the Cyber Essentials Plus certification, a U.K. government-backed, industry-supported certification scheme introduced in the U.K. to help organizations demonstrate operational security against common cyber-attacks.
Ensuring Operational Continuity for Critical Infrastructure
But data breaches are not the only threat affecting the construction industry. Critical infrastructure, such as modern power plants, mass transit systems, oil refineries, and others, depend on interconnected systems and remote access to function. And these platforms are susceptible to be hacked.
Cyberattackers have developed tools and platforms to remotely take over industrial controls and supervisory control and data acquisition systems, exposing critical infrastructure to an increasingly hostile cyber environment.
For this reason, we created the Industrial Control Systems Cyber Security Technical Center, which focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.
In this mission, we are partnering with George Mason University to help fill critical security gaps between software and hardware manufacturers and plant operations, and provide expertise in the U.S. government’s National Institute of Standards and Technology Risk Management Framework.
The combination of our unique experience in the EPC industry, our best practices in information security, and our proactive approach to protecting the infrastructure we build allows us to serve our customers and earn their trust across the entire facility lifecycle.
As the National Cyber Security Alliance in North America spotlights the value of information during this year’s Data Privacy and Protection Day, we remain committed to staying ahead of the bad actors in cyberspace and making every effort to protect our employees and customers’ information assets.