That Laing O’Rourke was virtually untouched by the ransomware known as WannaCry – the same one that affected the NHS – is down to the work we have already carried out to protect our company and people – but there is certainly no room for complacency.
That’s because our industry’s drive to improve construction productivity through computerised tools – digital engineering, 3D design software and business information systems – inevitably leaves us at risk from cyber crime.
Sharing best practice
Protection of digital assets like 3D models is therefore paramount, which is why Laing O’Rourke was one of the founders of a forum of UK construction industry chief information officers (CIOs) in 2015 to share cyber security best practice.
“Cyber security is at number one, two and three in any CIO’s list of priorities at the moment,” says Gareth Burton, CIO for Europe at Laing O’Rourke, and Chair of the forum. “It would have an impact on our industry’s productivity and our ability to design, manufacture and deliver projects if we were breached by malware. And, of course, the building information modelling (BIM) that we share with partners in the supply chain contains sensitive information that we don’t want to fall into the wrong hands.”
Conforming to cyber security standards
At Laing O’Rourke, a significant amount has been invested in protection systems. At the core of that is the Security Operations Centre, an in-house team with a remit to manage and watch networks and systems to make sure the company is not being compromised. Based in Dubai to best cover different global time zones, the centre is working extremely effectively.
Graham Brierley, Head of Digital Engineering for Laing O’Rourke, leads the team that supports the use of 3D models across bids and projects. He is co‑ordinating work around developing one integrated approach to IT, information management, business systems and digital engineering. “These different areas are dependent on each other so it’s worthwhile co-ordinating on the use of cyber security too,” he says.
Meeting standards on BIM security
Graham is also working with Gareth to ensure that Laing O’Rourke conforms to a set of security standards specifically aimed at BIM, known as PAS 1192 Part 5, which are published by the British Standards Institution. Businesses overall are facing much tougher obligations and penalties, as the new General Data Protection Regulation (GDPR) becomes law across the EU in May 2018. In the UK in particular, the Information Commissioner’s Office will be able to issue fines of up to 4% of global turnover, or €20m, whichever is higher – a huge increase on the regulator’s current maximum fine of up to £500,000.
Working with new platforms
Laing O’Rourke Australia is working with Microsoft to investigate the technology company’s Digital Rights Management (DRM) platform, which allows security to be applied to individual files and assets – even once they’ve left our networks. DRM could also be used to restrict the printing, forwarding and copying of sensitive information. Whether it’s Europe or Australia, the message is clear: the cyber threat is real and everyone has a part to play in minimising the damage it can cause.