Cybersecurity at the Construction Site: How to Tackle the Risk

Construction is booming. With the U.S. economy experiencing an ongoing recovery – the second longest in U.S. history– demand is surging for new homes and apartments, office buildings, and facilities. 

But are the companies that undertake all this new construction cyber-secure? Industry experts say that cybersecurity is often not on the radar for professionals in the construction field.

“For most people in construction that I know, the main concern is with materials being stolen – with people coming on to the site and stealing materials that have been dropped off,” says Ron Martin, a physical security expert and professor at Capitol. “Pilferage of materials is considered the biggest threat.”

That said, a construction company does need to consider the ways in which an insecure system could be exploited in order to sabotage a project or hurt the business, Martin said. For example, someone with malicious intent could manipulate the project schedule, causing confusion and delays. Access to CAD drawings could be exploited by competitors. In addition, if a competitor is able to find out about a company’s bidding process, it can find ways to steal the competitive edge.

What are the weak links at most construction sites? Martin sees two. One is the project management office, usually situated in a trailer or shed near the work being done. 

“The guys out there in the mud and muck aren’t using computers. But the project managers are. They’re in that trailer doing work on the computer, but how secure are those machines?”

Contractors depend on cell phones and Bluetooth connections for team communications, and that represents a second area of concern. “Just about all of us have an appendage we carry around called a cellphone,” Martin notes. “For contractors, mobile phone communications are vital because they’re doing just-in-time production on nearly everything.”

If the Bluetooth protocols on the team phones aren’t secure, though, someone could hack into the phone and disrupt communications at a critical moment, Martin says.

While awareness of such issues is probably not as developed as it should be among construction professionals, there’s no secret sauce that applies to this industry in particular, he says. Construction companies need to apply the same cybersecurity safeguards that are used in other industries – such as installing firewalls and antivirus protection, training employees not to fall prey to phishing or social engineering attacks, and – above all – controlling access.

For example, not just anyone should be able to log onto the company computer and view the work schedules or the CAD designs. Access privileges should be restricted to those who need them. Information should be portioned so that, in the event of a breach, the intruder won’t be able to access all of the company’s information and data.

Access is such a critical issue that Capitol Tech has a lab devoted to it. The Identity, Credentialing, and Access Management (ICAM) Lab, founded and directed by Martin, trains students from varied disciplines who may need an understanding of access control in their professions. 

Across any industry, Martin says, protecting assets effectively hinges on awareness.

“A large part of the solution involves common-sense risk management and IT security,” Martin says. “There’s nothing magical about it. But people do need to be sensitized to it.”

Add a cybersecurity edge to your construction management career with a degree from Capitol! We offer a bachelor’s degree in construction management and critical infrastructure, one of the only degrees of its kind available. Critical infrastructure programs are also available at the master’sand doctorallevel. Contact admissions@captechu.eduto find out more!