Cyber-attacks are among the side-effects of a technically connected world. Any business that connects to the Internet or use a cloud-based network is under threat of hacking, phishing, and other forms of cybercrime all the time. They are particularly detrimental if they breach critical infrastructures, as they can cripple entire business operations, causing significant financial losses, reputation meltdown, and property damage.
Australia is no stranger to such a threat. We’ve been dealing with cyber-attacks since the dawn of the digital age. It is estimated that one-quarter of all reported cyber security incidents affect organisations associated with Australia’s critical infrastructure, such as electricity, gas, water, and ports, with serious consequences for businesses and the community.
Cyber threats are a thing, and it’s evolving
The availability of critical infrastructure that provides essential services is critical to Australia’s prosperity and security. Globally, there are ongoing threats to the security of critical infrastructure. These could be in the form of:
- cyber security attacks
- malicious disruptions to supply chains
- physical infrastructure attacks
Thankfully, these attacks also help reveal vulnerabilities in our IT and operational systems, which leads to the creation of more robust data protection programs. Enterprises now use well-encrypted and upgradable infrastructure project management platforms, such as PlanRadar, to achieve better digital security on your infrastructure projects. But hackers also continue to develop more sophisticated methods to circumvent threat detection systems, so the only way to win the cyber war is to scale up before they do.
The target: critical infrastructure
Any assets that, if degraded, destroyed, or shut down, can significantly impact an organisation’s socio-economic activity or defence are considered critical infrastructure. These include government facilities and privately owned properties used to provide essential products and services such as food, water, communication, banking, energy, and health care.
Examples of critical infrastructure are bridges, power stations, data centres, cloud based construction management software, nuclear reactors, etc. Damage to these systems could lead to an extended interruption in the supply chain, which would cost a company potentially massive revenue losses and impact the community’s general welfare. For example, suppose a construction company’s document management system is hacked, and all files, including BIM models for government facilities, become corrupted or inaccessible. Here’s what might happen:
- All existing projects must be discontinued. Construction relies on accurate data to comply with safety and quality standards. Continuing a project without a comprehensive guide is risky.
- Prolonged downtime costs the construction company sizable time and budget, mainly since most job contracts require the company to pay for every day the project is delayed.
- Due to the delay, subcontractors and workers will also suffer a loss of income.
- The company has two choices: wait until the system is restored or redraw the plans from memory. Both options are risky because:
- there’s no guarantee you will recover the documents, and
- it’s impossible to remember all the specific details of a large construction infrastructure plan.
- Stolen sensitive information can be used against the construction company.
From standard malware to ransomware
Despite Australia’s continuing efforts to combat cybercrime and promote data safety in businesses that are part of the country’s critical infrastructure, cybercriminals are active and are evolving to find vulnerabilities in new, reinforced cyber security systems. They are also changing their tactics. Instead of simply infecting an organisation’s critical infrastructure security systems with malware to steal valuable data, hold this data hostage and demand ransom. This gave birth to a particular type of malware called ransomware.
When successfully uploaded to your computer network, ransomware prevents or limits your access to your data until you pay a ransom. It may either lock your screen, change passwords, or encrypt files to gain complete control of your files. Ransomware can be programmed to infect the entire system or select accounts.
Building cyber resilience in critical infrastructure
We now understand more clearly why data security is important. But how to achieve data security that can hold up against modern cyber-attacks is still debatable since the approach may differ from one critical infrastructure sector to another. However, there are standard procedures you can follow.
1. Bolstering legislation
Even though the private sector is willing to invest in more resilient cloud construction management software or cyber safety programs, only legislation can make it official and ensure all businesses will participate. Australia has recently amended the Security of Critical Infrastructure Act 2018, expanding its scope and establishing government assistance powers.
Now, finance, communication, and healthcare industries are obligated to comply with stricter cybersecurity regulations. Policy upgrades like this lay the foundation for cyber resilience in critical infrastructure.
2. Separation and tiering
To limit the impact of hacking on your company’s network, it would be best to separate your IT network from your operation technology (OT) network or corporate intranet. This way, attacks on your OT network won’t debilitate your IT network and vice versa. In addition, separating OT processes into tiers further reduces the damage cyber-attacks can cause.
3. Limiting access to essential systems
Data breach often occurs when a project management platform is too transparent. While transparency should be promoted, members of the organisation must understand that certain pieces of information are off-limits to the general public. Not having access to them is one way they can contribute to the company’s resilience to cybercrimes. Encrypting valuable construction data may save the entire system from falling apart when attacked.
4. Multi-factor authentication
One of the easiest ways to hack a company network is to steal log-in information from employees. Once hackers gain access to their accounts, they can steal information that would allow them to break more walls and access more sensitive data. With multi-factor authentication, logging in with legit information is no longer enough. If the system detects a log-in attempt using an unrecognised device, it will alert the account owner, thwarting the cyber-attack.
5. Routine security checks and audits
As mentioned, hackers are learning new ways to break into critical infrastructures. They wait until the system is unguarded before they attack to steal infrastructure data. But if you conduct regular security audits, you won’t give them any chance. And if they manage to get in, you can purge them before they can harm your network.
Improving the resilience of critical infrastructures to cyber-attacks benefits relevant sectors in various ways. For example, you can prevent potential damage to your assets, maintain business continuity, and preserve your clients’ trust. In addition, project management software like PlanRadar, which features construction data analytics and other advanced functionalities, adds value to your services.
Find out how PlanRadar can bolster your construction and infrastructure project’s security by scheduling a free PlanRadar product demo.