3 minute read
BUILD THAT FIREWALL How Cybersecurity Affects Your Construction Project
The beauty of the construction industry is that it effectively serves every facet of the economy. Even chatbots need buildings in which to be hosted so, when construction intersects with the healthcare, technology or defense sectors, cybersecurity measures cannot be forgotten when determining requirements that flow down the construction pyramid projects, they can often take a backseat. Forgive the platitude, but this requires a case-by-case assessment of your risk profile, and knowledgeable brokers can be helpful in determining whether such risk is material.
Let’s start by defining what this typically entails: a cybersecurity breach is defined in federal legislation under the Personal Information Protection and Electronic Documents Act (PIPEDA), which regulates how private sector organizations handle personal information.
PIPEDA specifically defines “breach of security safeguards” as the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards or from a failure to establish those safeguards. Breaches relating to personal information are certainly very serious and, under PIPEDA. can carry fines up to $100,000. Of course, the cost impacts of a breach can extend well beyond regulatory fines.
Although coverage can offer significant relief, it is by nature a remedy, not a preventative measure. Best practices to manage your cybersecurity risk include:
1. Running frequent risk assessments and penetration tests to determine potential threats and vulnerabilities.
2. Creating and enforcing an industry-standard cybersecurity policy applicable to the organization and down the construction pyramid.
3. Training employees, contractors and leaders in cybersecurity threats and incident reporting, applicable on site and remotely.
4. Requiring two-factor authentication and other such measures to protect critical systems and data.
5. Creating locally hosted backups of critical data on a regular basis and checking recovery processes to ensure data can be accessed in the event of breach.
6. Based on experience, are there any noteworthy observations that you would like to share on your experience of using CBAs in Canada?
It’s fascinating to observe an entire industry undertake a culture change. There are inevitably challenges along the way; however, seeing the breadth of people get on board with a progressive way of working goes to show just how ready the industry is for a change in direction. I’m excited about what the future holds, and as Charles Darwin said, “In the long history of humankind (and animal kind, too) those who learned to collaborate and improvise most effectively have prevailed.”
About the Author
Georgina is a Chartered Procurement Professional with over 12 years industry experience, including working in collaborative arrangements including pure alliance agreements and collaborative contracts. Leadership experience of ground-breaking behavioural procurement strategy across the largest Alliance in the UK Rail Industry. International strategic leadership, and implementation of Collaborative Behavioural Assessments across a multi-billion-dollar portfolio.
As technology permeates construction—the way construction is essential to other parts of the economy—privacy breaches, cyber crime and data security become growing concerns. Corruption of the subcontractor’s document management system can cause delays. The general contractor’s leak of worker personal information can give rise to fines.
The architect’s designs getting hacked can undermine security systems, means and methods. Email compromise, ransomware, phishing, and remote desktop access are becoming increasingly common and construction projects are not immune to this. State-based cyberattacks are increasingly targeting major infrastructure. While there are certainly some projects where no ‘secrets’ apply, in an industry where reputations are critical, the harm here can be significant and even confidential ransom payments can often be over $1M.
The context in which parties often consider cybersecurity is when determining applicable insurance. Cyber risk insurance products have evolved significantly in the past few years and, while costs can be justifiable, in slim margin and/or high-risk
Today’s construction projects benefit from the efficiency created by technology. Parties are now accustomed to using these new tools but will need to acknowledge the inherent risks that come with using them. Digital infrastructure is now a part of the built reality in which we work, and a vigilance for safety is required here as well.
About the Author
Saad is Senior Legal Counsel, Corporate, Americas at Equinix, advising primarily on matters across the continent. Equinix is a global leader in data centre solutions and Saad’s practice spans construction, real estate, renewables, project finance, procurement, regulatory, and litigation. He has demonstrated leadership in infrastructure consulting, telecom, government, Canada’s largest bank, and a high growth startup. Saad holds a law degree from the University of Westminster, and certifications in Construction Law from Osgoode Hall, and in Negotiation from Harvard Law School.
