The construction industry is a particularly ripe target for attacks because it is lucrative—the $10 trillion sector is one of the largest in the world—and increasingly vulnerable. What's more, by its very nature, construction cyber security faces industry-specific challenges.
First, the sector is becoming increasingly digitized. Paper blueprints are making room for building information modeling (BIM) processes so all project participants can view the same data changes at the same time. The increased efficiencies that digitization delivers also increase the number of weak links, since the more stakeholders with access to proprietary information there are, the more vulnerabilities that open up. The infamous 2014 Target data breach, which compromised millions of customers' sensitive credit card information, traced its source to an HVAC operator who was managing the stores' smart thermostats.
Construction cyber security also has to contend with employees on the road who bring their own devices to work and create more vulnerable endpoints. Furthermore, it has to factor in potentially lax protocols while companies install temporary networks for internet connectivity.
The Internet of Things (IoT) is making rapid advances in construction, from connected sensors to radio-frequency identification (RFID) tags on workers' hats. As companies work with streaming big data from IoT technology, insecure machines and shaky integration between IT and OT infrastructure complicate cyber security challenges even further.
Finally, insufficiently trained employees and old firmware with outdated security patches are challenges that need to be considered as cyber security threats constantly evolve.