In the rapidly evolving landscape of construction, where digital technologies are becoming increasingly intertwined with project management and operations, a new study sheds light on the critical need for robust cyber risk management. Led by Dongchi Yao of the S.M.A.R.T. Construction Research Group at New York University Abu Dhabi (NYUAD) and the Department of Civil and Urban Engineering at NYU, the research identifies key cyber risk factors specific to construction projects, offering a comprehensive framework to mitigate potential threats.
As construction projects embrace digital transformation, they also expand their vulnerability to cyber-attacks. “The interconnected nature of modern construction technologies creates a larger attack surface, making it essential to understand and manage cyber risks effectively,” Yao explains. The study, published in the Journal of Civil Engineering and Management (Žurnalas “Civilinė inžinerija ir valdymas”), addresses this gap by developing a systematic approach to identify and assess cyber risks at the project level.
The research employs a seven-step methodological framework to pinpoint 32 critical risk factors, categorized into five groups: project information, project structure, information technology (IT), operational technology (OT), and management and human aspects. This comprehensive set of factors serves as a valuable reference for cybersecurity management and can be used as inputs for future quantitative risk assessments.
For the energy sector, where construction projects often involve complex and high-value assets, the implications are significant. Cyber-attacks on energy infrastructure can lead to substantial financial losses, operational disruptions, and even safety hazards. By identifying and mitigating these risks proactively, construction firms and energy companies can safeguard their investments and ensure the smooth execution of projects.
“The energy sector is particularly vulnerable due to the critical nature of its infrastructure,” Yao notes. “By integrating these risk factors into their cybersecurity strategies, companies can better protect their assets and maintain operational continuity.”
The study also introduces a checklist for proactive risk management, allowing construction firms to assess their vulnerabilities and implement appropriate safeguards. Moreover, the flexible framework developed by Yao and his team can be adapted to identify risk factors for other types of projects, enhancing its applicability across various industries.
As the construction industry continues to embrace digital technologies, the findings of this research will be instrumental in shaping future developments in cybersecurity management. By providing a clear and structured approach to identifying and mitigating cyber risks, the study offers a roadmap for construction firms and energy companies to navigate the complexities of the digital age securely.
In an era where cyber threats are ever-evolving, the work of Dongchi Yao and his team underscores the importance of staying ahead of potential risks. As the construction industry continues to innovate, so too must its approach to cybersecurity, ensuring that the benefits of digital transformation are realized without compromising safety and security.