Cyber Security Risk Management solutions for infrastructure development projects

Through the normal project lifecycle, contractors and other key stakeholders maintain and manage significant amounts of information that cyber criminals and other external players can be interested in. This includes confidential files containing project construction transportation plans and drawings, transportation schedules, contract data, security protocols, client data and employee data. If accessed and exploited by cyber attackers, the outcomes can lead to delays and financial losses, and loss of reputation for the project and all stakeholders.

Existing cybersecurity standards and practices from other industries cannot be easily adopted into the infrastructure project sector due to characteristic differences and challenges such as complex interactions, different stakeholder interests, and typically lower profit margins.

While there have been numerous policies and guidelines developed in recent years, the translation of policy into effective cybersecurity activities is not a concise or simple exercise. There are many different standards, often overlapping, and coordinating an approach using the right standard for the right activities can be confusing.

In partnership with STORM Guidance, leading cyber risk management advisors, CSL Global has developed a range of risk management solutions for the global infrastructure development project sector. By combining specialist knowledge and many years of hands-on experience in the transportation, construction, physical and operational  security, and cyber risk environments, we have developed a way of working and a range of solution-oriented services under the InfraSec brand name.

We assist clients to:

•             identify applicable cybersecurity threats across all aspects of the project from design, procurement, construction, and operational phases

•             assess cyber risk relating to those threats taking into account the relevant project exposures in people, process, technology, data and suppliers.

•             identify and interpret cybersecurity requirements for the project and those being introduced or required by other project stakeholders.

•             outline an effective Information Security Management System (ISMS) and test the effectiveness of their cybersecurity controls against current threats.

•             help suppliers understand the importance of cybersecurity to the project, and how they can reduce their overall risk, and develop project specific cybersecurity protocols for suppliers.

•             maintain integrity of any cyber risk insurance policies in place, by ensuring that the cybersecurity management plan complies with insurance policy conditions.

•             develop tailored cyber incident response plans to support optimised incident management.

•             effectively coordinate the response to cyber incidents when they occur.