C+S July 2020 Vol. 6 Issue 7 (web)

ers to create models of physical environments, such as office buildings and factories, and the interactions of people, spaces, and devices. Azure IoT Hub provides a cloud-hosted solution back-end to connect virtually any device. It enables developers to use device-to-cloud telemetry data to understand the state of devices and define message routes to Azure services.

JERRY KING the vice president of strategic alliances at Bentley Systems. PAVAN EMANI is the vice president of iTwin Software Development at Bentley Systems.

In the wake of COVID-19, another threat is increasing exponentially in the architecture, engineering and construction (AEC) industry – hack- ing. Over the last three months, AEC companies and public agencies have seen a surge in COVID-19-related cyberattacks due to the vulner- abilities associated with sudden and widespread remote work. Cybersecurity – the multilayered approach to securing a technology environment to preserve the data and the integrity of our devices in the digital space – has never been more important to an AEC firm than it is now. With most of an AEC firm’s intellectual property, such as files, drawings, models and contracts, residing in the digital space, hackers now have a greater ability to get their hands on this information if proper cybersecurity is not practiced. Consider, for instance, if a hacker can access the design files for a bridge under construction and holds that information for ransom. Or imagine if a cybercriminal obtains design information that will allow access into a bus rapid transit system. The hacker can then tap into the transit agency’s network and create mass disruption. In recent years, cities such as Atlanta, New Orleans and Baltimore have been plagued by cybersecurity threats. Ransomware attacks have forced their networks to be shut down temporarily, resulting in millions of dollars spent on data recovery. Consequently, to protect their net- works, clients are now demanding more robust cybersecurity programs from consultants and contractors. Federal agencies, and soon state and municipal clients, will require firms to adhere to higher security compliance levels as defined by the Department of Defense Cyberse- curity Maturity Model Certification. To meet these requirements, AEC firms must step up their existing cybersecurity measures that address the ways information is shared and stored. Some of the cybersecurity measures that firms can implement include: • Security Training: One of the most effective ways to protect your firm from cyberattacks is to educate your employees. Live in-person security training, mandatory cybersecurity training courses and fire drills such as Cybersecurity for AEC Firms During COVID 19 Pandemic By Wayne Swafford

phishing tests can shore up a company’s cyber defenses. During these train- ing exercises, employees can be taught how cyberattacks have evolved over the years from phishing e-mails to impersonating voice mails to imitating LinkedIn pages. Furthermore, firms should also have a cybersecurity policy that helps employees understand the responsible use of e-mails, company data, internet, and social media. • Multifactor Authentication: Firms can deploy multifactor authentication where multiple steps are needed to access company-owned networks. This makes it significantly more difficult for hackers to get into company systems and reduces the risk of simple attacks by as much as 90 percent. • Patching: Firms need to make sure that they are up to date with the latest software patches needed to support their operating systems. A rigorous se- curity patch management/update schedule can go a long way toward foiling different kinds of cyberattacks on a firm’s network infrastructure. • Penetration Testing: This is a proactive approach that works in concert with patching. A penetration test is when a firm engages an outside con- sultant to hack into its network (called ethical hacking) and check the firm’s cyber defenses. Based on the results of this testing, the firm can then make the necessary corrections. • Intrusion Detection/Intrusion Prevention: This allows a firm to identify digital patterns in your network and then associate those patterns with em- ployees’ activities to gather a baseline. The system will trigger an alert if the baseline pattern is not followed. For example, if someone from accounting who doesn’t ever access project files suddenly downloads 10 GB of project information, the firm’s warning system will be immediately alerted. • Cyber Insurance: While the above steps are important measures, they still don’t guarantee a fool-proof cybersecurity system. Consequently, firms should invest in cyber insurance to protect themselves in the event of a cy- berattack that might compromise their digital assets. People and intellectual property are the biggest assets for an AEC firm. A cyberattack can create significant financial, operational and reputa- tional impacts to these assets. As COVID-19 has made working from home and other locations essential, more work is being performed outside the confines of the office firewall. This distributed work envi- ronment has increased the need for more sophisticated cybersecurity. By implementing some or all of the measures listed above, AEC firms can provide greater cybersecurity for their employees and clients while increasing their competitive advantage.

WAYNE SWAFFORD, P.E., is the President of Lockwood, Andrews & Newnam, Inc. (LAN), a national planning, engineering and program management firm. He can be reached at WayneSwafford@lan-inc.com.

43

july 2020

csengineermag.com

Made with FlippingBook Annual report