In this edition of the CIHT podcast we discuss how UK infrastructure both physical and digital faces a range of threats from terrorism to state and commercial espionage, hacktivism to criminality amongst others. How do we guard against these threats for those involved in the transport sector? The answer it is believed lies in adopting “a security minded approach”.
Join other savvy professionals just like you at CIHT. We are committed to fulfilling your professional development needs throughout your career
In this edition of the CIHT podcast we discuss how UK infrastructure both physical and digital faces a range of threats from terrorism to state and commercial espionage, hacktivism to criminality amongst others. How do we guard against these threats for those involved in the transport sector? The answer it is believed lies in adopting “a security minded approach”.
Listen to the podcast click here
To help understand this CIHT’s Justin Ward, had the opportunity to speak to Alex Luck security expert and chair of CIHT’s Asset Management panel; Hugh Boyes, a security expert and working with the University of Warwick’s Cyber security centre; and security expert Garry Heyward.
All agreed that a security minded approach is where everything is considered, from physical, personnel to cyber security – and where all these different elements are brought together in projects.
Designing in security - Garry Heyward explained that “engineers should be making sure that security mindedness is incorporated very early into the design brief of projects whilst being sympathetic to the architecture and nature of environments”
Threats to digital infrastructure – Hugh Boyes said: “what we are seeing is that people are making available data that has security or personal identifiable information issues and this could be quite valuable to terrorist or organised criminals”. Hugh Boyes advises that if such data has to be published then it must be carefully considered and the data must be aggregated.
Security guidance for engineers - Hugh Boyes explained: “one of the things we have been doing is working with the engineering council to develop some security guidance for engineers. The guidance encourages people to think about what they are communicating, trying not to make an attacker's life easy”
Cyber Security - Hugh Boyes provides an insight into the Cyber Essential and Cyber Essentials Plus that have been recently been released by government.
Building and maintaining Assets - Building Information Modelling (BIM) offers huge advantages in terms of detailed knowledge of transport assets but also comes with huge risks. Alex Luck, explained: “you can do quite a lot by controlling the level of detail that you release, for example, if you are putting up a building and that building is got to be resistant to a certain amount of level of blast, what you would not do is to attach your glass calculations to the specifications for the steel that is going into that building, the company supplying that steel does not need to know what that building is capable of withstanding”.
PAS1192/5 - The risks and how the transport sector address them was a key driver behind PAS1192/5. One of the authors of PAS1192/5, Alex Luck provides a good overview of the context and need for this, saying: “We are relying more on information and technology to run those assets we also looking at things like off-site prefabrication and much greater levels of automation, cyber physical systems relaying on sensors to provide us with real time information about asset use and performance all of this generates vase amounts of very useful information for those of us in the industry but can also be used by those with malicious intent to potentially compromise those assets or the safety and security of those using them”.
Alex Luck went on to explain that: “CPNI – recognise the benefits that this approach brings in building information modelling and greater use of digital engineering – encouraging people to recognise how the data could be used by those with malicious intent just taking appropriate and proportionate measures – it’s about accessing what risks you have, the measures that you want to take to mitigate that risk. About good risk management.
BIM level 2 - Hugh Boyes said: “One of the things that have been quite staggering with our work around BIM level 2 has been the general level of ignorance of the value of information and data. The fact that it is a real asset. So we need to think about what we are communicating. So for example if on a major infrastructure project there are some 9000 staff do we provide all of them access to the common data?”
Automation - We are increasing witnessing the use of automation and sensors to develop our transport network from drones to autonomous vehicles to remote sensors being used to monitor bridges. Although there are potentially huge benefits, Huge Boyes said: “What we have seen is that people are rushing ahead with automation and loading information up on the internet without appreciating the risks of doing so”.
The interview comes from the latest in the CIHT podcast series where Justin Ward speaks to leading individuals in the transport world. To find others and to listen click here.
Join other savvy professionals just like you at CIHT. We are committed to fulfilling your professional development needs throughout your career
{{item.AuthorName}} {{item.AuthorName}} says on {{item.DateFormattedString}}: