Cybersecurity for AEC Firms During COVID 19 Pandemic (Source: Civil + Structural Engineer)

Jul 1, 2020

By Wayne Swafford

In the wake of COVID-19, another threat is increasing exponentially in the architecture, engineering and construction (AEC) industry – hacking. Over the last three months, AEC companies and public agencies have seen a surge in COVID-19-related cyberattacks due to the vulnerabilities associated with sudden and widespread remote work.

Cybersecurity – the multilayered approach to securing a technology environment to preserve the data and the integrity of our devices in the digital space – has never been more important to an AEC firm than it is now. With most of an AEC firm’s intellectual property, such as files, drawings, models and contracts, residing in the digital space, hackers now have a greater ability to get their hands on this information if proper cybersecurity is not practiced.

Consider, for instance, if a hacker can access the design files for a bridge under construction and holds that information for ransom. Or imagine if a cybercriminal obtains design information that will allow access into a bus rapid transit system. The hacker can then tap into the transit agency’s network and create mass disruption.

In recent years, cities such as Atlanta, New Orleans and Baltimore have been plagued by cybersecurity threats. Ransomware attacks have forced their networks to be shut down temporarily, resulting in millions of dollars spent on data recovery. Consequently, to protect their networks, clients are now demanding more robust cybersecurity programs from consultants and contractors. Federal agencies, and soon state and municipal clients, will require firms to adhere to higher security compliance levels as defined by the Department of Defense Cybersecurity Maturity Model Certification. To meet these requirements, AEC firms must step up their existing cybersecurity measures that address the ways information is shared and stored. Some of the cybersecurity measures that firms can implement include: