Working apart has taught the value of working together, says BAM's Ian Hill

For the last 14 months, most of us have been apart from our workmates. There's been no chatting about the weekend with colleagues, no shared tea breaks in the kitchen, no ‘Just popping to the shop, want anything?' - only a stream of virtual meetings and a growing sense of isolation.

Royal BAM Group, which understands that collaboration is at the heart of its business, has turned this period of separation into a strength. Global Director of Cyber Security Ian Hill says, "One thing that has come out of [the pandemic], which is very interesting and very useful, is that the construction industry is coming together more as an industry."

Like other firms, BAM had to make rapid changes last year. As a sector that relies on people working physically close together, the need for social distancing and disruption of supply chains hit particularly hard.

"A lot of building sites were closed, a lot of construction sites were closed, nobody was placing orders. Getting hold of materials and things like that - you forget that, as a construction company, we rely on a lot of raw materials: the construction site might be open, but you might not be able to get hold of critical materials."

Royal BAM Group CISO Ian Hill presenting at a Computing event

While sites were frozen, the industry's IT workers kept going. Although colleagues were being forced to work separately, Hill and his fellow industry CISOs realised the value in working together - reasoning that "the enemy is out there." With that in mind, security leaders at several major firms have begun working together to draw up plans for responding to cyber incidents.

Although it's existed unofficially since last year, recent attacks on at least five major construction companies - as well as a payroll contractor used by Arup in January - prompted industry leaders to formalise the arrangement as the UK Construction Industry CISO Forum.

"We now have regular meetings with CISOs of the top construction and civil companies in the UK…where we openly share and discuss the subject of cyber security. We accept that, whilst we are in competition with each other, a lot of the time we're in joint venture partnerships with each other and the enemy is out there. So, we're looking at various initiatives together on how we can support each other within the industry and how the industry can support itself from a cyber perspective."

As well as talking to industry peers, the Forum is supported by the NCSC's CEAC [Construction, Engineering, Architecture and Civil] Trust Forum, and is collaborating with its own European equivalent body overseas.

The CISO Forum is drafting plans now - covering rules around access requirements and cybersecurity responsibilities in joint ventures - which it will share with experts in the government, and then with the wider industry.