Abstract
This paper presents an empirical study on the need for sector-specific CERT capacity in the Norwegian construction sector. Findings from the interviews demonstrate a need for developing competence in ICT security in this sector. The actors express a desire for a forum for sharing information and learning from other actors within the industry. In our estimation, there is insufficient support in the industry to create a “full-blown” CERT/CSIRT. However, it seems that all the interviewees are positive about the idea of creating an ISAC-like forum.
