summary for facility management professional, building owners and IT professionals who are interested in building security and Facility IT.
Rampant security-operations bungling allowed cyberattackers to infiltrate JPL’s network, which carries human mission data.
Specifically, poor practices when it comes to network segmentation and third parties were a source of a cyberattack in April 2018, OIG said.
In that incident, hackers targeted a Raspberry Pi computer that was not authorized to be attached to the JPL network, exploited it, and then proceeded to take advantage of the network’s lack of segmentation to find a network gateway and pivot deeper into the system.
The anticipated new cybersecurity certification standards for DoD contractors are quickly taking shape. DoD is partnering with the Carnegie Mellon University Software Engineering Institute and the Johns Hopkins University Applied Physics Laboratory in developing the new certification standard: the Cybersecurity Maturity Model Certification or “CMMC.” This Alert outlines what has been revealed thus far about the CMMC, how the CMMC will affect DoD contractors, and steps you can take to be ready when the CMMC goes live.
The CMMC will be a comprehensive and coordinated standard for cybersecurity, bringing together existing requirements, such as NIST SP 800-171, NIST SP 800-53, and AIA MAS 9933; private sector contributions; and input from academia. The goal of the CMMC is to secure the DoD supply chain by curing existing cybersecurity shortcomings within the Defense Industrial Base.
The Smart Grid Profile is an initial attempt to apply risk management strategies from the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) to the smart grid. The Profile provides cybersecurity risk management guidance to power system owners/operators by prioritizing cybersecurity activities based on their effectiveness in helping power system owners/operators achieve common high-level business objectives for the smart grid. The Profile also provides a list of considerations relevant to the challenges power system owners/operators may experience as they implement these cybersecurity activities in infrastructures with high concentrations of distributed energy resources (DERs).
Investors are growing increasingly wary of investing in an organization that later goes on to experience a costly breach, or inheriting an organization’s security vulnerabilities by way of mergers or acquisitions. In fact, cybersecurity now represents a significant threat to deals.
The Navy launched a competition this week for finding machine learning and artificial intelligence solutions for real-world cybersecurity challenges.
The challenge — dubbed the Artificial Intelligence Applications to Autonomous Cybersecurity Challenge (AI ATAC) — holds a $100,000 first place and $50,000 second place awards. It is open to all citizens and permanent residents, be they defense contractors, researchers, students or just technology-curious private citizens.
The contest is sponsored by Naval Information Warfare Systems Command (NAVWAR) and Program Executive Office for Command, Control, Communications, Computers and Intelligence (PEO C4I).
The number of smart buildings, with integrated building management technology at the core, is on the rise. The complex building automation system (BAS), which keeps occupants safe and comfortable, integrates various monitoring and control solutions such as heating, ventilation, and air-conditioning (HVAC), lighting, fire, security, networking onto a single platform. A smart building also uses data generated by IoT-enabled equipment, coupled with data gleaned from external sources, to allow for performance-enhancing, energy-saving decision making.
There is a lack of focus in cyber security. This rarely stems from lack of hard work, desire, technical ability or aspiration. Many cybersecurity leaders and teams voice concern around lack of funding, minimal executive support and share all too common stories of burnout at all levels of the organization (including the CISO). However, these are often symptoms rather than root causes. Without understanding the root causes, cyber security leaders can miss the forest for the trees — with the company’s true security risk reduction suffering for it.
Comments will be approved before showing up.