Tel: +1-617-350-7550

Bi-Weekly CyberSecurity Recap July 2019

Bi-Weekly CyberSecurity Recap July 2019

July 12, 2019

Curated cybersecurity news

summary for facility management professional, building owners and IT professionals who are interested in building security and Facility IT.

 

Feds: Cyberattack on NASA’s JPL Threatened Mission-Control Data

Rampant security-operations bungling allowed cyberattackers to infiltrate JPL’s network, which carries human mission data.

Specifically, poor practices when it comes to network segmentation and third parties were a source of a cyberattack in April 2018, OIG said.

In that incident, hackers targeted a Raspberry Pi computer that was not authorized to be attached to the JPL network, exploited it, and then proceeded to take advantage of the network’s lack of segmentation to find a network gateway and pivot deeper into the system.

DOD’s Proposed Cybersecurity Maturity Model Certification Requirements: What We Know and How to Prepare

The anticipated new cybersecurity certification standards for DoD contractors are quickly taking shape. DoD is partnering with the Carnegie Mellon University Software Engineering Institute and the Johns Hopkins University Applied Physics Laboratory in developing the new certification standard: the Cybersecurity Maturity Model Certification or “CMMC.” This Alert outlines what has been revealed thus far about the CMMC, how the CMMC will affect DoD contractors, and steps you can take to be ready when the CMMC goes live. 

The CMMC will be a comprehensive and coordinated standard for cybersecurity, bringing together existing requirements, such as NIST SP 800-171, NIST SP 800-53, and AIA MAS 9933; private sector contributions; and input from academia. The goal of the CMMC is to secure the DoD supply chain by curing existing cybersecurity shortcomings within the Defense Industrial Base. 

Cybersecurity Framework Smart Grid Profile

The Smart Grid Profile is an initial attempt to apply risk management strategies from the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) to the smart grid. The Profile provides cybersecurity risk management guidance to power system owners/operators by prioritizing cybersecurity activities based on their effectiveness in helping power system owners/operators achieve common high-level business objectives for the smart grid. The Profile also provides a list of considerations relevant to the challenges power system owners/operators may experience as they implement these cybersecurity activities in infrastructures with high concentrations of distributed energy resources (DERs).

Top national cybersecurity expert: Every investment is at risks

Investors are growing increasingly wary of investing in an organization that later goes on to experience a costly breach, or inheriting an organization’s security vulnerabilities by way of mergers or acquisitions. In fact, cybersecurity now represents a significant threat to deals.

Navy holds AI and cybersecurity contest with $150,000 in cash prizes

The Navy launched a competition this week for finding machine learning and artificial intelligence solutions for real-world cybersecurity challenges.

The challenge — dubbed the Artificial Intelligence Applications to Autonomous Cybersecurity Challenge (AI ATAC) — holds a $100,000 first place and $50,000 second place awards. It is open to all citizens and permanent residents, be they defense contractors, researchers, students or just technology-curious private citizens.

The contest is sponsored by Naval Information Warfare Systems Command (NAVWAR) and Program Executive Office for Command, Control, Communications, Computers and Intelligence (PEO C4I).

Are our smart buildings secure from hackers?

The number of smart buildings, with integrated building management technology at the core, is on the rise. The complex building automation system (BAS), which keeps occupants safe and comfortable, integrates various monitoring and control solutions such as heating, ventilation, and air-conditioning (HVAC), lighting, fire, security, networking onto a single platform. A smart building also uses data generated by IoT-enabled equipment, coupled with data gleaned from external sources, to allow for performance-enhancing, energy-saving decision making.

New Global Cybersecurity Alliance Accelerates Education, Readiness, and Knowledge Sharing

There is a lack of focus in cyber security.  This rarely stems from lack of hard work, desire, technical ability or aspiration.  Many cybersecurity leaders and teams voice concern around lack of funding, minimal executive support and share all too common stories of burnout at all levels of the organization (including the CISO).  However, these are often symptoms rather than root causes.  Without understanding the root causes, cyber security leaders can miss the forest for the trees — with the company’s true security risk reduction suffering for it.



Leave a comment

Comments will be approved before showing up.


Also in Cimetrics News

October, 2019 Newsletter - New Deal for Buildings, Cybersecurity Summit, BACnet Consulting for Facility Managers/Building Owners and more..
October, 2019 Newsletter - New Deal for Buildings, Cybersecurity Summit, BACnet Consulting for Facility Managers/Building Owners and more..

October 31, 2019

Read More

CyberSecurity Recap October 2019
CyberSecurity Recap October 2019

October 18, 2019

New Deal Cybersecurity Summit, Future of Cybersecurity, National Security Awareness month, Security Vs Security, Cyberattacks affecting smart buildings and more..

Read More

BACnet for small platforms
The best way to implement BACnet on your small platform

October 09, 2019

Adding BACnet to small platform devices.

Read More