Bi-Weekly CyberSecurity Recap July 2019

by Svetlana Lyons July 12, 2019

Bi-Weekly CyberSecurity Recap July 2019

Curated cybersecurity news

summary for facility management professional, building owners and IT professionals who are interested in building security and Facility IT.

 

Feds: Cyberattack on NASA’s JPL Threatened Mission-Control Data

Rampant security-operations bungling allowed cyberattackers to infiltrate JPL’s network, which carries human mission data.

Specifically, poor practices when it comes to network segmentation and third parties were a source of a cyberattack in April 2018, OIG said.

In that incident, hackers targeted a Raspberry Pi computer that was not authorized to be attached to the JPL network, exploited it, and then proceeded to take advantage of the network’s lack of segmentation to find a network gateway and pivot deeper into the system.

DOD’s Proposed Cybersecurity Maturity Model Certification Requirements: What We Know and How to Prepare

The anticipated new cybersecurity certification standards for DoD contractors are quickly taking shape. DoD is partnering with the Carnegie Mellon University Software Engineering Institute and the Johns Hopkins University Applied Physics Laboratory in developing the new certification standard: the Cybersecurity Maturity Model Certification or “CMMC.” This Alert outlines what has been revealed thus far about the CMMC, how the CMMC will affect DoD contractors, and steps you can take to be ready when the CMMC goes live. 

The CMMC will be a comprehensive and coordinated standard for cybersecurity, bringing together existing requirements, such as NIST SP 800-171, NIST SP 800-53, and AIA MAS 9933; private sector contributions; and input from academia. The goal of the CMMC is to secure the DoD supply chain by curing existing cybersecurity shortcomings within the Defense Industrial Base. 

Cybersecurity Framework Smart Grid Profile

The Smart Grid Profile is an initial attempt to apply risk management strategies from the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) to the smart grid. The Profile provides cybersecurity risk management guidance to power system owners/operators by prioritizing cybersecurity activities based on their effectiveness in helping power system owners/operators achieve common high-level business objectives for the smart grid. The Profile also provides a list of considerations relevant to the challenges power system owners/operators may experience as they implement these cybersecurity activities in infrastructures with high concentrations of distributed energy resources (DERs).

Top national cybersecurity expert: Every investment is at risks

Investors are growing increasingly wary of investing in an organization that later goes on to experience a costly breach, or inheriting an organization’s security vulnerabilities by way of mergers or acquisitions. In fact, cybersecurity now represents a significant threat to deals.

Navy holds AI and cybersecurity contest with $150,000 in cash prizes

The Navy launched a competition this week for finding machine learning and artificial intelligence solutions for real-world cybersecurity challenges.

The challenge — dubbed the Artificial Intelligence Applications to Autonomous Cybersecurity Challenge (AI ATAC) — holds a $100,000 first place and $50,000 second place awards. It is open to all citizens and permanent residents, be they defense contractors, researchers, students or just technology-curious private citizens.

The contest is sponsored by Naval Information Warfare Systems Command (NAVWAR) and Program Executive Office for Command, Control, Communications, Computers and Intelligence (PEO C4I).

Are our smart buildings secure from hackers?

The number of smart buildings, with integrated building management technology at the core, is on the rise. The complex building automation system (BAS), which keeps occupants safe and comfortable, integrates various monitoring and control solutions such as heating, ventilation, and air-conditioning (HVAC), lighting, fire, security, networking onto a single platform. A smart building also uses data generated by IoT-enabled equipment, coupled with data gleaned from external sources, to allow for performance-enhancing, energy-saving decision making.

New Global Cybersecurity Alliance Accelerates Education, Readiness, and Knowledge Sharing

There is a lack of focus in cyber security.  This rarely stems from lack of hard work, desire, technical ability or aspiration.  Many cybersecurity leaders and teams voice concern around lack of funding, minimal executive support and share all too common stories of burnout at all levels of the organization (including the CISO).  However, these are often symptoms rather than root causes.  Without understanding the root causes, cyber security leaders can miss the forest for the trees — with the company’s true security risk reduction suffering for it.




Svetlana Lyons
Svetlana Lyons

Author



Leave a comment

Comments will be approved before showing up.


Also in Cimetrics News

Horizon19 Welcomes Notable Figures in the Clean Economy for International Climate Change Summit
Horizon19 Welcomes Notable Figures in the Clean Economy for International Climate Change Summit

by Svetlana Lyons September 19, 2019

It is a great honor to share this announcement about the upcoming Horizon19, an International Summit, including both the private and public sectors, for the Clean Economy. The event is held September 19-20 at the Boston Convention Center, in Boston, MA, USA.

Read More

Clean Economy Collaborations and Carbon Neutrality at Horizon19
Clean Economy Collaborations and Carbon Neutrality at Horizon19

by Svetlana Lyons September 17, 2019

First day of Horizon19 event. For live event updates, be sure to follow Horizon19 on Twitter and Facebook. You're also invited to contribute to the conversation with the hashtag #Horizon19Boston across social media. 

Read More

Bi-Weekly CyberSecurity Recap End of August 2019
Bi-Weekly CyberSecurity Recap End of August 2019

by Svetlana Lyons August 26, 2019

Cybersecurity development platform for IoT devices launched, Lessons Learned From Federal Agency Cybersecurity Projects, How to Make Smart Cities Safer and More Secure, We must treat cybersecurity as a public good. Here's why...

Read More

cimetrics.com Legal Terms and Conditions

June 29, 2016

cimetrics.com (the "Site") is owned by Cimetrics Inc. ("Cimetrics").

PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THIS SITE.  YOU MAY NOT USE THIS SITE IF YOU DO NOT ACCEPT THE TERMS AND CONDITIONS.

Terms of Use

The information herein provided is for general informative purposes only, and no warranties or representations are made with respect thereto. The information may contain inaccuracies or typographical errors.  The information provided is subject to change at any time, and without notice. Changed information may include, but is not limited to, technical specifications and pricing. Binding declarations are only given after detailed enquiries.

BECAUSE THE INFORMATION IS NOT WARRANTED, ALL LIABILITY FOR THE ACCURACY OF THE INFORMATION IS EXPRESSLY EXCLUDED.

IN NO EVENT SHALL CIMETRICS, ITS OFFICERS, DIRECTORS, EMPLOYEES, PARENTS, AFFILIATES, SUCCESSORS OR ASSIGNS, BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OR PERFORMANCE OF THE CIMETRICS SITE, WITH THE DELAY OR INABILITY TO USE THE CIMETRICS SITE OR RELATED SERVICES, THE PROVISION OF OR FAILURE TO PROVIDE SERVICES, OR FOR ANY INFORMATION, SOFTWARE, PRODUCTS, SERVICES AND RELATED GRAPHICS OBTAINED THROUGH THE CIMETRICS SITE, OR OTHERWISE ARISING OUT OF THE USE OF THE CIMETRICS SITE, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF CIMETRICS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES. BECAUSE SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. IF YOU ARE DISSATISFIED WITH ANY PORTION OF THE CIMETRICS SITE, OR WITH ANY OF THESE TERMS OF USE, YOUR SOLE AND EXCLUSIVE REMEDY IS TO DISCONTINUE USING THE CIMETRICS SITE.

Passwords

If you have been given a Password in order to gain access to certain information on this Site, or any other affiliates’ website, then you agree, as a condition of receiving said Password, that you shall keep the Password confidential. You shall only disclose the Password to your employees or agents who have a need to know. You are solely responsible for all activities that occur using your Password.

If you become aware of any unauthorized use of your Password, you agree to notify Cimetrics immediately.  Cimetrics reserves the right to revoke your Password access at any time for any reason whatsoever.

Copyrights and Trademarks

All information provided on the web pages of Cimetrics.com is protected by copyright. It is prohibited to copy, process, modify or commercially distribute this information without the express written permission of Cimetrics.

Analytika, Infometrics, Metermetrics, BACstac, BACstac/DN, Secured by Cimetrics™ and BAS-o-matic are trademarks or registered trademarks of Cimetrics.  The Analytika, Cimetrics, Infometrics and Metermetrics logos are trademarks or registered trademarks of Cimetrics.  All other trademarks are owned by their respective companies.

Links to Other Websites

This Site may from time to time contain links to other websites ("Linked Site") or other Internet information sources ("Third Party Source"). These links are provided solely as a convenience to users of this Site and do not constitute an endorsement, sponsorship or recommendation by Cimetrics.  Each Third Party Source or Linked Site may have its own terms of use and privacy policy. Cimetrics is not responsible for the content, availability, or policies of any Linked Site or Third Party Source, or any additional links contained therein.

Privacy

Please read the privacy policy for this Site, which is incorporated into these Terms and Conditions by reference.