Tel: +1-617-350-7550

Cybersecurity Recap December 2020

Cybersecurity Recap December 2020

December 15, 2020

Curated cybersecurity news

summary for facility management professional, building owners and IT professionals who are interested in building security and Facility IT.


Happy Upcoming Holidays! What is new in this last month of this year in Cybersecurity?


Managed BACnet Introduction

Introducing the Managed BACnet Primer, a document created by BAS industry collaboration to provide holistic cybersecurity for BAS systems. Managed BACnet is an industry-wide, interoperable, and resilient framework to manage BAS/OT systems and devices securely, using IT infrastructure and best practices, from small single commercial buildings to multi-site global portfolios. Learn more in Managed BACnet Primer

Healthcare: From weaponized AI to threats against the vaccine rollout, here are 6 cybersecurity trends to watch in 2021

Could 2021 be the year that healthcare finally gets smart about cybersecurity? Many in the industry say real change needs to happen as the situation has become a matter of life and death. Learn More

IoT Cybersecurity Improvement Act signed into law

The IoT Cybersecurity Improvement Act has been officially signed into law. The bipartisan legislation, sponsored by Reps. Robin Kelly, D-Ill., and Will Hurd, R-Texas, and Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo., requires that any IoT device purchased with government money meet minimum security standards. 

Reportedly, the Act would address the supply chain risk to the federal government stemming from insecure IoT devices by establishing light-touch, minimum security requirements for procurement of connected devices by the government, and specifically. Learn More

A CISO’s Cybersecurity Wishlist

Interestingly, a similar question was also recently posed by CISO Extraordinaire, Daniel Hooper on LinkedIn. He asked, “CISO friends, what’s the one thing you wish you had in your program?” and the replies he got ranged from the practical, to the esoteric, to really funny, but all were very telling.

Here are the top 3 wishes taken from what we heard from the CISOs we spoke with directly, combined with the comments from this LinkedIn thread: Learn More

A free suite of cybersecurity products for schools

Cyber Defense Support for Public K-12 Schools: The Multi-State Information Sharing and Analysis Center® (MS-ISAC®) is the focal point for cyber threat prevention, protection, response, and recovery for the nation’s state, local, territorial, and tribal (SLTT) governments. Membership is open to all K-12 public schools in the U.S.

A division of the Center for Internet Security® (CIS®), the MS-ISAC collaborates and shares cybersecurity information among its 10,000 members, the U.S. Department of Homeland Security (DHS), and private sector partners.

This network is an extremely beneficial resource to keep educational institutions informed of the latest cyber threats. By joining the MS-ISAC, K-12s join more than 2,000 public schools and districts who share cybersecurity information to improve their readiness against common threats at no cost.
 Read More

MIT: A better kind of cybersecurity strategy

New model shows why countries that retaliate too much against online attacks make things worse for themselvesRead More

Demand for cybersecurity training grew during pandemic, says National Cybersecurity Center

As companies increasingly adopt remote workforce models and implement new technologies as a result of the pandemic, the demand for cybersecurity experts has accelerated, presenting workers a chance to reskill themselves for those jobs, Thomas Russell, cyber education program manager for the National Cybersecurity Center, told EdScoopRead More

NIST: Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (ERM)

The NIST released a draft about Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management. In particular, the draft provides information on risk guidance, identification, and analysis, while offering examples and information to illustrate risk tolerance, risk appetite, and methods for determining risks. Read More

SolarWinds exposed FTP credentials in Public Github Repo: US Government Breach

SolarWinds exposed their FTP server credentials in a public Github repo, which was identified by cybersecurity expert Vinoth Kumar who reported it to SolarWinds in 2019. Did some poor security practices lead to the US Government breach? Read More

Leave a comment

Comments will be approved before showing up.

Also in Cimetrics News

November Cybersecurity News 2022
November Cybersecurity News 2022

November 17, 2022

Electricity/Energy Cybersecurity: Trends & Survey Response, Secret Service Making Progress Toward Zero Trust Architecture,  Cybersecurity issues in retail and smart cities, CISA wants to change how organizations prioritize vulnerabilities and more...

Read More

October Cybersecurity news 2022
October Cybersecurity news 2022

October 16, 2022

October is Cybersecurity Awareness month, Manufacturers' Guide to BAS Cybersecurity for BACnet System, Cybersecurity matters for utilities and more...

Read More

August/September 2022 Cybersecurity news
August/September 2022 Cybersecurity news

September 15, 2022

White House releases post-SolarWinds federal software security requirements, CISA to develop ‘self-attestation’ cybersecurity standards for federal software vendors, Building A Cybersecurity Culture In Your Organization

Read More