This year’s Summit will bring the opportunity to attend information-packed breakout sessions led by Niagara experts, a robust trade show filled with BAS and IoT industry leaders, and networking with others in the Niagara Community. We’ve just announced breakout sessions for the Developer Bootcamp, and the Business and Applications tracks.
This year’s Summit will bring the opportunity to attend information-packed breakout sessions led by Niagara experts, a robust trade show filled with BAS and IoT industry leaders, and networking with others in the Niagara Community. We’ve just announced breakout sessions for the Developer Bootcamp, and the Business and Applications tracks. Some of the topics will include:
* Migrating from Niagara AX to Niagara 4, Building Niagara 4, Developing with Niagara 4
* Niagara Enterprise Applications, Open Smart Building Design & Commissioning, Edge to Cloud, Niagara Deployment Models, Cyber Security, Niagara Analytics
* Data Modeling, Intro to Niagara Development, Data Modeling, Templates, Web Technology; And many more!
Visit NiagaraSummit.com today for an overview and description of all breakout sessions. And, don’t forget… time is running out to take advantage of Early Bird registration! Register before February 29 to take advantage of discounted pricing.
If you have any questions about registration, or the sponsorship opportunities available to you, please email us at firstname.lastname@example.org. We’re looking forward to seeing the Niagara Community in New Orleans!
VP, Global Marketing Communications
P.S. … Need help convincing your boss? Just copy, paste and start looking for flights to New Orleans…
Attending Niagara Summit 2016 will be a tremendous opportunity for the organization and for me. Here are a few reasons why:
* I will have a chance to learn about the latest innovations in the Niagara Framework®.
* I will learn to optimize our use of the Niagara platform through expanded application possibilities, lowered costs, increased efficiency and maximized integration.
* I will attend enlightening keynotes from industry leaders and experts.
* I will walk away with a clear, informed strategy for our Niagara solutions and my own professional growth.
CICC Automation Technologies Pvt. Ltd. Appointed Lynxspring Business Partner in India
Partnership extends Lynxspring’s enabling technologies in building automation, energy management and IoT to meet new opportunities within India and the Middle East
Lee’s Summit, MO and Mumbai, India — February 16, 2016 — Lynxspring, Inc. ( www.lynxspring.com ), a premier developer and provider of open, IP-based control solutions for intelligent buildings, energy management, cyber protection and device-to-enterprise integration, today announced the appointment of CICC Automation Technologies Pvt. Ltd, as a Lynxspring Business Partner (LBP). The partnership extends Lynxspring’s enabling technologies in building automation, energy management and IoT to meet new opportunities provided by the infrastructure sector within India and the Middle East markets.
As a Lynxspring Business Partner, CICC Automation Technologies will distribute and offer a full line of Lynxspring products, solutions, services and support. This includes Lynxspring’s JENEsys® Building Operating System, powered by the Niagara Framework®, an open, unified operating system specifically designed for commercial facilities that combine connectivity, integration and interoperability, supervision and control, energy management, visualization and actionable information (data & analytics) into a single architecture within a cyber-secured environment. Deployed globally in thousands of facilities including office buildings, government, and military bases, hotels, manufacturing plants, hospitals, retail, and schools/universities, the JENEsys® Building Operating System allows facility management organizations to continually build off the same network deployments and add additional applications as desired.
In addition, CICC Automation Technologies will have access to Lynxspring’s new Onyxx® Edge-to-Enterprise and IoT portfolio of bridges, gateways, appliances, modules, drivers and applications.
“We are pleased to have established this agreement with CICC. This announcement signals the start of an exciting time,” said Terry Swope, President and CEO of Lynxspring. “We are delighted to partner with CICC Automation Technologies and have been impressed with their professionalism, technical capabilities and drive for innovation. CICC has the expertise, reputation, the reach and the commitment to deliver in this market and together we look forward to making a positive impact on driving solutions that manage and operate facilities and equipment smarter, safer, securely, more efficiently, and at peak performance levels.”
CICC Automation Technologies, headquartered in Mumbai, India and with offices in the UAE and USA, is a master systems integrator and turnkey contractor offering solutions and services for today’s intelligent buildings and smart cities. CICC’s team of engineering and technology professionals use collective industry expertise to specify requirements, confirm business benefits and deliver on time and on budget projects. The company’s proven approach to project management, engineering, installation, commissioning and maintenance delivers multiple business benefits, reduces risk of failure and maximizes results.
“We are thrilled about this appointment and partnership. The combination of Lynxspring’s products and solutions with CICC Automation’s expertise and deployment capabilities shows our strong commitment to the market by offering full system solutions from world renowned brands backed up with inventory, training and product support for our customers that meet today’s facility operational challenges,” said Sameer Pradhan, Managing Director, CICC Automation Technologies. “Lynxspring and CICC ‘s synergy offers genuine benefit for our customers and the market in India.”
“CICC has earned a reputation for providing independent advice, the very best quality of product, professional service, and technical support to meet the demands of their customers,” added Marc Petock, Lynxspring’s Vice President of Marketing. “We are delighted to be working with such an innovative and experienced team who is ideally placed to service an exciting and growing market in which they are widely recognized. We are very pleased with the opportunity presented with CICC and look forward to a long and fruitful partnership.”
CICC Automation Technologies will be exhibiting in Hall #5, Stall M-20 at ACREX India 2016, February 25-27 in the Bombay Convention and Exhibition Centre (BCEC), Mumbai, India.
About Lynxspring, Inc.
Based in Lee’s Summit, Missouri and founded in 2002, Lynxspring is changing the way devices, systems, and people communicate and collaborate across enterprises and out to the edge The Internet of Things is changing our world and with it, our technologies. It is changing the way we manufacture, design, develop and deliver cyber security and building control systems, equipment, devices and applications—creating a world for the Intelligence of Things.
Embracing open, interoperable platforms, Lynxspring designs, manufactures and distributes JENEsys®, JENEsysONE™, LYNX CyberPRO™, Helixx™ and Onyxx™ brands of Internet-based automation and cyber security technology and edge-to-enterprise solutions for Building Automation, Energy Management, Cyber Threat and Security Protection, Equipment Control and other Specialty applications. Lynxspring’s technologies support open, multi-vendor interoperability that simplifies the automation and information architecture across the entire enterprise and significantly lowers automation and information infrastructure costs. More information is available at www.lynxspring.com.
About CICC Automation Technologies Pvt. Ltd.
Based in Mumbai, India, CICC is a unique systems integrator and turnkey contractor offering out-of-the-box solutions in Integrated Building Management Systems. CICC’s competent teams of engineering professionals use collective industry expertise to specify requirements, confirm business benefits and deliver on-time and on-budget projects. This proven approach to project management quantifies business benefits, reduces risk of failure and maximizes business results. More information is available at www.ciccautomation.com. CICC is also the producer of ControlTrends India (www.controltrends.in) and Sameer Pradhan serves as Director of ControlTrends India.
Vice President, Marketing
+1 (816) 347-3500
ControlTalk NOW — Smart Buildings VideoCast and Podcast for week ending January 31, 2016 reviews the 2015 ControlTrends Awards including the AHR Expo’s Industry Service Award, the BACnet Award, the Cyber Security Award, the Young Gun Awards, the Petock Award, and the Hall of Fame recipient. A teaser video previews many of the highlights, with much more video and posts to follow. New product releases from Functional Devices and Lynxspring; Belimo webinar registration; Ken Sinclair’s 4th Connected Community Collaboration video; and DGLogik CEO, Eugene Mazo’s interview message interview from Informed Health 2016.
Young Guns Rob Allen and Brad White get Ready for the 2015 ControlTrends Awards. What do young BAS professionals talk about when they are not texting or using the latest forms of communication that don’t involve actual verbal communication? To find out we hooked up 2014 Young Guns Rob Allen and Brad White with a good Skype connection and turned the recorder on. Among other things, Rob and Brad discuss the upcoming ControlTrends Awards and what it means to be a Young Gun and why it’s so very important for our industry. See the next Young Gun class at the 2015 Control Trends Awards Sunday January 24th at 6:30 PM at The Hard Rock Live @ Universal Studios.
ControlTrends Awards Announces the 2015 CTA Award Winners, Young Guns, Petock Award Recipient, and Hall of Fame Inductee. The 2015 ControlTrends Awards were held yesterday evening at Orlando’s Hard Rock Live, located at the door step to the amazing Universal Studios. Hard Rock Live was a most befitting venue to celebrate the heroes and superstars of our HVAC and the Building Automation industries. Marc Petock and Kimberly Brown co-hosted the awards ceremony that recognized the 2015 ControlTrends heroes and superstars of the HVAC and Building Automation industry.
Functional Devices is All Ears When it Comes to Product Suggestions from its Customers! Functional Devices is excited to announce its new prepackaged power supply – now with a perforated steel sub-panel! This product is great for mounting a controller along with peripheral devices. Product features: Sturdy 14 gauge NEMA 1 metal enclosure with overall dimensions of 12.5″ (W) x 24.5″ (H) x 6.5″ (D). Available with one or two 100 VA enclosed power supplies with a 10 Amp on/off circuit breaker switch, two convenience outlets, and 24 Vac output terminal strip(s).
2015 ControlTrends Awards Teaser Video — Lots More to Come! Special thanks to Vladimir Chaloupka, videographer extraordinaire, who produced this immediate teaser video of the 2015 ControlTrends Awards Show, held January 24th, 2016, at the Hard Rock Cafe in Orlando, FL. ControlTrends Awards congratulates the winners and superheroes that make our HVAC and Building Automation industry so great. And many thanks once again to our sponsors who make ControlTrends Awards possible!
Lynxspring Launches New Product at AHR! The Onyxx™ BH311 Data Pump provides BACnet to Haystack network communication and data exchange. The Onyxx™ BH311 Data Pump is part of Lynxspring E2E, an edge-to-enterprise ecosystem for the Internet of Things, that enables collaboration between smart systems, smart devices, intelligent equipment and Cloud services. The Onyxx™ BH311 handles the BACnet to Haystack protocol translation, translating BACnet points to manageable Haystack points. Acting as a BACnet client device, the Onyxx™ BH311 manages all BACnet/IP, BACnet/Ethernet or BACnet MSTP devices connected to it.
Belimo’s Free Webinar on Dynamic Balancing — Wednesday, February 3, 1:00 EST. Don’t miss Belimo’s free Webinar on Dynamic Balancing! Belimo Energy Valve Pressure Independent Valves can offer system stability, improved efficiency and overall versatility that can only be achieved in a dynamically balanced hydronic system. During this webinar you will learn how partial loads can wreak havoc on statically balanced systems and how static balancing devices underperform the majority of the time.
Ken Sinclair’s 2016 Connected Community Collaboratory. Ken Sinclair, owner and editor of automatedbuildings.com did it again! The 4th CCC was a wonderful education session and discussion. Ken led a panel of industry experts who addressed how to approach creating and selling connection to the world. It was an open fun Collaboratory atmosphere that allowed attendees to learn and share their opinions. The concept of connected communities was created by Marc Petock and Ken at the 2012 AHR Expo in Chicago. They were working together and fueling new ways to extend the value of our building systems, while exploring the best of breed in change and innovation.
Evangelizing Open Source — DGLogik’s CEO Eugene Mazo at Informed Health 2016 UCSF. At Informed Health 2016, hosted by University of California, San Francisco, CEO Eugene Mazo sent DGLogik’s message out to two target audiences: first to manufacturers — to implement and support more open source products and services, and to developers — to build more applications and bring more brilliant cases to the markets, in this particular case, the health care industry, where dashboards for doctors could make huge improvements to patient care, while dashboards would also improve the patient experience.
There are a lot of predictions and resources that talk about cyber security for 2016, but not specifically about our industry; building/facility control system integration. However, intermingled in all of these reports, predictions, and pundit speak are things that we need to be aware of and probably things that we need to beware of.
1) Closer Scrutiny of Our Cybersecurity Practices
Ericka Chickowski posted on the website DarkReading “Boldest Cybersecurity Predictions For 2016“. One of the predictions was entitled “Contractors Get Cyber Pat-Down“. This prediction stated “Small contractors aren’t going to get a free pass anymore, predicts Deepak Patel of Imperva.
“Working with partners and contractors is critical to the day-to-day operations of most organizations. But recent, high-profile breaches shine a spotlight on the security risks of contractor insecurity,” says Patel. “2016 is the year where major enterprises will require all vendors to demonstrate that their cybersecurity is on par or better than the standard set by the enterprise. The derivative effect will be an increase in liability resulting in the maturity of the cyber-insurance market.” (reference link)
Further info from the Imperva article (reference link) stated ” Major corporations will enforce cyber security assessments of the third party firms and contractors. The Target data breach happened because of a compromised HVAC contractor. The Anthem data breach occurred through a smaller insurance firm that Anthem had just acquired. JP Morgan was no different with the hackers gaining unauthorized access through a third party firm. Each of these companies had well-defined policies for the infrastructure that they directly managed, and the outside firms with privileged access became the weak links. 2016 is the year where major enterprises will require all vendors to demonstrate that their cyber security is on par or better than the standard set by the enterprise. The derivative effect will be an increase in liability/indemnity resulting in the maturity of the Cyber Insurance market. Similar to how high fire insurance premiums resulted in better building codes and ultimately safer buildings, the move to require increased cyber insurance coverage from the third party entities will result in stronger cyber security.”
2) Physical Damage and Life Safety
McAfee released McAfee Labs 2016 Threats Predictions (reference link) and had this to say about control system equipment:
“…our 2016 predictions about critical infrastructure attacks must acknowledge that they are low-incident, but high-impact events. That said, we are witnessing an ever more connected world, from digital oilfields to water treatment applications being hosted on the public cloud. The “isolated” nature of operational technologies is no longer the case, as discussed in research highlighting Internet-facing critical infrastructure devices. It should concern all of us that some of these devices use nothing more than default login credentials for protection. Add to this to an emerging trend in which criminals are selling direct access to critical infrastructure systems. The reality we now face is that the number of critical infrastructure vulnerabilities is increasing.”
3) Targeted Attacks
CIO-Today quoted Brian Contos, chief security strategist and senior vice president of field engineering at Norse to say “We’ll see cybercriminals continue to target industrial control systems,” said Contos. Kaspersky Lab has called targeted attacks on industrial control systems the biggest threat to critical national infrastructure.” Contos also said ‘“There will be more malware designed to evade legacy sandboxing techniques,” Contos said. That’s bad news, given the rapid spread of malware in 2015. Researchers at German security firm G Data said that the first half of this year saw 12 new malware families a minute. Yes, that’s every 60 seconds.” (reference link)
PC Tech Magazine stated (reference link) “… as control systems become increasingly connected, this will extend the potential attack surface – which will require better protection.”
4) Cybersecurity Issues Will Kill A Major Product
Also mentioned in the DarkReading Article “Boldest Cybersecurity Predictions For 2016” was a quote (reference link) from Mark Painter, a security evangelist for Hewlett Packard Enterprise. “We are increasingly close to finding out. In 2016, we’ll see a major product shutdown due to security issues, as the product will no longer be worth producing due to the costs of fixing these vulnerabilities and brand reputation.”
1) More Government Involvement
In the latter part of 2015 we saw the FTC gained the ability to sue companies for not protecting client data (reference link 1 – reference link 2). The FTC alleged that Wyndham engaged in a number of practices that “unreasonably and unnecessarily exposed consumers’ personal data to unauthorized access and theft” including the following:”
- the storage of credit card information in clear, unencrypted text;
- failure to require employees to use complex user IDs and passwords to access company servers;
- failure to use readily available security measures, such as firewalls to limit access between the corporate network and the Internet;
- failure to implement reasonable information security procedures prior to connecting local computer networks to corporate-level networks;
- failure to “adequately restrict” the access of third-party vendors to its networks;
- failure to employ reasonable measures to detect and prevent unauthorized access to its computer network or to conduct security investigations; and
- failure to follow proper incident response procedures.
We also saw the SEC now can fine companies for not protecting client data (reference link 1 – reference link 2). In the language in the Matter of R.T. Jones Capital Equities Management, Inc. it stated “R.T. Jones Failed to Adopt Written Policies and Procedures Reasonably Designed to Safeguard Customer Information” (reference link). Even though this action was against an investment adviser, we too could be subject to this type of ruling if we are not doing all that we can to protect client data.
The DoD new rules, DFARS clauses and regulations were established with language to guide the examination of contractors to make sure they have the required security controls in place. This was posted on the JD Supra Business Advisor website by Melinda Biancuzzo, Alexander Major, and Dave Thomas in the article entitled Government Forces Awaken: The Rise of Cyber Regulators in 2016 (reference link). There is also information about the FTC and SEC actions.
Also in this article is a list of other federal agencies suiting up for cyber enforcement which include:
- The Consumer Financial Protection Board’s (CFPB) growing Cybersecurity Program Management Office;
- The Department of Energy’s (DOE) Office of Electricity Delivery and Energy Reliability, examining the security surrounding critical infrastructure systems;
- The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services, addressing healthcare providers and health insurers’ compliance with health information privacy and security safeguard requirements; and
- The Food and Drug Administration, examining the cybersecurity for networked medical devices containing off-the-shelf (OTS) software.
2) Insurance – Limitations, Exclusions, and Caps
Insurance companies are trying to figure out the best way to offer cyber coverage and not go out of business. Like it or not, they have to make a profit to stay in business so that means policies are getting more specific, restrictive, and more expensive.
2015 saw more “players” offering cyber security policies and not all of them were creditable. It’s kind of like when an area suffers a lot of hail damage, roofers come out of the woodwork to offer roof replacements at a discounted rate. Problem is, when the roof starts leaking down the road, they are nowhere to be found.
Insurance companies see cyber insurance as a growth market. According to an article by Jonathan S. Ziss and Jonathan L. Schwartz entitled “Cyber Insurance 2015: Inside a robust and rapidly changing market” on the website Property Casualty 360 (reference link), “The market remains robust and continues to present for insurers opportunities for unprecedented growth.” – “We have continued to see in 2015 once-in-a-lifetime growth in the insurance market, driven almost exclusively by Cyber insurance.”
Insurance companies are continually working on the insurance they offer. While these policies do cover you, they may be restrictive and/or cause you to change or add processes to your overall business platform. For example; you may be required to add mandatory, annual cyber awareness to your employee training docket. If you don’t, this could be a loophole to deny a claim.
In the article mentioned above, insurance companies are offering policies with limits of 100 million dollars or less. With the average cost of a breach hovering around $154 per record according to the Ponemon Institute (reference link), the cost of a breach could easily exceed this coverage. Another study by NetDiligence puts that number at nearly $1,000 per record. (reference link) Either way if you take into account brand damage, legal fees, and whether or not the federal government may sue you, 100 million dollars may not cover the financial damage to your company.
Wells Fargo released a white paper entitled: 2015 Cyber Security and Data Privacy Survey: How prepared are you? (reference link) On page 2 it states “Nearly half (44%) of the companies surveyed that have cyber and data privacy insurance have filed a claim with their carriers.” It also states “that nearly all the companies (96%) that have filed a claim are satisfied with their coverage and the handling of the claim.” which is a good thing.
Just because a claim is paid doesn’t mean the issue is closed. A case last year involved an insurance company suing a client to recover a $4 million claim. The insurance company, Columbia Casualty, alleged that Cottage Healthcare Systems didn’t maintain its security controls, which left the company vulnerable to this cyber attack (reference link).
2016 should be an interesting year. As a control system integrator, you need to be looking at not only how you are designing and implementing control systems for your customers. You need to also take stock of your overall cyber strategy and ask yourself these questions:
- Do I have cyber insurance and is it the right insurance for the company?
- Do I have an incident response plan in place? If so, do all the participants know their roles and responsibilities?
- Is there a cyber awareness training available internally or externally for my company?
- Does my company have access to billing systems for work orders, service orders, etc.? If so does each user have a unique login?
Of course these are just a few pieces of the puzzle. There is more that needs to be done, but this will get you started.
In Ken Sinclair’s Automated Buildings January, 2016 Release: “Our Role in the Transformation,” we are reminded of the instrumental roles we each will play as stewards in this industry grown gray. Creating viable and working endowments of industry knowledge, is not just necessary to transition successfully with the avalanche of technology being introduced, but critical to HVAC and BAS future generations — finding and holding their participation rights in the IoT world to come.
Ken Sinclair, owner and editor of Automated Buildings: “The transition to a new year causes us to reflect on the previous years. The future is falling on us fast but we must be the force that provides linkage to the past, and more importantly to the existing. Only we as an industry have the skill and knowledge; this is not an IoT thing, this is us.
We need to not be overwhelmed by the transformation occurring but to be the stabilizing force of reason in the transformation in our building automation industry.
A reflection of the changes in our industry last few years casts an amazing shadow. It is interesting that if you look at our monthly themes, you will see that what we all have been talking about is “Our Role in the Transformation”. It is not the amazing IoT technological changes that are the focus of our discussions it is how we as an industry of self learning assets embrace and connect these changes.
Forward from Paris Via M&V, Therese Sullivan, BuildingContext Ltd
“Fitbit® For Buildings,” Jack McGowan, The McGowan Group
New Year’s Resolutions for Building Owners, Jim Sinopoli, Smart Buildings LLC
The Business Side of Cyber Security, Marc Petock, Lynxspring & Connexx Energy
Connecting to Diverse Data Sources, John Petze, SkyFoundry
What’s In Your OPC UA Server? John Rinaldi, Real Time Automation (RTA)
BAS Intrinsic Analytics, Steve Tom, AutomatedLogic
Security Industry Growth to 2020, Allan McHale, Memoori
ControlTalk NOW — Smart Buildings VideoCast and Podcast for week ending December 13, 2015 features interviews with Control Network Solutions’ Mike Welch, Buildings Context’s Therese Sullivan, and Control Systems Consultants’ Cory Gunder; Marc Petock’s discusses the business-end of the Cyber Security stick; Rob Allen’s 7 Minutes in Control with KMC’s Dave Bohlmann, and an update on how Daikin Applied just changed Total Building Automation forever.
Marc Petock — The Business Side of Cyber Security (Continued). Marc Petock, a leading expert on Cyber Security, takes a close look at the ramifications and financial consequences of not taking aggressive measures to protect your business against cyber attacks. As I have said, cyber security has a technology side and a business side. From a business perspective, the negative consequences that cyber incidents can cause are disruptive and potentially catastrophic. The value of taking additional measures to increase the cyber security posture of your control systems, far outweigh the risk of not making them secure.
New Router from KMC on Rob Allen’s 7 Minutes in Control. Rob Allen sits down with Dave Bohlmann to talk about KMC’s new single port router. The KMC Controls BAC-5051E is a multi-port BACnet router. This compact router is powerful enough for heavy network traffic and small enough to use as a control technician’s service tool. Routing Install the BAC-5051E for BACnet IP, Ethernet, and MS/TP routing. The IP routing is fully compliant with BACnet Standard 134-2012, Annex J. Browser Configuration Configure the BAC-5051E using only an Internet browser. No special software to learn or load.
CNS delivers the world’s first Internet of things (IoT) web-based DALI intelligent lighting control solution, elitedali ensures that live data from every light fixture can be accessed and the lighting controlled from anywhere in the world with internet access. he only non-North American finalist in its category, CNS has been shortlisted for its unique lighting control solution, elitedali™. Transforming the Niagara building management system into a state of the art lighting control platform, elitedali provides total control and flexibility to the end user over access to their lighting data, system maintenance and any on-going adjustments.
ControlTalk NOW Special Guest: Mike Welch, CEO and owner of Control Network Solutions, BasingStoke, UK. Mike shares his unique knowledge of the industry and articulates the finer points of IoT, where there are some unintended consequences and negative aspects of IoT, because the distance between the APP and the cloud is populated by energy consuming devices and the key is collect value data directly from your network devices.
Daikin Applied Just Changed Total Building Automation Forever, Thanks to IoT. In January 2015, ControlTrends interviewed Paul Rauker, VP of Systems and Controls, Daikin Applied, on the ground floor of the 2015 AHR Show. Paul expertly reviewed the Rebel RTU — which was the first IoT HVAC RTU. Now, with Diakin’s minority stake acquisition of Riptide IO. Daikin is the first equipment manufacturer to introduce the industry’s first, true cloud-based technology platform for HVAC equipment — that truly harnesses the IoT! Here’s the rest of the story: DAIKIN APPLIED ACQUIRES MINORITY STAKE IN CLOUD-BASED BUILDING AUTOMATION COMPANY.
2015 ControlTrends Awards System Integrator of the Year Finalist CSC. The voting for the 2015 ControlTrends Awards is underway. One of the most followed categories is the ControlTrends System Integrator of the Year Award. This is a new ControilTrends Award. With over eighty nominees from around the world, making the final seven is quite an accomplishment. If you watched ControlTalk NOW a couple of weeks ago, you got a sneak peek at one of the magnificent seven, CSC from Dallas, Texas. Meet Corey Gunder and Scott Twomey.
Our second ControlTalk NOW guest is Therese Sullivan. Therese is the principal and editor of Building Context and Haystack, and contributing editor to automatedbuildings.com. Therese is a prolific and knowledgeable writer/technologist and marketing professional, who provides news and analysis for commercial building system integrators, facilities managers and real estate professionals. Always our eyes and ears from the Silicon Valley, Therese recaps the 2015 CoRETECH Show in Silicon Valley.
As I have said, cyber security has a technology side and a business side. From a business perspective, the negative consequences that cyber incidents can cause are disruptive and potentially catastrophic. The value of taking additional measures to increase the cyber security posture of your control systems, far outweigh the risk of not making them secure.
Here are a few interesting items in the news of late related to the business side of cyber security.
Third-party vendor risk: The New York State Department of Financial Services (DFS) announced it will propose new cybersecurity regulations for financial institutions. The exact details of the regulations are being hashed but include a number of areas in which the DFS intends to act: Cyber Security Policies and Procedures, Third-Party Service Provider and Management, Multi-Factor Authentication, Appointment of Chief Information Security Officers, Application Security, Cyber Security Personnel and Intelligence, Annual Auditing, and Procedures for Noticing Cyber Security Incidents.
As noted, one of the new regulations focuses third party providers and suppliers and the requirement to implement policies and procedures to ensure the security of sensitive data or systems that are accessible to, or held by, third party providers. New regulations could mandate firms to “perform cyber security audits” of their third-party vendors or require third-party vendors to make “representations and warranties” about the state of their information security.
Cyber Attacks Could Now Affect Credit Ratings: Moody’s Investors Service announced that as cyber risks become more pervasive, it will take a higher priority within their analysis and that the credit implications associated with cyber defense, detection, prevention and response will start to take a higher priority within its credit assessments and analysis.
Target: Yes, even after 2 years since the Target cyber issue, they remain in the news. Target has to pay nearly $40 Million to settle with banks and credit unions who brought class action claims against the retailer for alleged losses the financial institutions suffered as a result of Target’s 2013 data breach. This most recent settlement comes on the heels of a $67 million settlement with Visa, and a $10 million settlement with consumers, both earlier this year. The most recent settlement brings Target’s total costs to a staggering $290 million (and it is far from over). This on top of lawsuits that are still pending, as well as regulatory enforcement and investigation actions by the FTC and various state attorneys general.
Insurance: Insurance companies are cracking down on insurance because of cyber security. They are beginning to evaluate and rate company cyber health and insure (or not) and charge accordingly. As such, insurance is becoming more sophisticated as the companies offering coverage begin to demand companies they insure meet specific cyber security requirements to be eligible for coverage; begin to determine premiums and policy coverage based on the implementation of those requirements or flat out choose not to offer coverage as the risk is too great due to ineffective cyber security practices and cyber security postures.
When it comes to cyber security, the business case is equally as important as the technology case. The operational, financial and reputational impacts to a business are tremendous.