ControlTrends

Upcoming NICE Webinar: How Talent Management Systems Help You Manage Your Cybersecurity Human Capital

July 17, 2019 at 2:00pm EDT

REGISTER Button

Synopsis: 

Talent management has been and continues to be an important topic in the Human Resource (HR) industry. The Society for Human Resource Management (SHRM), the world’s largest HR professional society in the United States, has defined talent management as “the implementation of integrated strategies or systems designed to improve processes for recruiting, developing and retaining people with the required skills and aptitude to meet current and future organizational needs.” Talent Management Systems, which are commonly referred to as TMS by HR professionals, are a set of software applications that helps qualify candidates, manage talent, and retain human capital within an organization. These talent management tools usually address four main areas of personnel management: recruitment, performance management, development and compensation. While reducing the time and cost involved in administering and running these HR processes, TMS helps improve program effectiveness and delivers a number of strategic benefits. Join us for this webinar to learn more about the benefits of Talent Management Systems for managing your cybersecurity workforce needs.

Speakers:

Brad E. Rhodes, LTC 

Brad E. Rhodes, LTC

Commander, Cyber Protection Team (CPT) 174

Colorado Army National Guard

Leo Van Duyn 

Leo Van Duyn

Cybersecurity and Tech Controls (CTC) Workforce Development Strategy

JP Morgan Chase & Co.

Registration space is limited. Learn more and RSVP at nist.gov/nice/webinars

National Cybersecurity Center of Excellence: REGISTER TODAY: Security for IPv6-Enabled Enterprises Workshop–June 13, 2019

The National Cybersecurity Center of Excellence (NCCoE) is hosting the Security for Internet Protocol (IP)v6-Enabled Enterprises Workshop on Thursday, June 13, from 9 a.m. to 1 p.m. ET. Registration is open now through June 11.

WHY ATTEND?

IPv4 addresses are running out.

The available free pool of IPv4 addresses was exhausted in 2015 as the number of users, devices, and virtual entities connected to the internet has grown exponentially. The National Institute of Standards and Technology’s NCCoE is developing a project plan to transition enterprise networks from IPv4 to IPv6. We are seeking the public’s input on all aspects of this plan, including the proposed scope, use cases, potential technologies, and sources of specifications and guidance.

We will also explore what commercially available security technologies are available to support the transition to IPv6.

REGISTER NOW!

To register for this free workshop, please complete this short form by June 11, 2019. See additional details about this event here.

DETAILS

Thursday, June 13, 2019
9 a.m. to 1 p.m.
 
NCCoE
9700 Great Seneca Highway
Rockville, Maryland 20850

QUESTIONS?

Contact us on ipv6-transition@nist.gov.

Improving Mobile Authentication for Public Safety and First Responders

Ken Sinclair’s Automated Buildings April Edition- Holistic Cybersecurity Pre-release

have avoided this discussion in the past because understanding and highlighting all of the potential security and privacy concerns could paralyze us. For some 20 years plus we have operated in a wild west manner mashing our machines with the open internet achieving amazing things quickly. I do not want to lose this platform of global innovation and participation.

My concern is that in fencing every risk we will be the ones behind the fences immobilized and paralyzed, victims of our own thoughts. I have grave concerns that the risk of over-regulation could be worse than our worst cybersecurity concerns.

Yet, our Building Automation Systems are considered not secure. We need to fix this as we install more and more sophisticated smart building technologies, many of which involve IT systems, we have become IT people. We need to think like IT people, we need to revisit our existing systems security and clean up our mess.

We gathered the views of several Cybersecurity experts to provide us with advice on how to proceed without immobilizing ourselves. I am extremely pleased and amazed at the width and depth of coverage. 

Anto Budiardjo and Ken Sinclair discuss the fact that “Our collective success is based on our weakest link.” and why we assemble this collection of industry experts to speak to Cybersecurity.

James Lee, CEO, Cimetrics, Inc. “Our collective success is based on our weakest link. Our industry is inherently collaborative. We seldom work alone on a project, and partnering is our modus operandi.”

The Need for Holistic BAS Cybersecurity 

The first and most important aspect for all players in the industry is that cybersecurity is everyone’s business, not just the experts. Yes, cybersecurity is a complex subject but we are not all going to nerd out on the intricacies of ciphers, zero-day threats, certificates and so on. 

What every single professional must demand is that our devices, systems, and buildings are secure from cyber threats. Every proposal, project meeting and company planning session going forward must discuss how cybersecurity is being addressed in that instance.

This leads to my second point: Our collective success is based on our weakest link. Our industry is inherently collaborative. We seldom work alone on a project, and partnering is our modus operandi. This means not only does each player need to deal with cybersecurity in their work, but it is the task of everyone to ensure others in the value chain deliver solutions that are secure.

NIST

A useful tool many other industries use to chart their process of bringing cybersecurity to the forefront is the National Institute of Standards and Technology (NIST) Cybersecurity Framework, a comprehensive set of standards, guidelines and best practices created through a collaborative process by the U.S. government agency responsible for cybersecurity matters.

Fred Gordy of Intelligent Buildings, LLC  provides cybersecurity evaluation of building control systems.

The State of BAS Cybersecurity  IB performs a series of assessments both before the site visit and once on site. There are several tools and methods we use to complete a holistic cybersecurity evaluation of building control systems.

In 2018 the number of assessments we performed increased to more than double of 2017. This was due in part to the growing awareness of the need for securing building control systems, but also the real and present danger of attacks to building control systems. In this article, I will share the results of assessments and BAS attacks we have first-hand knowledge of.

NIST

Our contributing editor  Anto Budiardjo has been encouraging me to get this discussion to be the theme for April. I agree. 

Facility IT mandates that information flows securely and easily between all elements of BAS, FM and IT.

On the technology front, IoT (Internet of Things) is driving down the cost of hardware; open source is democratizing software development, and communication technologies from 5G to WiFi are making connectivity cheap and ubiquitous. From a social perspective, we are all living super-connected lives with our smartphones as a must-have tool for both business and personal use. With that in mind, there is very little standing in the way of the BAS industry from leveraging this pervasive connectivity to achieve IT convergence and increase the value of what it offers.

Marc Petock, Lynxspring, Inc Contributing Editor  

The Business Side of Cyber Security Why it Matters

Summary;  In today’s data-driven economy and smart based buildings, it is essential we collect, store and adequately protect data and proprietary secrets. Failure to do so will significantly damage a company’s brand, have an adverse effect on operations and directly impact revenue and profitability.

The frequency of cyber attacks is only going to accelerate over the coming years. Therefore it is vital that we have a full understanding of the inherent business risks and implications. Balancing cyber security priorities with business flexibility and agility is a tough challenge. But it’s a challenge every organization faces as it strives to drive growth, achieve competitive advantage and maximize operational and performance efficiencies.

Cyber security is hard and always will be. Attackers will continue to innovate with new techniques, deception and determination. The challenge isn’t people, process, or technology; they all exist today and are available. The big issue is the internal culture at companies and the understanding of cyber security from a business perspective and why it matters.

It all comes to one thing– risk. How much are you willing to take? We can no longer take a wait-and-see philosophy or “it’s not going to happen to us” approach when it comes to prioritizing and aligning cyber initiatives within our buildings. As we operate in an interconnected environment, we must look at their entire ecosystem and spread and share responsibilities, creating security partnerships. Cyber security is no longer an individual company effort; it is a shared responsibility among us all. 

csa

Kevin T. Smith, CTO, Tridium  It is our goal that smart building owners and operators avoid the harsh realities of cyberattacks 

Towards a Cybersecurity Partnership in Connected Buildings

Over the past few months, there has been some well-needed government and media attention paid to the cybersecurity posture of control systems used in smart buildings and Operational Technology (OT) networks. Cyber-threat watchers note that there continues to be a significant number of these control systems that are configured in an insecure manner and exposed on the Internet. This is something that must change.

Decades ago, organizations had to quickly become savvy about protecting their Information Technology (IT) networks from remote attackers. As IT networks grew, so did the cybersecurity threats — viruses, malware, and phishing attacks proliferated, and they continue to do so.  Organizations that experienced early, highly publicized cyberattacks and data breaches learned painful and costly lessons. In too many of those cases, proper focus on cybersecurity awareness and best practices only happened after such an attack. Luckily, we can learn from those mistakes and lessons from the past and apply them to OT networks today.  It is our goal that smart building owners and operators avoid the harsh realities of cyberattacks now by taking a proactive approach towards cybersecurity.    

Cybersecurity is a partnership:  we all have a role to play.

tridium

Therese Sullivan, Tridium, Contributing Editor

Cybersecurity or Something Better 

For decades now, the vision of intelligent buildings that self-correct when they are wasting energy and self-adjust when they are providing anything less than a healthy, comfortable and productivity-enhancing indoor environment for occupants has been driving the building automation industry forward. Today, advancements in cloud computing and machine learning, as well as greater adoption of common standards for network connectivity and data interoperability, are making the full vision a reality for some showcase buildings. At the same time, connected devices are seeping into all types of buildings in less visionary, more piecemeal ways and sometimes without sufficient IT/OT oversight. Is this moving us faster toward the intelligent-buildings-for-all future we expect? Or, is this trend simply creating a larger and more attractive cyber-threat landscape for attackers, with consequences that will slow our progress

Jim Butler, CTO, Cimetrics Inc.

BACnet/SC a  Secure Alternative to BACnet/IP 

For the past several years, the members of the BACnet IT working group I chair have been developing a more secure method of communication for BACnet based on widely used IT standards. This method exclusively applies to communication on IP networks, and we are calling it “BACnet/SC” or “BACnet Secure Connect.”  I believe BACnet/SC will become a popular alternative to BACnet/IP in the future.

I have skipped over many important details of BACnet/SC in this short article. If you are interested in learning more, I encourage you to read the white paper “BACnet Secure Connect” written by members of the BACnet IT working group.

Pook-Ping Yao, CEO, Optigo Network

A Cybersecurity Framework for the World of BAS

It’s been five years since the National Institute of Standards and Technology (NIST) released its cybersecurity framework. A great deal has changed in technology over those years, but the framework remains absolutely critical in our world of growing connectivity. 

And yet, I still hear the confusion in the building automation world about what this framework means for us. Many buildings are slowly marching forward in that journey to “smart.” Do we really have to worry about cybersecurity? 

Well, in a word: yes. 

Deb Noller, CEO, Switch Automation

How to Safeguard your CRE portfolio against Cybersecurity Attacks

Noller:  A smart building platform is a powerful cybersecurity tool that empowers your FM team to easily perform continuous commissioning as well as regularly assess device connectivity and network integrity. Cloud-hosted smart building solutions are often the most secure, updating automatically for protection against the latest malware. Additionally, a cloud solution tends not to require the regular dispatch of software engineers for functionality customization and support. By integrating diverse hardware and software, an effective smart building solution will support a range of stakeholders, driving asset visibility and enabling more cost-effective building performance. To extend the flexibility of your FM team, consider a solution with a mobile app and empower them to communicate about critical issues quickly and effectively while on the go.

How secure is your commercial real estate portfolio? Download this free e-book and safeguard your portfolio against cybersecurity threats now.

Trust is the new Gold! Mirko Ross In fact: You need “trusted” data and “trusted” devices providing data services. As machine learning is relied on more often for automated decisions, Cybercriminals can try to attack machine learning algorithms. Influencing the training data is highly dangerous, with the goal of manipulating the results of the machine learning algorithm predictive model.

Please ensure you are not our weakest link due to a lack of understanding and the necessary proactive implementation.  Cybersecurity is everyone’s business, not just the experts. Protect yourself while helping to secure our industry.

A list of some Communities of Practice  for Cybersecurity

NIST This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk.  The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security. https://www.nist.gov/cyberframework

“BACnet Secure Connect” written by members of the BACnet IT working group.

Niagara systems integrators Harden Your Smart Building Against Cyber Threats. Cybersecurity as a top priority, and we are dedicated to continuously improving the security posture of our products and providing guidance to Niagara systems integrators, business partners, and facility managers.

https://www.isasecure.org/en-US/  IEC 62443 Standards and ISASecure® Certification: Applicability to Building Control Systems The ISASecure® Certification Program can accelerate BCS industry cybersecurity initiatives.

https://ics-cert.us-cert.gov/  The Cybersecurity and Infrastructure Security Agency (CISA) incorporates an Industrial Control Systems (ICS) element that works to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies and the intelligence community and coordinating efforts among Federal, state, local, and tribal governments and control systems owners, operators, and vendors. 

The not-so-definitive guide to cybersecurity and data privacy laws  US cybersecurity and data privacy laws are, to put it lightly, a mess.  Years of piecemeal legislation, Supreme Court decisions, and government surveillance crises, along with repeated corporate failures to protect user data, have created a legal landscape that is, for the American public and American businesses, confusing, complicated, and downright annoying.

CRE CYBERSECURITY FORUM   June 12 | 8:00 am – 11:45 am | Nashville Music City Center Every company is at a different part of the cybersecurity journey. Most Real Estate organizations begin by focusing on enterprise related issues which can impact operations. Recently, with the increase in cyber-attacks on the built environment, more companies have begun the task of securing the building and all its systems. While some knowledge can be garnered from critical infrastructure experiences, protecting buildings from cyber threats is a relatively new phenomenon. This session will provide insight on what a comprehensive Building Cybersecurity Program might look like. In addition to presenting the foundational plan, some Monday morning advice on ‘where to begin’ will also be provided.

Building a Consensus for Cybersecurity   Siemens teamed up with the Munich Security Conference and other governmental and business partners to present the Charter of Trust initiative in February 2018. One of the initiative’s key goals is to develop and implement rules for ensuring cybersecurity throughout the networked environment. The first major successes have already been achieved.https://new.siemens.com/global/en/company/topic-areas/digitalization/cybersecurity.html

Events where Cybersecurity will be discussed https://www.controlscon.com/  https://www.haystackconnect.org/   https://www.realcomm.com/

Schneider Electric’s Cyber Summit ’19, April 3rd, Multiple Sessions (See Below) — Register Today!

Agenda (All times listed are in ET)

  • 10:00-11:00 AM   Expert Panel: How does cybersecurity affect safety, and what should you do about it? 
  • 11:30-12:00 PM   Chat with the Expert: Mitigating Cyber Risk for Critical Infrastructure
  • 12:00-1:00 PM   Expert Webinar: Cybersecurity for Smart Building Control Systems
  • 1:00-2:00 PM   Expert Panel: Defending Against The 3 Biggest Cyber Threats
  • 2:15-3:15 PM   Expert Webinar: The Power of Connecting:  Secure Connected Electrical Systems with EcoStruxure Power
  • 3:30-4:30 PM   Expert Webinar: Modernizing Your Operation For A Cyber Safe Environment
'Cyber Summit '19'
 
Expert Panel Discussion: 
10:00 – 11:00 AM ET

How does cybersecurity affect safety, and what should you do about it?

Expert Webinar:
12:00 – 1:00 PM ET

Cybersecurity for Smart Building Control Systems: learn how a standardized framework can secure your buildings against cyber-threats.

 
'Cyber Summit '19'
 
Expert Panel Discussion: 1:00 – 2:00 PM ET

Defending Against the 3 Biggest Cyber-Threats: if the best defense is a good offense, then industry can do more. Join our experts to discuss how to tackle the ‘Big 3’ – malware, including ransomware, phishing/ social engineering, and “man in the middle attacks”.

'Cyber Summit '19'
 
 
Expert Webinar:
2:15 – 3:15 PM ET

The Power of Connecting: Secure Connected Electrical Systems with EcoStruxure Power.

 
 
 
Cybersecurity Virtual Academy

 

Registration is required to attend the Cyber Summit ’19. If you haven’t already registered for the academy, click on the registration link just below the submit link on the links above, or register at the link below.

 

NEWS from NIST! The Small Business Cybersecurity Corner Website is now Live

SMALL BUSINESS CYBERSECURITY CORNER

The vast majority of smaller businesses rely on information technology to run their businesses and to store, process, and transmit information. Protecting this information from unauthorized disclosure, modification, use, or deletion is essential for those companies  and their customers.

With limited resources and budgets, these companies need cybersecurity guidance, solutions, and training that is practical, actionable, and enables them to cost-effectively address and manage their cybersecurity risks. This NIST Small Business Cybersecurity Corner puts these key resources in one place.

Congress has given NIST responsibility to disseminate consistent, clear, concise, and actionable resources to small businesses. All resources are free and draw from information produced by federal agencies, including NIST and several primary contributors, as well non-profit organizations and several for-profit companies. These resources will be updated and expanded regularly.

The website does not provide operational assistance to individual companies, but it does list federal agency and some non-profit contacts that can offer that assistance. Small businesses should immediately report any threats and incidents to the FBI’s Internet Crime Complaint Center (IC3).

Cybersecurity Basics

In this section, you will find introductory information about cybersecurity, cybersecurity-related risks, and the importance of taking appropriate steps to secure your business.

CYBERSECURITY RISKS

Resources that provide overviews of cybersecurity risks and threats to your business and how to manage those risks

FOR MANAGERS

Resources for small business owners and leaders that convey the business value of strong cybersecurity

Communicating with the Board About Cybersecurity: Making the Business Case – provides guidelines for effective board-level communication about cybersecurity matters
National Cyber Security Alliance and National Association of Corporate Directors 

Questions Every CEO Should Ask About Cyber Risks – a guide for CEOs on how to discuss cybersecurity risk management topics with their leadership and implement cybersecurity best practices
Department of Homeland Security

Workforce Management Guidebook: Cybersecurity is Everyone’s Job – provides things to know, and things to do, for everyone in an organization, regardless of its type or size. It is intended for the general audience, which may not otherwise be knowledgeable about, or interested in, cybersecurity.
NICE Working Group

Cybersecurity Workforce Development – The FCC’s Communications Security, Reliability and Interoperability Council’s report on cybersecurity workforce recommendations.
Federal Communications Commission

Planning Guides

PLANNING TOOLS & WORKBOOKS

Guides, online tools, and workbooks to help you evaluate your business’ current approach to cybersecurity and plan for improvements

Cybersecurity Resources Roadmap – helps small and midsize businesses select the most useful cybersecurity resources based on needs
Department of Homeland Security

Cyber Insurance – tips on choosing a cyber insurance policy
Federal Trade Commission

FCC Cyber Planner – The Small Biz Cyber Planner 2.0 is an online resource to help small businesses create customized cybersecurity plans.
Federal Communications Commission

NIST CYBERSECURITY FRAMEWORK

Widely used approach to help determine and address highest priority risks to your business, including standards, guidelines, and best practices

NIST Cybersecurity Framework – links to the framework itself and other resources to help you apply it to your business
National Institute of Standards and Technology

Understanding the NIST Cybersecurity Framework – overview of the framework and how to put it to work in your business
Federal Trade Commission

Cybersecurity Risk Management – The FCC’s Communications Security, Reliability and Interoperability Council’s report on cybersecurity risk management and best practices.
Federal Communications Commission

Cybersecurity Framework for Small Manufacturers

Cybersecurity Framework Steps for Small Manufacturers – helps small manufacturers understand the NIST Cybersecurity Framework and how it can be used to manage their cyber risks. Note: You will be prompted to provide why you need access to the item.
Manufacturing Extension Partnership

NIST Manufacturing Profile – NISTIR 8183 – provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment including a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and industry best practices
Manufacturing Extension Partnership

 

Guidance by Topic

In this section, you will find topic-specific guidance on actions to take to address cybersecurity risks and secure your business.

ALL-PURPOSE GUIDES

Guidance that covers multiple cybersecurity topics

Cybersecurity Basics – basic tips for securing your business
Federal Trade Commission

Lock Down Your Login – simple steps to gain peace of mind and more control over your online security
National Cyber Security Alliance

Start with Security: A Guide for Business – lessons learned from Federal Trade Commission cases that touch on vulnerabilities that could affect your company, along with practical guidance on how to reduce the risks they pose
Federal Trade Commission

Interactive Infographic: How Secure is Your Factory Floor? –  geared towards small manufacturers; provides a virtual tour of potential cyber vulnerabilities on a shop floor.
Manufacturing Extension Partnership

Good Security Habits – general tips for protecting your business electronic devices from unwanted remote access
Department of Homeland Security

Information Security for Small Business: The Fundamentals – NISTIR 7621– provides guidance on how small business can provide basic security for their information, systems, and networks
Manufacturing Extension Partnership

Small Business Cybersecurity “Quick Wins” – covers “quick wins” small businesses can implement now to better secure their sensitive data
National Cyber Security Alliance

GCA Cybersecurity Toolkit for Small Business – assess your security posture, implement free tools, find practical tips, and use free resources and guides to improve your company’s cybersecurity readiness and response
Global Cyber Alliance

FCC Cyber Tip Sheet – Ten key cybersecurity tips to protect your small business.
Federal Communications Commission

CHOOSING A VENDOR/SERVICE PROVIDER

Tips for choosing hardware and software vendors and service providers

Vendor security – tips to make sure business vendors with access to your sensitive business information are securing their own computers and networks
Federal Trade Commission

Hiring a Webhost – what to look for when hiring a webhost provider
Federal Trade Commission

COMPLIANCE

Guidance to help your business comply with Federal government security requirements

DFARS Cybersecurity Requirements – Information for Department of Defense (DoD) contractors that process, store or transmit Controlled Unclassified Information (CUI) who must meet the Defense Federal Acquisition Regulation Supplement (DFAR). DFAR provides a set of basic security controls.
Manufacturing Extension Partnership

NIST Handbook 162 – provides a step-by-step guide to assess a manufacturer’s information systems against the security requirement in NIST SP 800-171 rev 1.
National Institute of Standards and Technology

NIST SP 800-171 – provides requirements for protecting the confidentiality of CUI.
National Institute of Standards and Technology

DEVELOPING SECURE PRODUCTS

Tips to help you develop secure software or hardware products

Careful Connections: Building Security in the Internet of Things – advice for businesses about building security into products connected to the Internet of Things, including proper authentication, reasonable security measures, and carefully considered default settings
Federal Trade Commission

EMPLOYEE AWARENESS

Aids and materials to raise your employees’ awareness about the importance of security

The Cybersecurity Awareness Toolkit – resources to help launch your own cybersecurity awareness program
National Cyber Security Alliance, Better Business Bureau, Facebook, and MediaPRO

It’s Everyone’s Job to Ensure Online Safety at Work – infographic that can be used to remind employees of good security practices
National Cyber Security Alliance

Workforce Management Guidebook: Cybersecurity is Everyone’s Job – Provides things to know, and things to do, for everyone in an organization, regardless of its type or size. It is intended for the general audience, which may not otherwise be knowledgeable about, or interested in, cybersecurity.
NICE Working Group

Cybersecurity Workforce Development – The FCC’s Communications Security, Reliability and Interoperability Council’s report on cybersecurity workforce recommendations.
Federal Communications Commission

PROTECTING AGAINST SCAMS

Tips on dealing with tech support scams, business email scams, etc.

Business Email Imposters – an overview of business email imposter scams and tips for protecting your business
Federal Trade Commission

Tech Support Scams – what to do when you get a phone call, pop-up, or email telling you there’s a problem with your computer
Federal Trade Commission

SMB Alert: Beware of 2019 Tax Scams – provides an overview of common cyber scams targeting small and medium businesses during tax season and includes tips for better protecting data
National Cyber Security Alliance

Episode 296: ControlTalk NOW — Smart Buildings Videocast and PodCast for Week Ending Dec 23, 2018

Episode 296: ControlTalk NOW — Smart Buildings Videocast and PodCast for week ending Dec 23, 2018 features ANT Technologies’ Aaron Gorka, who podcasts his inaugural episode of Next Generation Innovation: Meet Four Emerging Leaders. Also, we have Cybersecurity expert Kevin Smith, CTO of Tridium; DOE Office of Energy Efficiency and Renewable Energy funding update; Brad White, President, SES Consulting provides expert testimony [Read more…]

Honeywell Momentum 2018 “You’ve Got Connections” Day 2 Features Cybersecurity Expert — Kevin Smith, Tridium’s CTO & Chief Architect

Honeywell Momentum 2018 Day 2 featured Cybersecurity Expert — Kevin Smith, Tridium’s CTO & Chief Architect. Breakouts continued throughout the day, with sessions including: IP Controller Programming, Niagara 4 Security Updates, Sales Acceleration, and Analytics on the Edge. The evening ended with a Gala Celebration and the 2018 Honeywell Momentum Awards Dinner, which recognized Honeywell’s top Distributor and Contractor Performers. Many attendees commented — that with all things considered: location, business updates, product releases, guest speakers, and breakout sessions — this was the best Momentum to date. Congratulations to Mark Schlauderaff and the Honeywell team for a Momentum well done!

Episode 287: ControlTalk NOW — Smart Buildings Videocast and PodCast for Week Ending October 14, 2018

Episode 287: ControlTalk NOW — Smart Buildings Videocast and PodCast for week ending October 14, 2018 features our how to get yourself “Edge-You-Cated” interview with Automated Buildings’s owner and editor, Ken Sinclair. Midway through the interview we are joined by one the top Master System Integrators in North America, Hepta Systems’ Chief Information Officer, Jason Houck. Make your 2018 ControlTrends Awards Nominations today! Read your October Cybersecurity Month updates; How do I size the correct damper actuator, from Belimo; and Honeywell’s LCBS-T offers Simple, Efficient, and Future-Ready HVAC Control.

Make Your Nominations Now — for the 2018 ControlTrends Awards! It is time to nominate your favorite people, products, solutions and companies, for the 2018 ControlTrends Awards. The top 5 to 6 in each category will move on to the ControlTrends Awards finals. If you don’t already see your nominee on the ballot, or don’t already see a nominee in a category, please use the other option, and write in your choice, we will then add them on to the ballot.

This week’s ControlTalk NOW interview begins with Ken Sinclair’s discussion of his October edition of AutomatedBuildings.com and recent travels abroad to Italy. The October edition is nothing short of punderful. Ken’s deliberate play on words delivers yet another deep deliberation on humanized interactions, integrated and deployed with the hatching technologies. Midway through the interview, we are joined by one the top Master System Integrators in North America, Hepta Systems’ Chief Information Officer, Jason Houck, who shares his most recent experiences and insight. This is a must watch interview!

Cybersecurity Month Update: California Governor Signs Bills Aimed at Strengthening the Security of IoT Devices. In an effort to keep the ControlTrends Community in the loop during Cybersecurity Month, here is an interesting update on how IoT devices including microwaves, toys, thermostats, and security cameras are to be securitized. Of particular interest was the My Friend Cayla Smart Doll.

From the Belimo Support Center: How do I Size a Damper Actuator? How do I Size a Damper Actuator? The “10 questions” method for sizing and selection found in the attachment is recommended. It takes into consideration the total damper area, blade and seal construction, and air velocity as well as various actuator requirements such as supply voltage and control signal. For a more in-depth explanation of damper actuator sizing and performance you can download our Damper Application Guide.

Honeywell’s LCBS-T — Simple, Efficient, Future-Ready HVAC Control!When it comes to HVAC system control, different customers have different needs. With more than a century of building control experience and the resulting unmatched breadth of product, Honeywell gives our partners the flexibility to deliver the right solution to their customers every time. As a continuation of this product breadth strategy, we are pleased to announce that we will be making our LCBS-T Commercial Economizing Thermostat available as a stand-alone product with tools to help you sell to your customers.

VYKON Edge Controller 10 is a Single-tool Infrastructure with the Ability to Create Smarter, More Efficient Systems, and World-class Security. VYKON Edge Controller 10 is an IP-based field equipment controller powered by the Niagara Framework®. VYKON Edge Controller 10s drive applications such as zone temperature control, and the operation of fan coil units, single-stage air handling units, water-source heat pumps and more. VYKON Edge Controller 10s run the full Niagara stack, with 10 points of on-board IO and IO-R-34 expansion capability. VYKON Edge Controller 10 licensing supports three devices and 50 total points to harness the full power of Niagara at the edge.

Cybersecurity Month Update: California Governor Signs Bills Aimed at Strengthening the Security of IoT Devices

In an effort to keep the ControlTrends Community in the loop during Cybersecurity Month, here is an interesting update on how IoT devices including microwaves, toys, thermostats, and security cameras are to be securitized. Of particular interest was the My Friend Cayla Smart Doll — a prime target for cyber hackers, who can use the toy’s technology to spy on families and collect private information — because the doll is designed to collect and transmit everything it hears to a voice recognition company. Yikes!

In short, the bills basically direct IoT device manufacturers to equip their devices with reasonable security features, requiring companies to take responsibility for considering the security aspects of their devices as they’re developed and produced.

AUTHOR: THEO DOUGLAS OCT 8, 2018. SOURCE: GOVERNMENT TECHNOLOGY (TRIBUNE NEWS SERVICE).

Gov. Jerry Brown has signed two bills that could make manufacturers of Internet-connected devices more responsible for ensuring the privacy and security of California residents.

The governor’s office announced on September 28 that Brown had signed the legislation, Assembly Bill 1906 and Senate Bill 327. He had until the end of the day on Sept. 30 to do so. Both bills will become law in about 15 months, on Jan. 1, 2020. That delayed effect, one of the lawmakers behind the legislation said, is designed to hold industry accountable but not stifle innovation or unduly burden it with regulation. Senate Bill 327 is the older of the two and was introduced in Feb. 2017 by state Sen. Hannah-Beth Jackson, D-Santa Barbara, but as currently amended, the senator told Government Technology, is “pretty much a mirror” of AB 1906, introduced in January by Assemblywoman Jacqui Irwin, D-Thousand Oaks.

Both require manufacturers of connected devices to equip them with a “reasonable security feature or features” that are appropriate to their nature and function, and the information they may collect, contain or transmit — and are designed to protect the device and its information from “unauthorized access, destruction, use, modification or disclosure.”

The bills also specify that if such a device has a “means for authentification outside a local area network,” that will be considered a reasonable security feature if either the preprogrammed password is unique to each device made; or the device requires a user to create a new “means of authentication” before initial access is granted.

They define “connected device” as a device with an Internet Protocol (IP) or Bluetooth address, and capable of connecting directly or indirectly to the Internet.

Jackson said she’s had “concerns about privacy issues for many, many years,” and was prompted to act last year after hearing from constituents and learning that the My Friend Cayla smart doll, which had been banned in Germany due to concerns about the safety of children, had not been banned in the U.S. She questioned how IoT devices including microwaves, thermostats and security cameras were securitized and was shocked by the lack of security she found.

“This bill basically directs those manufacturers to equip their devices with reasonable security features,” Jackson said, adding she thinks the legislation is “the first of its kind” calling on companies to take responsibility for considering the security aspects of their devices as they’re developed and produced.

However, the question of what defines a “reasonable security feature or features” is one of several that industry groups — among them, the Security Industry Association, the National Electrical Manufacturers Association (NEMA) and the California Manufacturers and Technology Association (CMTA) — cited in their opposition to AB 1906.

In a statement provided to GT, the CMTA said the bills are an attempt to “create a cybersecurity framework by imposing undefined rules on California manufacturers,” but instead create a loophole allowing imported devices to “avoid implementing any security features.” This, it said, makes the state less attractive to manufacturers, less competitive and increases the risk of cyberattacks.

“We recommend an approach that would ensure that all connected devices are compliant and secure, no matter where they are produced. These two innovation-stifling measures not only fail to protect consumers, but will drive away California manufacturing investment,” the CMTA said.

The Entertainment Software Association, one of three industry groups including NEMA that are opposed to SB 327, said existing law already requires manufacturers to set up “reasonable privacy protections appropriate to the nature of the information they collect.”

Jackson said the bills still leave it to industry to use “their best judgment” to determine reasonable security and disagreed with the idea that the bills might create a loophole for imported devices.

“The concern, I think, is misplaced, because when the products are sold in this country, they will have to meet those standards even if they’re manufactured elsewhere,” she said.

State law would have allowed the bills to become law if they were neither signed by Brown nor vetoed — but both pieces of legislation specified they must be signed by the governor and can only become law if the other bill is also signed. A member of Jackson’s staff characterized this as a provision aimed at ensuring both houses remain on the same footing.

Editor’s Note: This story has been updated to indicate that the Governor signed both pieces of legislation. An earlier version was published before this was reported.

Theo Douglas is a staff writer for Government Technology. His reporting experience includes covering municipal, county and state governments, business and breaking news. He has a Bachelor’s degree in Newspaper Journalism and a Master’s in History, both from California State University, Long Beach.

———

©2018 Government Technology

Visit Government Technology at www.govtech.com

Distributed by Tribune Content Agency, LLC.

October is National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month (NCSAM). NCSAM is a collaborative effort between DHS and its public and private partners—including the National Cyber Security Alliance (NCSA)—to raise awareness about the vital role cybersecurity plays in the lives of U.S. citizens. NCCIC will be participating in NCSAM through weekly posts in the Current Activity section of the NCCIC website. Over the course of the month, these will touch on

* Cybersecurity at home
* Careers in cybersecurity
* Workplace cybersecurity
* Critical infrastructure cybersecurity

NCCIC encourages users and administrators to review the Stay Safe Online NCSAM page and the Stay Safe Online NCSAM Events page for additional information and details on NCSA events.

© Copyright 2015 controltrends.org · All Rights Reserved

Popular Posts

Ken’s Calendar