SlideShare uma empresa Scribd logo

Cybersecurity Summit 2020 Slide Deck

Cimetrics Inc
Cimetrics Inc

A Summit to advance BAS cybersecurity For the second year, the New Deal for Buildings is organizing a Cybersecurity Summit at AHR Expo. The event is designed to gather BAS leaders and facility practitioners to discuss and chart the way forward for the adoption of comprehensive cybersecurity policies, practices, and technologies in the BAS industry. Sponsors of this event are made up of the leading companies and organizations advocating for better cybersecurity in building automation systems. The Summit comes at the heels of the release of BACnet/SC, a critical component to securing BAS networks.

Tecnologia
1 de 73
Baixar para ler offline
Anto Budiardjo New Deal for Buildings NewDeal.Blog
Summit 2020 Sponsors
Jim Lee Andy McMillan Jim Butler Hans-Joerg Schweinzer Carol Lomonaco Anto Budiardjo Dave Bohlmann Jerry Reeves Kevin Smith Robert Hemmerdinger Steve Fey
NewDeal.Blog
Summit Agenda ● Keynote - Holistic Cybersecurity ● Identify ● Protect ● Detect ● Respond ● Recover ● Call to Action No Breaks!
Jim Lee James Lee, Cimetrics, Inc.
Historical Timeline for Building Automation Security 20041820 1926 1973 1983 Mechanical & Pneumatic Controls Security Through VPNs & VLANS 1999 2009 CISCO/Cimetrics Begin IT Friendly Security Initiative BACnet IT Working Group Founded Arab Oil Embargo Mini Computer Control BACnet IP Annex J BACnet International Founded BACnet Manufacturer’s Association BACnet Addendum G Started Central Heating Air Conditioning Direct Digital Control 2019 BACnet SC Released 1995 BACnet International BACnet Secure Connect Interoperability Acceleration Program 2002 BTL Listing Begins 2020 Secured by Cimetrics 2020 Early Access Consensus Process
More NIST Interagency Report 7621, revision 1 | Small Business Information Security: The Fundamentals, section 2.1 ● Phishing attacks ● Ransomware ● Imposter scams ● Environmental events ● Lateral attacks Cybersecurity Threats Credit: NIST
The framework is divided into three parts, "Core", "Profile" and "Tiers“ • “Core" contains an array of activities, outcomes and references about aspects and approaches to cybersecurity. • “Framework Implementation Tiers" are used by an organization to clarify for itself and its partners how it views cybersecurity risk and the degree of sophistication of its management approach. • "Framework Profile" is a list of outcomes that an organization has chosen from the categories and subcategories, based on its needs and risk assessments. Provides a continuous process for cybersecurity risk management For organizations of any size, in any sector, whether they have a cyber risk management program already or not Has proven useful to a variety of audiences NIST Cybersecurity Framework (“Framework for Improving Critical Infrastructure Cybersecurity ”) Credit: NIST
Recovery Planning [RC.RP] Communications [RC.CO] Response Planning [RS.RP] Communications [RS.CO] Data Security [PR.DS] Awareness and Training [PR.AT] Protective Technology [PR.PT] Identity Management and Access Control [PR.IP] Maintenance [PR.MA] Information Protection Processes and Procedures [PR.IP] Continuous Monitoring [DE.CM] Anomalies and Events [DE.AE] Business Environment [ID.BE] Asset Management [ID.AM] Governance [ID.GV] Risk Assessment [ID.RA] Credit: NIST Cybersecurity Framework Functions
Cybersecurity Framework Functions "Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities." "Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services." "Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event." IDENTIFY PROTECT DETECT
Cybersecurity Framework Functions RESPOND RECOVER SUMMARY "Develop and implement the appropriate activities to take action regarding a detected cybersecurity event." "Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event." Call to Action!
ISA Secure/IEC 62443 By Gilsinnj - Own workPreviously published: ISA99 Standards Committee, CC BY-SA 3.0 ISA/IEC 62443 is a series of Cybersecurity Standards for Industrial Automation
Cybersecurity is a Collaborative Process ● Cross Functional ● Cross Company ● Who will lead? ● Who owns Cybersecurity? ● Ongoing delivery of service
What does Cybersecurity Cost and Who is going to pay? ●Buildings and equipment are capital assets ○ Capital is only allocated for buildings when they are built or sold ○ The lifetime of buildings and mechanical systems is at least 30 years ●Information technology is an ongoing operating expense. ○ The lifetime of IT equipment is 3 years
What is the cost of NOT having Cybersecurity? Credit: IBM Security
DoD Budget $ DoD # of Devices IT / IS 8,000,000 OT /CS 2,000,000,000 OT /CS 150,000,000 IT / IS 30,000,000,000 IT/IS Versus OT/CS Budgets and Devices Credit: Michael Chipley / ESTCP Bootcamp / DoD Who will pay?
The path forward: NOT business as usual ● BACnet International ○ Support rapid implementation of BACnet/SC by OEMs ■ Reference code and test devices ○ Accelerate BTL testing of BACnet/SC compliant products ● Secured by Cimetrics - Holistic Cybersecurity ○ One-Step Device Onboarding ○ Device & Cert Management ○ Interoperable Configuration ○ Secure Backup/Restore ○ Secure Firmware Updates ○ Enable IT monitoring
Conclusion Cybersecurity is Good!
NIST Identify Function Steve Fey - Totem Buildings “Know What You Have”
Overall Objectives ● Know what systems you have ● Understand the risks to the organization ● Establish policies and procedures to manage risk ● Assess risks and identify business impact ● Move from assessment to risk management
Asset Management ● What are the systems? ○ Building Automation ○ Lighting Control ○ Elevators ○ Access Control ○ Video Surveillance ○ … and many other possibilities ● High level attributes for each system type ○ Manufacturer ○ Model ○ Installing contractor / service provider ○ Network ○ Software Revision
Business Environment ● How dependent is the organization on the functioning of its control systems? ● Understand what services and functions must be in place in order to respond to a cybersecurity attack / incident ● Define the organization’s role relative to the supply chain (i.e. who owns the problem and the response)
Governance ● Define and communicate the organization’s cybersecurity policy ● Establish roles and responsibilities both internally and externally ● Understand legal and regulatory requirements ● Cybersecurity processes align with the potential risks •“…80% of breaches are because of lack of basic processes, policies and procedures and employee/vendor mistakes. •www.itgovernance.co.uk
Risk Assessment ● Identify Control System Vulnerabilities ○ Out-of-date Software ○ Physical Location ○ Users improperly configured ○ Non-application software running on servers ● Identify Internal and External Threats ○ Malware ○ Hackers ○ Rogue Employees ● Identify business impacts and likelihoods ○ Downtime ○ Equipment damage ○ Compromised building access
Risk Management ● Risk Management Processes are Defined and in Place ○ Monitoring Systems (both manual and automated) ○ System and Supplier Audits ○ Life Cycle Management ○ Security Release Awareness ○ IT and OT Coordination ● Risk Tolerance and its Impact by System Type
Supply Chain Management ● Cybersecurity processes are defined and stakeholders identified ● Suppliers undergo risk assessment with criteria incorporated into contracts ● Suppliers are routinely audited to ensure compliance Cybersecurity supply chain management challenge is fundamentally more complicated with respect to the buildings controls industry ○ Highly fragmented ○ Follows the construction value chain ○ Day to day operations largely depend on contractor involvement
Jim Lee Andy McMillan Jim Butler Hans-Joerg Schweinzer Carol Lomonaco Anto Budiardjo Dave Bohlmann Jerry Reeves Kevin Smith Robert Hemmerdinger Steve Fey
Protect Function Jim Butler - BACnet IT-WG “Reduce the chance of a damaging cyber attack”
Why do we need to protect BAS systems? ● They are mission-critical systems in many buildings. Therefore they are potential targets of cyber criminals. ● A compromised BAS can also be used to attack interconnected systems.
What should we protect? ● From the Identify function activities the building owner should determine: ○ What are the assets that make up the BAS? ○ Physically where are those assets? ○ How are the assets connected to networks? ● Use a risk assessment to prioritize protection activities.
Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
How does BACnet/SC help protect BAS systems? ● A device must have a properly signed digital certificate to join a BACnet/SC network. ● All BACnet/SC network traffic is encrypted.
Discussion ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
Jim Lee Andy McMillan Jim Butler Hans-Joerg Schweinzer Carol Lomonaco Anto Budiardjo Dave Bohlmann Jerry Reeves Kevin Smith Robert Hemmerdinger Steve Fey
New Deal 2020 Dave Bohlmann - KMC Controls DETECT
Detect: Three Main Functions Per the Framework: ● Detect Anomalies and Events (in a timely fashion) ● Continuous Monitoring (threats are always there) ● Maintain Processes and Procedures (exploits are always changing) These need to be done at different levels: ● Different types of attacks and detection methods are needed at different levels ● Requires cross-functional Team approach Defense in Depth
Detect: What to Detect? Similarities with IT/OT Systems: ● Malware installed or being executed ● Multiple failed attempts to login ● Unusual traffic patterns or user activity ● Attempts to cross segmented network boundaries Differences for OT Systems: ● Attacks use much less data ● Attacks use small commands to do big (and BAD) things Need To Know How The System Specifications and Requirements
Detect: Continuous Monitoring Automated Tools: ● Keep everything up to date ● Insure configuration is correct ● Use the right tool for the right job Automanual Tools: ● Audit log inspection ● Verification of Process Results Security Detection Also Helps to Verify Operations
Detect: Maintaining Security ● On-Going Commissioning ● Additions & Changes to the System Require Security Reviews ● Continual Training
Detect: Questions ● Experience involving IT & OT together? ● Experience with other types of attacks/exploits? ● Experience with on-going commissioning or analytics? ● What logged items are helpful? ● Aware of Automated Tools?
Jim Lee Andy McMillan Jim Butler Hans-Joerg Schweinzer Carol Lomonaco Anto Budiardjo Dave Bohlmann Jerry Reeves Kevin Smith Robert Hemmerdinger Steve Fey
Respond Carol Lomonaco Sr. Prod Mgr - Johnson Controls
●Respond ● NIST defines respond as "Develop and implement appropriate activities to take action regarding a detected cybersecurity incident". 1/8/2020 New Deal - AHR Show Orlando, FL Tuesday Feb 4, 2020 57
● "The Respond Function supports the ability to contain the impact of a potential cybersecurity incident. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements". ●   1/8/2020 New Deal - AHR Show Orlando, FL Tuesday Feb 4, 2020 58
● Here are the parts to the respond function and their importance: ● Response Planning: Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events. ● Analysis: Analysis is conducted to ensure adequate response and support recovery activities. ● Mitigation: Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident. ● Communications: Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies. 1/8/2020 New Deal - AHR Show Orlando, FL Tuesday Feb 4, 2020 59
● Improvements: Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities. ● When breaches occur in companies, an incident response plan is critical to manage the immediate aftermath. Surprisingly, lots of organizations don't have an incident response plan, or just haven't tested the plan that they have in place. ● Your Response Plan: Make sure that you're reporting breaches if they occur. ● Mitigate: Make sure you have a plan to mitigate any event that could occur, in house and with third parties. ● Analyze: Go over your plan with experts inside and outside of your team. 1/8/2020 New Deal - AHR Show Orlando, FL Tuesday Feb 4, 2020 60
Jim Lee Andy McMillan Jim Butler Hans-Joerg Schweinzer Carol Lomonaco Anto Budiardjo Dave Bohlmann Jerry Reeves Kevin Smith Robert Hemmerdinger Steve Fey
RECOVER Kevin T. Smith, Tridium
A Scenario ● Alert - Your Building (or Campus of Buildings) is Acting Strangely! ○ Temperature Controls unresponsive ○ Security badging systems not working ○ Cooling systems for data center inoperative, shutting down data center ○ Elevators not working - people trapped ● After Analysis, Malware has affected your IT and OT Networks! ○ Initial malware weaponized infrastructure (AD instances) that spread infections to systems at login time ○ Secondary malware attacked connected BAS systems ○ Malware had been dormant for months before until activated ● People want answers!! ○ Customers, tenants & stakeholders angry ○ Local Media is here and “want to ask you a few questions.” ○ And.. your communication systems are all also down - email systems, VoIP systems
What’s Involved in the Recover function? ● Recovery Planning ○ You need to have a plan & you probably haven’t thought out how complex this plan needs to be ○ Your plan must have enough detail so that members of your team can execute it for various scenarios ○ People typically don’t make complex decisions on-the-spot very well during stressful conditions - they need to be prepared in advance ● Communications ○ How do you communicate to your internal stakeholders? Your customers? The media? ○ Who will need to be involved in crafting communication? ○ What communication can you pre-plan NOW vs. in the heat of the moment? ● Improvements ○ Identifying Lessons Learned & Adapting your process - not just for recovery, but in the functions of identify, protect, detect, and respond.
How Do You Recover Technical Functionality? ● How do you begin the process? ○ What takes priority? ○ Have you done a previous dependency analysis & criticality analysis & understand SLAs to determine what systems you should bring online first? ○ Are there interim approaches that you can apply to restore partial services? ● Is the threat over, or is it still active? ○ Too many times, we jump to recovery without addressing the issue, which can repeat itself (ex: not eliminating the threat or not mitigating how it came in) ● In recovering individual systems, have you planned for: ○ Recovering from Hardware failure? ○ Restoring from Backups of individual systems and their components? ■ Not just backups of your logic, but operating systems, filesystems, the works! ○ Restoring your communication systems so that you can respond?? ● What people will be involved & what groups will you need to coordinate with? ○ Management? Who from OT? Who From IT?
Communication - It’s Complex! ● Communication often has legal, regulatory, and reputation impacts ● Who will you need to work with & coordinate with? ○ You most likely need to work closely with Marketing communications, Legal, and Executive before you communicate with your customers ■ What communications can you plan in advance of an attack? ● What’s Your Message? ○ To Customers? To stakeholders? To shareholders? The media? ○ What’s the Plan? ○ What Systems will be restored - and when? ● How will your organization technically communicate? ○ Do you have alternative channels of communication? ● Who will do the communication?
How To Prepare, Test & Execute Your Plan ● CISA US-CERT Cyber Resilience Review (CRR)- https://www.us-cert.gov/resources/assessments ● NIST CSF (& References!) https://www.nist.gov/cyberframework/recover ● Using these references as a guide, gather stakeholders and draft a plan. ● Think through scenarios and see if your plan addresses it ● Do tabletop exercises with those who will be involved, walking through scenarios ● Best practice: Red team/Blue team exercises ● Finally, when you do execute the plan, apply lessons learned to your entire process.
Jim Lee Andy McMillan Jim Butler Hans-Joerg Schweinzer Carol Lomonaco Anto Budiardjo Dave Bohlmann Jerry Reeves Kevin Smith Robert Hemmerdinger Steve Fey
Andy McMillan President and Managing Director ProtectIdentify RespondDetect Recover
Andy McMillan BACnet International President & Managing Director
Cybersecurity Summit 2020 Slide Deck

Recomendados

How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171
Corserva
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cimetrics Inc
 
NIST 800-171 Simplifying CUI and DFARS Compliance
NIST 800-171 Simplifying CUI and DFARS ComplianceNIST 800-171 Simplifying CUI and DFARS Compliance
NIST 800-171 Simplifying CUI and DFARS Compliance
Government Technology & Services Coalition
 
Cybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect CimetricsCybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect Cimetrics
Cimetrics Inc
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber Security
Tharindunuwan9
 
ClicQA Security Testing Services GDPR
ClicQA Security Testing Services GDPRClicQA Security Testing Services GDPR
ClicQA Security Testing Services GDPR
Mike Peter
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
Dan Michaluk
 
Residency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiResidency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resi
SHIVA101531
 

Recomendados

How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171
Corserva
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework CimetricsCybersecurity Summit AHR20 NIST framework Cimetrics
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cimetrics Inc
 
NIST 800-171 Simplifying CUI and DFARS Compliance
NIST 800-171 Simplifying CUI and DFARS ComplianceNIST 800-171 Simplifying CUI and DFARS Compliance
NIST 800-171 Simplifying CUI and DFARS Compliance
Government Technology & Services Coalition
 
Cybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect CimetricsCybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect Cimetrics
Cimetrics Inc
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber Security
Tharindunuwan9
 
ClicQA Security Testing Services GDPR
ClicQA Security Testing Services GDPRClicQA Security Testing Services GDPR
ClicQA Security Testing Services GDPR
Mike Peter
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
Dan Michaluk
 
Residency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resiResidency research makeup project acme enterprise scenario resi
Residency research makeup project acme enterprise scenario resi
SHIVA101531
 
Creating Trust for the Internet of Things
Creating Trust for the Internet of ThingsCreating Trust for the Internet of Things
Creating Trust for the Internet of Things
PECB
 
Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general att
SHIVA101531
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security Challenges
Forest Interactive
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Ulf Mattsson
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
Government Technology and Services Coalition
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
Ganbayar Sukhbaatar
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
sommerville-videos
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
EnergySec
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
Security Innovation
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges Today
Ivanti
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Positive Hack Days
 
Mobile First, Security First!
Mobile First, Security First!Mobile First, Security First!
Mobile First, Security First!
Tripwire
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
Brad Deflin
 
UNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - GuasconiUNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - Guasconi
BL4CKSWAN Srl
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
John Kingsley
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
Withum
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
accenture
 

Mais conteúdo relacionado

Mais procurados

Creating Trust for the Internet of Things
Creating Trust for the Internet of ThingsCreating Trust for the Internet of Things
Creating Trust for the Internet of Things
PECB
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
Government Technology and Services Coalition
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
Ganbayar Sukhbaatar
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
EnergySec
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Positive Hack Days
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
John Kingsley
 

Mais procurados (20)

Creating Trust for the Internet of Things
Creating Trust for the Internet of ThingsCreating Trust for the Internet of Things
Creating Trust for the Internet of Things
 
Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general att
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security Challenges
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges Today
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
 
Mobile First, Security First!
Mobile First, Security First!Mobile First, Security First!
Mobile First, Security First!
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
 
UNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - GuasconiUNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - Guasconi
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
 

Semelhante a Cybersecurity Summit 2020 Slide Deck

Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
Withum
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
Precisely
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
Jack Nichelson
 

Semelhante a Cybersecurity Summit 2020 Slide Deck (20)

Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
 
Distributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellDistributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob Campbell
 
Cybersecurity Summit AHR20 Identify Totem
Cybersecurity Summit AHR20 Identify TotemCybersecurity Summit AHR20 Identify Totem
Cybersecurity Summit AHR20 Identify Totem
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to know
 
Cybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdfCybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdf
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
 
CCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxCCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptx
 
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptxInfinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
 
Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
 

Mais de Cimetrics Inc

Mais de Cimetrics Inc (18)

BrodcastMinimizingTrafficBACnet.pptx
BrodcastMinimizingTrafficBACnet.pptxBrodcastMinimizingTrafficBACnet.pptx
BrodcastMinimizingTrafficBACnet.pptx
 
Cybersecurity Summit AHR20 Take Action BACnet International
Cybersecurity Summit AHR20 Take Action BACnet InternationalCybersecurity Summit AHR20 Take Action BACnet International
Cybersecurity Summit AHR20 Take Action BACnet International
 
Cybersecurity Summit AHR20 Recover Tridium
Cybersecurity Summit AHR20 Recover TridiumCybersecurity Summit AHR20 Recover Tridium
Cybersecurity Summit AHR20 Recover Tridium
 
Cybersecurity Summit AHR20 Detect KMC
Cybersecurity Summit AHR20 Detect KMCCybersecurity Summit AHR20 Detect KMC
Cybersecurity Summit AHR20 Detect KMC
 
What BACnet/SC can do to improve BAS cybersecurity, and what it won’t do
What BACnet/SC can do to improve BAS cybersecurity, and what it won’t doWhat BACnet/SC can do to improve BAS cybersecurity, and what it won’t do
What BACnet/SC can do to improve BAS cybersecurity, and what it won’t do
 
BACnet and Metering
BACnet and MeteringBACnet and Metering
BACnet and Metering
 
Analytika educational and research facility case study
Analytika educational and research facility case study Analytika educational and research facility case study
Analytika educational and research facility case study
 
Jefferson University Currents
Jefferson University CurrentsJefferson University Currents
Jefferson University Currents
 
BACnet/SC: A Secure Alternative to BACnet/IP
BACnet/SC: A Secure Alternative to BACnet/IP BACnet/SC: A Secure Alternative to BACnet/IP
BACnet/SC: A Secure Alternative to BACnet/IP
 
BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...
BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...
BE A BTU HUNTER: How Big Data Analytics Can Achieve Energy and OM Savings Whi...
 
Bringing transparency to buildings.
Bringing transparency to buildings.Bringing transparency to buildings.
Bringing transparency to buildings.
 
IoT Affects BACnet How?
IoT Affects BACnet How?IoT Affects BACnet How?
IoT Affects BACnet How?
 
5 Benefits of BACnet Data In the Cloud
5 Benefits of BACnet Data In the Cloud5 Benefits of BACnet Data In the Cloud
5 Benefits of BACnet Data In the Cloud
 
BACnet/IP good field implementation practices
BACnet/IP good field implementation practicesBACnet/IP good field implementation practices
BACnet/IP good field implementation practices
 
BACnet at Cornell: 20+ Years of Lessons Learned
BACnet at Cornell: 20+ Years of Lessons LearnedBACnet at Cornell: 20+ Years of Lessons Learned
BACnet at Cornell: 20+ Years of Lessons Learned
 
New England BACnet Users Meeting
New England BACnet Users MeetingNew England BACnet Users Meeting
New England BACnet Users Meeting
 
Building a BACnet Product
Building a BACnet ProductBuilding a BACnet Product
Building a BACnet Product
 
Analytika - Research University case study
Analytika - Research University case studyAnalytika - Research University case study
Analytika - Research University case study
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Cybersecurity Summit 2020 Slide Deck

  • 1.
  • 2. Anto Budiardjo New Deal for Buildings NewDeal.Blog
  • 5.
  • 7. Summit Agenda ● Keynote - Holistic Cybersecurity ● Identify ● Protect ● Detect ● Respond ● Recover ● Call to Action No Breaks!
  • 8.
  • 9. Jim Lee James Lee, Cimetrics, Inc.
  • 10. Historical Timeline for Building Automation Security 20041820 1926 1973 1983 Mechanical & Pneumatic Controls Security Through VPNs & VLANS 1999 2009 CISCO/Cimetrics Begin IT Friendly Security Initiative BACnet IT Working Group Founded Arab Oil Embargo Mini Computer Control BACnet IP Annex J BACnet International Founded BACnet Manufacturer’s Association BACnet Addendum G Started Central Heating Air Conditioning Direct Digital Control 2019 BACnet SC Released 1995 BACnet International BACnet Secure Connect Interoperability Acceleration Program 2002 BTL Listing Begins 2020 Secured by Cimetrics 2020 Early Access Consensus Process
  • 11. More NIST Interagency Report 7621, revision 1 | Small Business Information Security: The Fundamentals, section 2.1 ● Phishing attacks ● Ransomware ● Imposter scams ● Environmental events ● Lateral attacks Cybersecurity Threats Credit: NIST
  • 12. The framework is divided into three parts, "Core", "Profile" and "Tiers“ • “Core" contains an array of activities, outcomes and references about aspects and approaches to cybersecurity. • “Framework Implementation Tiers" are used by an organization to clarify for itself and its partners how it views cybersecurity risk and the degree of sophistication of its management approach. • "Framework Profile" is a list of outcomes that an organization has chosen from the categories and subcategories, based on its needs and risk assessments. Provides a continuous process for cybersecurity risk management For organizations of any size, in any sector, whether they have a cyber risk management program already or not Has proven useful to a variety of audiences NIST Cybersecurity Framework (“Framework for Improving Critical Infrastructure Cybersecurity ”) Credit: NIST
  • 13. Recovery Planning [RC.RP] Communications [RC.CO] Response Planning [RS.RP] Communications [RS.CO] Data Security [PR.DS] Awareness and Training [PR.AT] Protective Technology [PR.PT] Identity Management and Access Control [PR.IP] Maintenance [PR.MA] Information Protection Processes and Procedures [PR.IP] Continuous Monitoring [DE.CM] Anomalies and Events [DE.AE] Business Environment [ID.BE] Asset Management [ID.AM] Governance [ID.GV] Risk Assessment [ID.RA] Credit: NIST Cybersecurity Framework Functions
  • 14. Cybersecurity Framework Functions "Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities." "Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services." "Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event." IDENTIFY PROTECT DETECT
  • 15. Cybersecurity Framework Functions RESPOND RECOVER SUMMARY "Develop and implement the appropriate activities to take action regarding a detected cybersecurity event." "Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event." Call to Action!
  • 16. ISA Secure/IEC 62443 By Gilsinnj - Own workPreviously published: ISA99 Standards Committee, CC BY-SA 3.0 ISA/IEC 62443 is a series of Cybersecurity Standards for Industrial Automation
  • 17. Cybersecurity is a Collaborative Process ● Cross Functional ● Cross Company ● Who will lead? ● Who owns Cybersecurity? ● Ongoing delivery of service
  • 18. What does Cybersecurity Cost and Who is going to pay? ●Buildings and equipment are capital assets ○ Capital is only allocated for buildings when they are built or sold ○ The lifetime of buildings and mechanical systems is at least 30 years ●Information technology is an ongoing operating expense. ○ The lifetime of IT equipment is 3 years
  • 19. What is the cost of NOT having Cybersecurity? Credit: IBM Security
  • 20. DoD Budget $ DoD # of Devices IT / IS 8,000,000 OT /CS 2,000,000,000 OT /CS 150,000,000 IT / IS 30,000,000,000 IT/IS Versus OT/CS Budgets and Devices Credit: Michael Chipley / ESTCP Bootcamp / DoD Who will pay?
  • 21. The path forward: NOT business as usual ● BACnet International ○ Support rapid implementation of BACnet/SC by OEMs ■ Reference code and test devices ○ Accelerate BTL testing of BACnet/SC compliant products ● Secured by Cimetrics - Holistic Cybersecurity ○ One-Step Device Onboarding ○ Device & Cert Management ○ Interoperable Configuration ○ Secure Backup/Restore ○ Secure Firmware Updates ○ Enable IT monitoring
  • 23.
  • 24. NIST Identify Function Steve Fey - Totem Buildings “Know What You Have”
  • 25. Overall Objectives ● Know what systems you have ● Understand the risks to the organization ● Establish policies and procedures to manage risk ● Assess risks and identify business impact ● Move from assessment to risk management
  • 26. Asset Management ● What are the systems? ○ Building Automation ○ Lighting Control ○ Elevators ○ Access Control ○ Video Surveillance ○ … and many other possibilities ● High level attributes for each system type ○ Manufacturer ○ Model ○ Installing contractor / service provider ○ Network ○ Software Revision
  • 27. Business Environment ● How dependent is the organization on the functioning of its control systems? ● Understand what services and functions must be in place in order to respond to a cybersecurity attack / incident ● Define the organization’s role relative to the supply chain (i.e. who owns the problem and the response)
  • 28. Governance ● Define and communicate the organization’s cybersecurity policy ● Establish roles and responsibilities both internally and externally ● Understand legal and regulatory requirements ● Cybersecurity processes align with the potential risks •“…80% of breaches are because of lack of basic processes, policies and procedures and employee/vendor mistakes. •www.itgovernance.co.uk
  • 29. Risk Assessment ● Identify Control System Vulnerabilities ○ Out-of-date Software ○ Physical Location ○ Users improperly configured ○ Non-application software running on servers ● Identify Internal and External Threats ○ Malware ○ Hackers ○ Rogue Employees ● Identify business impacts and likelihoods ○ Downtime ○ Equipment damage ○ Compromised building access
  • 30. Risk Management ● Risk Management Processes are Defined and in Place ○ Monitoring Systems (both manual and automated) ○ System and Supplier Audits ○ Life Cycle Management ○ Security Release Awareness ○ IT and OT Coordination ● Risk Tolerance and its Impact by System Type
  • 31. Supply Chain Management ● Cybersecurity processes are defined and stakeholders identified ● Suppliers undergo risk assessment with criteria incorporated into contracts ● Suppliers are routinely audited to ensure compliance Cybersecurity supply chain management challenge is fundamentally more complicated with respect to the buildings controls industry ○ Highly fragmented ○ Follows the construction value chain ○ Day to day operations largely depend on contractor involvement
  • 33.
  • 34. Protect Function Jim Butler - BACnet IT-WG “Reduce the chance of a damaging cyber attack”
  • 35. Why do we need to protect BAS systems? ● They are mission-critical systems in many buildings. Therefore they are potential targets of cyber criminals. ● A compromised BAS can also be used to attack interconnected systems.
  • 36. What should we protect? ● From the Identify function activities the building owner should determine: ○ What are the assets that make up the BAS? ○ Physically where are those assets? ○ How are the assets connected to networks? ● Use a risk assessment to prioritize protection activities.
  • 37. Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
  • 38. Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
  • 39. Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
  • 40. Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
  • 41. Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
  • 42. Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
  • 43. Protect - from the NIST Cybersecurity Framework ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
  • 44. How does BACnet/SC help protect BAS systems? ● A device must have a properly signed digital certificate to join a BACnet/SC network. ● All BACnet/SC network traffic is encrypted.
  • 45. Discussion ● Identity Management and Access Control ● Awareness and Training ● Data Security ● Information Protection Processes and Procedures ● Maintenance ● Protective Technology
  • 47.
  • 48. New Deal 2020 Dave Bohlmann - KMC Controls DETECT
  • 49. Detect: Three Main Functions Per the Framework: ● Detect Anomalies and Events (in a timely fashion) ● Continuous Monitoring (threats are always there) ● Maintain Processes and Procedures (exploits are always changing) These need to be done at different levels: ● Different types of attacks and detection methods are needed at different levels ● Requires cross-functional Team approach Defense in Depth
  • 50. Detect: What to Detect? Similarities with IT/OT Systems: ● Malware installed or being executed ● Multiple failed attempts to login ● Unusual traffic patterns or user activity ● Attempts to cross segmented network boundaries Differences for OT Systems: ● Attacks use much less data ● Attacks use small commands to do big (and BAD) things Need To Know How The System Specifications and Requirements
  • 51. Detect: Continuous Monitoring Automated Tools: ● Keep everything up to date ● Insure configuration is correct ● Use the right tool for the right job Automanual Tools: ● Audit log inspection ● Verification of Process Results Security Detection Also Helps to Verify Operations
  • 52. Detect: Maintaining Security ● On-Going Commissioning ● Additions & Changes to the System Require Security Reviews ● Continual Training
  • 53. Detect: Questions ● Experience involving IT & OT together? ● Experience with other types of attacks/exploits? ● Experience with on-going commissioning or analytics? ● What logged items are helpful? ● Aware of Automated Tools?
  • 55.
  • 56. Respond Carol Lomonaco Sr. Prod Mgr - Johnson Controls
  • 57. ●Respond ● NIST defines respond as "Develop and implement appropriate activities to take action regarding a detected cybersecurity incident". 1/8/2020 New Deal - AHR Show Orlando, FL Tuesday Feb 4, 2020 57
  • 58. ● "The Respond Function supports the ability to contain the impact of a potential cybersecurity incident. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements". ●   1/8/2020 New Deal - AHR Show Orlando, FL Tuesday Feb 4, 2020 58
  • 59. ● Here are the parts to the respond function and their importance: ● Response Planning: Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events. ● Analysis: Analysis is conducted to ensure adequate response and support recovery activities. ● Mitigation: Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident. ● Communications: Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies. 1/8/2020 New Deal - AHR Show Orlando, FL Tuesday Feb 4, 2020 59
  • 60. ● Improvements: Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities. ● When breaches occur in companies, an incident response plan is critical to manage the immediate aftermath. Surprisingly, lots of organizations don't have an incident response plan, or just haven't tested the plan that they have in place. ● Your Response Plan: Make sure that you're reporting breaches if they occur. ● Mitigate: Make sure you have a plan to mitigate any event that could occur, in house and with third parties. ● Analyze: Go over your plan with experts inside and outside of your team. 1/8/2020 New Deal - AHR Show Orlando, FL Tuesday Feb 4, 2020 60
  • 62.
  • 64. A Scenario ● Alert - Your Building (or Campus of Buildings) is Acting Strangely! ○ Temperature Controls unresponsive ○ Security badging systems not working ○ Cooling systems for data center inoperative, shutting down data center ○ Elevators not working - people trapped ● After Analysis, Malware has affected your IT and OT Networks! ○ Initial malware weaponized infrastructure (AD instances) that spread infections to systems at login time ○ Secondary malware attacked connected BAS systems ○ Malware had been dormant for months before until activated ● People want answers!! ○ Customers, tenants & stakeholders angry ○ Local Media is here and “want to ask you a few questions.” ○ And.. your communication systems are all also down - email systems, VoIP systems
  • 65. What’s Involved in the Recover function? ● Recovery Planning ○ You need to have a plan & you probably haven’t thought out how complex this plan needs to be ○ Your plan must have enough detail so that members of your team can execute it for various scenarios ○ People typically don’t make complex decisions on-the-spot very well during stressful conditions - they need to be prepared in advance ● Communications ○ How do you communicate to your internal stakeholders? Your customers? The media? ○ Who will need to be involved in crafting communication? ○ What communication can you pre-plan NOW vs. in the heat of the moment? ● Improvements ○ Identifying Lessons Learned & Adapting your process - not just for recovery, but in the functions of identify, protect, detect, and respond.
  • 66. How Do You Recover Technical Functionality? ● How do you begin the process? ○ What takes priority? ○ Have you done a previous dependency analysis & criticality analysis & understand SLAs to determine what systems you should bring online first? ○ Are there interim approaches that you can apply to restore partial services? ● Is the threat over, or is it still active? ○ Too many times, we jump to recovery without addressing the issue, which can repeat itself (ex: not eliminating the threat or not mitigating how it came in) ● In recovering individual systems, have you planned for: ○ Recovering from Hardware failure? ○ Restoring from Backups of individual systems and their components? ■ Not just backups of your logic, but operating systems, filesystems, the works! ○ Restoring your communication systems so that you can respond?? ● What people will be involved & what groups will you need to coordinate with? ○ Management? Who from OT? Who From IT?
  • 67. Communication - It’s Complex! ● Communication often has legal, regulatory, and reputation impacts ● Who will you need to work with & coordinate with? ○ You most likely need to work closely with Marketing communications, Legal, and Executive before you communicate with your customers ■ What communications can you plan in advance of an attack? ● What’s Your Message? ○ To Customers? To stakeholders? To shareholders? The media? ○ What’s the Plan? ○ What Systems will be restored - and when? ● How will your organization technically communicate? ○ Do you have alternative channels of communication? ● Who will do the communication?
  • 68. How To Prepare, Test & Execute Your Plan ● CISA US-CERT Cyber Resilience Review (CRR)- https://www.us-cert.gov/resources/assessments ● NIST CSF (& References!) https://www.nist.gov/cyberframework/recover ● Using these references as a guide, gather stakeholders and draft a plan. ● Think through scenarios and see if your plan addresses it ● Do tabletop exercises with those who will be involved, walking through scenarios ● Best practice: Red team/Blue team exercises ● Finally, when you do execute the plan, apply lessons learned to your entire process.
  • 70.
  • 71. Andy McMillan President and Managing Director ProtectIdentify RespondDetect Recover