Hacking The Building Information Management And Vehicle Communication Systems

In the past week or so, I have seen many interesting articles about vulnerabilities in control systems. Just last week I came across one about security issues in the Cisco Network Building Mediator, a product from Cisco’s acquisition of Richards-Zeta. There was another interesting piece about exploiting vulnerabilities in the modern automobile networks.

Cisco issued a warning that its Network Building Mediator products have multiple vulnerabilities. It’s expected that other products from Richards-Zeta may have security flaws as well. According to the Dark Reading article:

“Cisco warned users of its Network Building Mediator products to patch the vulnerabilities, which could allow access to obtain administrative passwords and read system configuration files, making it possible for hackers to take control of a building's most critical control systems.”

Read more

Crisis Communication, Business Continuity, And Risk Management

I recently recorded a podcast with Stephanie Balaouras, discussing the potential for increased collaboration between crisis communication, business continuity, and risk management functions. The strategies that businesses implement to manage disasters can mean the difference between bankruptcy and resilience... and we unfortunately see reminders of this on an almost weekly basis.

As each disaster hits the news (BP’s oil spill in the Gulf Coast, the recent volcanic eruption over Iceland, the financial crisis, the H1N1 virus, the extreme weather that crippled Washington, DC this past winter, etc.), the overwhelmingly negative impacts that occur start to hit home. Fortunately, we are starting to see our clients turning more to their crisis communication, business continuity, and risk management teams to ensure that they are prepared for the worst.

There are many potential points of collaboration between these teams. . . from modeling critical business processes and assessing the business impact of incidents to executing effective remediation plans and conducting post-incident loss analysis. Recently, I’ve also seen companies that talk about starting from scratch with a risk management function, although they have already done a substantial amount of relevant work for their business continuity function.

Of course, while there are some good trends that point to increased cooperation, there are still many areas for further improvement for every company. In fact, our data shows it to be the rare case in which both internal and external crisis communication functions are handled well in the same plan, with one usually being much stronger and more of a focal point.

Read more