Connected Chillers Cybersecurity Overview

Connected Chillers Cybersecurity Overview

GPS0006-CE-20200709-EN

Rev A

Introduction Our solution provides peace of mind to our customers with a holistic cyber mind set beginning at initial design concept, continues through product development, and is supported through deployment, including a rapid incident response to meet the comprehensive and evolving cybersecurity environments.

The cybersecurity overview gives an overview of planning, deployment and maintenance periods.

As cybersecurity threats have become a risk impacting all connected devices, it is important to ensure that cybersecurity is considered throughout the planning, deployment and maintenance phases associated with a solution’s functional operation.

This document gives an overview of hardening configuration and maintenance, including the operating system, user accounts, permissions and roles, backup and restore, redundancy, cloud security, and patch management.

Legal disclaimer The cybersecurity practices described in this guide are recommended practices to facilitate the secure installation and configuration of the products described herein. However, Johnson Controls cannot guaranty that the implementation of the cybersecurity practices or recommendations described in this guide will ensure the security of the relevant product or system, or prevent, or alter the potential impact of, any unauthorized access or damage caused by a cybersecurity incident. This guide is provided “as is”, and Johnson Controls makes no representation or warranty, express or implied, as to the efficacy of the cybersecurity practices or recommendations described in this guide. Johnson Controls disclaims all liability for any damages that may occur as a result of, or despite, reliance on this guide or compliance with any cybersecurity practices or recommendations set forth herein.

Table of contents Introduction ......................................................................................................................................................... 2

Legal disclaimer .................................................................................................................................................. 3

Table of contents ................................................................................................................................................ 4

1 Overview ........................................................................................................................................................ 5

1.1.0 Network and architecture diagram ...................................................................................................... 5

2 Internet connectivity ....................................................................................................................................... 7

2.1.0 4G Modem requirements .................................................................................................................... 7

2.2.0 Customer network requirements ......................................................................................................... 7

2.3.0 SC-AP connection diagrams ............................................................................................................... 8

3 The Johnson Controls Cloud ......................................................................................................................... 9

3.1.0 Product verification ........................................................................................................................... 10

3.2.0 Open source code scans .................................................................................................................. 10

3.3.0 Static Application Security Testing (SAST) ....................................................................................... 10

3.4.0 Dynamic Application Security Testing (DAST) ................................................................................. 10

3.5.0 Vulnerability assessments ................................................................................................................ 10

3.6.0 Source Code assessments ............................................................................................................... 10

3.7.0 Penetration testing ............................................................................................................................ 10

4 Audit assurance and compliance ................................................................................................................. 11

4.1.0 Security checkpoints ......................................................................................................................... 11

4.1.1 Product security and privacy programs ......................................................................................... 11

4.2.0 Development cycle optimized for security ........................................................................................ 12

4.3.0 Security implementation ................................................................................................................... 13

4.3.1 Product security ............................................................................................................................ 13

4.3.2 Development processes ................................................................................................................ 13

4.3.3 Infrastructure security .................................................................................................................... 14

4.4.0 Ingestion pipeline security ................................................................................................................ 15

4.4.1 Firewall, IDS and IPS tier .............................................................................................................. 15

4.4.2 TLS Termination tier ...................................................................................................................... 15

4.4.3 WAF tier ........................................................................................................................................ 15

4.4.4 Reverse proxy tier ......................................................................................................................... 15

4.5.0 Securing platform using Azure subscriptions .................................................................................... 16

5 Transparency in response ........................................................................................................................... 16

5.1.0 Incident response ............................................................................................................................. 16

5.1.1 Step 1: PSIRT ............................................................................................................................... 16

5.1.2 Step 2: Coordinated disclosure ..................................................................................................... 17

6 Education ..................................................................................................................................................... 17

6.1.0 Focus on continuous learning ........................................................................................................... 17

Connected Offerings Hardening Guide

© 2020 Johnson Controls. All rights reserved. Product offerings and specifications are subject to change without notice.

5

1 Overview This document describes cybersecurity hardening guidelines for York Connected Chillers. This document presents a comprehensive view of cybersecurity principles followed for Connected Chillers which includes the hardware, the cloud platform and the entire application development and support. The document describes hardware enabled cybersecurity in addition to cloud and application security.

1.1.0 Network and architecture diagram Figure 1 is a high level architecture and network diagram that shows the connection from the Smart Connected Chiller (SCC) equipment to the Johnson Controls cloud platform.

Figure 1: SCC High Level Network Architecture

1.1.1.1 SC-EQ board/IOM 200 The SC-EQ board is a daughter board that connects to the Chiller microboard using a hardwire connection. The SC-AP connects to the CS port on the SC-EQ, which enables an Access Control List that prevents any incoming write requests, such as set points or control related changes. We harden the SC-EQ firmware during the development stage, with regular security audits and following secure development principles. The SC-EQ ships with the latest firmware, and upgrade files are distributed to the field as the need arises.

In some configurations, an IOM device is included in the panel. This device connects to the SC-EQ board over a MSTP connection, and appears as a separate device in the device list of the MAP1850. The IOM takes in data from sensors such as a power meter and relays that information to the MAP1850. The IOM can take in 5 analog and 2-3 binary points. These devices are built with the same cybersecurity principles as the SC-EQ with regular security audits and following of secure development processes.

Chiller Panel (York) SC-EQ SC-AP

4G Modem (Ethernet or WiFi)

JCI Cloud (Azure Hosted)

CEP Application (Branch and Customer Dashboard

Building Automation

System(optional)

SA/FC BusMSTP

BAS Port- BACNET/N2/ModbusHTTPS

HTTPS/TLS1.2 over cellular network HTTPS HTTPS

Remote CEP User

Local User for commissioning

© 2020 Johnson Controls. All rights reserved.

Product offerings and specifications are subject to change without notice. 6

Figure 2: The connection between IOM/SC-EQ/and MAP1850.

1.1.1.2 SC-AP security The SC-AP acts as a gateway between the Chiller and the Connected Services Dashboard. The SC-AP connects to the Internet in two ways, using the Ethernet port and WiFi. All communication coming out of the SC-AP uses HTTPS/TLS 1.2 encryption to secure the communication to the cloud. All SCC data flow is unidirectional, and the SC-AP is used only as a monitoring device.

Unidirectional traffic is achieved by using software based blocks. The software blocks block all inbound ports and outbound ports except for port 443, which allows for connection to the Johnson Controls cloud. The API uses HTTPS/TLS1.2 protocols over port 443 to make only outgoing requests to Johnson Controls servers. There are no exposed APIs or endpoints that allow the SC-AP to accept any incoming traffic. Firmware updates are not pushed automatically, and the SC-AP has to initiate the download from the Johnson Controls server using HTTPS/GET requests.

This server is hosted on the Microsoft Azure platform, and all communication to and from the server is encrypted with TLS 1.2. The SC-AP checks this server for new updates once every 24 hours and prompt the user to initiate the upgrade. The SC-AP will use the remote credentials to authenticate with the server and download the correct firmware version1. The SC-AP then locally validates the package and its signature and then installs or upgrades its firmware to the latest revision.

1 For major version releases, the update will require the replacement of the SC-AP.



7

At the time of a new release, libraries, operating system, software modules (firmware and software) goes through the Johnson Controls Designed for Security guidelines to secure the product before release as part of the development process

Device security is taken into consideration early on in the development process, because this is when device hardening occurs. This means that there are regular security audits and practicing of secure development principles. These devices are hardened using Security Data element guidelines. As part of the secure development processes before release, our engineers complete regular penetration tests and Black Duck scans to check for and mitigate vulnerabilities.

2 Internet connectivity The SC-AP is the only device that makes a connection to the Internet. There are 2 supported methods for the SC-AP to connect to the Internet, 4G cellular network, and customer network using secure access point.

2.1.0 4G Modem requirements As a part of the Smart Connected Chiller program, Johnson Controls offers a wired and wireless variant of a 4G modem for use in The US and Canada. The Johnson Controls, Inc. Security Council vetted both modems in the USA. Outside of USA, the branches must source their own cellular modem. 4G connections are usually hardened because they use a dynamic IP address behind the cellular networks Network Address Translation (NAT).

There are a few features that the modems must have in order to be compatible with the SCC hardware.

• The admin page of the modem must have a unique and robust user name and password. This password must also be able to be changed once initial setup is completed.

• The WiFi network must use WPA2 encryption, with a user defined secure password. • Optional: The device has a firewall that you can configure to prevent unauthorized

connections

2.2.0 Customer network requirements Although the preferred method of connectivity is using a 4G modem, SCC hardware can use a customer’s network. When you use a customer’s network, use one of the following methods to connect:

• Use a direct Ethernet connection. or

• Use an access point approve by the internal SCC team to create a WiFi network from the customers Ethernet source. This access point must match the same specifications as the 4G modem specifications in Section 2.1.0.

Before you proceed, consider the following: General requirements

• If the customer is doing SSL inspection or SSL termination, Whitelist Segway.bldng.io in their proxy.



• The network must use DHCP to hand out IP addresses to clients on the network. • The customer router/firewall must allow outbound connections using TCP on port 443.

CAT5 cable requirements

• The customer must provide any custom configurations they need: ˗ DCHP server ˗ DNS servers ˗ Default gateway ˗ Proxy address and password

2.3.0 SC-AP connection diagrams The following diagrams show how you can connect SC-AP to the Internet:

Figure 3: 4G Modem over Ethernet

Figure 4: 4G Modem over WiFi

Figure 5: Customer Network over Ethernet

Figure 6: Customer network over WiFi

MAP1850

4G Modem/RouterJCI Cloud

Ethernet Cellular Network

Remote Service Credentials

4G Network

MAP1850

4G Modem/RouterJCI Cloud

WiFi Cellular Network


4G Network

MAP1850

Customer Router/NetworkJCI Cloud

Ethernet Customer Network


Customer Network

MAP1850

Customer Router/NetworkJCI Cloud

Customer Network


Customer NetworkWiFi Ethernet

Use an approved device as an Wireless Access Point from the Customer network.



9

3 The Johnson Controls Cloud The Johnson Controls Cloud is comprised of a few elements:

• Building Automation Systems

• Cloud Infrastructure

• The Digital Vault/JEM Cloud

• Enterprise Applications

• External Data Sources

Figure 7: Threat model in a Johnson Controls cloud connected ecosystem

Figure 7 is a diagram of the potentially vulnerable points in a Johnson Controls cloud connected ecosystem. To mitigate these risks, the entire Johnson Controls cloud and Connected Chillers program has been developed with the following principles in mind:

• Devices must gather, process and transmit data using security methods to the cloud.

• The cloud infrastructure must receive data only from registered and authorized devices.

• Data must be transmitted and stored using encryption and integrity checks to detect tampering.

• Messages sent by a user must be transmitted to an end device using security methods.



• Business web and mobile applications must ensure role-based access control to ensure only authorized users are permitted to access specific data that is intended to be used by the user.

The information travelling from a device to the cloud and back to the device must be transmitted quickly with minimal delay.

3.1.0 Product verification At a scheduled interval, all products, devices, infrastructures, and services are scanned and tested for security weaknesses by the Johnson Controls Global Products Security team. When issues are identified, we use our internal policy to prioritize and correct them and minimize similar weaknesses in the future.

3.2.0 Open source code scans We use industry leading tools to scan all open source libraries to ensure there are no publicly known security vulnerabilities present which could lead to exploitation. Software composition analysis activity is performed as part of each product build to ensure compliance with internal security, operational, and licensing requirements.

3.3.0 Static Application Security Testing (SAST) Static Application Security Testing (SAST) examines the source code without executing the program. The process provides an understanding of the code structure and can help to ensure that the code adheres to industry security standards.

We use automated tools for static analysis, and review the results to filter out false positives and focus on potential weak areas. SAST is mandatory for all Johnson Controls software products.

3.4.0 Dynamic Application Security Testing (DAST) Dynamic Application Security Testing (DAST) tests and evaluates the program by executing data in real-time. The objective is to find errors in a program while it is running, rather than repeatedly examining the source code offline. By debugging a program in all the scenarios for which it is designed, dynamic analysis eliminates the need to artificially create situations likely to produce errors.

CEP is tested using DAST automation where applicable.

3.5.0 Vulnerability assessments CEP undergoes vulnerability assessments with the internal security assessment team and Johnson Controls’ privacy team. The internal security team conducts a SD Elements assessment. The Johnson Controls legal team reviews the open source code scan results to ensure no personal information is revealed. 3.6.0 Source Code assessments Security Architects perform manual source-code analysis to detect security defects in code before production.

3.7.0 Penetration testing Our products undergo both internal and third-party penetration testing to uncover vulnerabilities while under normal operating conditions. We provide a certificate showing the results of the penetration test.



11

4 Audit assurance and compliance Johnson Controls Digital Solutions targets the following industry standards and certifications:

SOC 2: The Connected Equipment Portal (CEP) leverages the Digital Vault platform. This platform targets the SOC 2 certification standards which helps to ensure our systems handle clients’ sensitive data securely. Our cloud and infrastructure services are governed by these organizational controls, and reports on the policies and procedures over a specified time period are created and made available to customers.

ISO 27001: In addition to targeting SOC 2 certification standards, CEP is also developed whilst targeting the ISO27001 guidelines. The ISO27001 guidelines are as follows:

• Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts.

• Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable.

• Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.

4.1.0 Security checkpoints Each product through various stages of development from ideation, requirements gathering, development, testing, and deployment. During each phase, implementing and verifying security measures is included as part of the process. Each component is not promoted to the next phase unless the security considerations are included and approved by the respective owners.

4.1.1 Product security and privacy programs Johnson Controls views cybersecurity as an integral part of its products so our Cyber Solutions team has developed a program that provides support through the full product lifecycle to its Digital Solutions. The Cyber Solutions, Product Security Program covers 15 different threat categories, including HTTP security, data protection, and access control. Johnson Controls employs a formal data privacy program that identifies and evaluates the privacy impact and identifies actions to be taken to achieve compliance with data protection laws such as the EU General Data Protection Regulation (GDPR). All Johnson Controls engineering departments adhere to this privacy standard throughout the new product integration process.

The Johnson Controls Cyber Solutions team is comprised of dedicated cybersecurity subject matter experts who have overall product security leadership, governance, and support responsibilities. These experienced professionals have varied backgrounds to address the breadth of cybersecurity that must be considered. A security board and security council provides governance and oversight to development teams regarding compliance with the Product Security Program policies and requirements. Security Champions, engineers who have received additional specialized cyber security training, are assigned to lead the secure development process in each development team.

Figure 8 illustrates how these security practices are integrated into the Digital Solutions product development process.



Figure 8: Security activities throughout the development process.

4.2.0 Development cycle optimized for security Digital Solutions engineering teams follow an Agile development approach, which involves a cross-functional team of designers, analysts, developers, and testers working collaboratively to build a designated feature or slice of functionality in a fixed period of time known as a sprint. This approach promotes the rapid delivery of features that are repeatedly inspected and refined during the development cycle to ensure they meet quality objectives and align with customer needs.

Our development cycle includes four consecutive sprints of three weeks each, with the goal of delivering production-ready product at the end of the 12 week period. We enhanced our sprint cadence to include security activities throughout the development life cycle. Product release gate checks have been reinforced with additional security rigor.



13

Each product development stream is subject to formal gate checks that must be passed before full feature release, including activities related to security, performance, quality assurance (QA), and operationalization, for example, documentation.

4.3.0 Security implementation As our products evolve, we evolve our cybersecurity best practices, reviewing them with Cyber Solutions on a regular basis. This section describes the baseline security measures and development processes implemented by the Digital Solutions team.

4.3.1 Product security Password security: All products require that users sign in with secure credentials.

• Passwords are stored using modern password-based key derivation functions. • Products support configurable password policy enforcement for example, minimum length,

age, history, and complexity. • Products support strong multi-factor authentication (MFA) options.

Open standards: The OpenID Connect protocol is used to perform authentication between cloud endpoints. OpenID Connect has become the leading standard for single sign-on (SSO) and identity provision on the Internet. It allows computing clients to verify the identity of an end user based on the authentication performed by an authorization server, and to obtain basic profile information about the end user in an interoperable and REST-like manner.

IP whitelisting: Users of an account are restricted so that they can only log on from specified IP addresses or address ranges.

Sessions: When a user account has a password changed or the account is disabled, all active sessions for that account are terminated.

Demonstrable security: Upon customer request, we can provide a penetration test clearance letter that is provided by the Johnson Controls Product Security Team.

4.3.2 Development processes Security feature design review: Security-aware reviewers identify the security features in each system for example, authentication, access control, and use of cryptography, and then study the design looking for problems that would cause these features to fail at their purpose or otherwise prove insufficient.

Product architecture: Product architecture documentation includes a dedicated section on product security and the documentation is constantly updated to reflect current state.

Development environments: Development environments are isolated from production and staging environments. Each development environment is unable to access production databases and resources.

Cryptography: Platform and data-appropriate encryption that uses open or validated formats and standard algorithms is used to encrypt data at rest.

Code reviews: Secondary code reviews are used to identify dangerous code potentially written by malicious in-house developers or outsourced providers.



Test dependencies: A dedicated set of test scripts that focus purely on security are written and executed at the end of each release.

Continuous threat modelling: Johnson Controls defines and documents a process for threat modelling and applies it to all design reviews it conducts to find flaws in an ongoing basis. This process includes a standardized approach discovering attacks, security properties, and the associated risk.

Modifying our Definition of Done (DoD): In Agile development, the Definition of Done (DoD) is a comprehensive checklist of necessary, value-added activities that ensure the quality of a feature. DoD encompasses activities that the engineering team commits to complete at each level of the development cycle including feature, sprint, and release. Examples include code reviews to ensure standards have been adhered to, and various forms of testing such as unit tests, integration tests, and regression tests. With security considerations directly included in our DoD, we prioritize completing necessary security activities before any product feature is considered complete. For example, “You cannot commit code without peer review by a Security Champion.”

4.3.3 Infrastructure security Communication security: All communications are encrypted with TLS 1.2 or later. Only strong algorithms, ciphers, and protocols are enabled, with the strongest algorithms and ciphers set as preferred.

Data security: Customer data is protected using a combination of security controls: encryption at rest, strict access control, usage auditing, and secure deletion. We segregate and encrypt all Personally Identifiable Information (PII) from other data.

Public footprint: The principle of least privilege is applied to all systems to reduce the surface area for potential attacks. Servers do not usually have public IP addresses and traffic is routed through a reverse proxy layer. We block all unnecessary ports and allow remote access connections using only a VPN with strong authentication.

Intrusion detection: We implement industry-leading network intrusion detection (IDS) solutions to help facilitate timely detection, investigation by root cause analysis, and response to security incidents.

DDoS protection: Network filtering is implemented using our cloud provider to prevent spoofed traffic and restrict incoming and outgoing traffic to trusted platform components. This includes the use of load balancers and traffic filters to control the flow of external traffic to cloud components. In addition, they have established automated controls to monitor and detect internally initiated Denial of Service (DDoS) attacks.

API rate limiting: All API endpoints enforce rate limits at the load balancer layer to protect against brute force attacks. Only authenticated requests can communicate with the API endpoints.

Monitoring: Continuous monitoring of our networks and systems is performed by both our cloud provider and third-party solutions, who send out a notification when under attack.

Multi-Factor Authentication (MFA): Employees and contractors who administer the infrastructure are authenticated using multi-factor authentication.



15

Separation of duties: Access to infrastructure is controlled by roles and responsibilities. For example, developers do not have access to the production environment.

4.4.0 Ingestion pipeline security We implement various tiers of security appliances to ensure secure communications for every inbound request into our system

4.4.1 Firewall, IDS and IPS tier In our perimeter tier we deploy an industry leading third-party all-in-one solution that combines advanced networking, Intrusion Detection (IDS), Intrusion Prevention (IPS), web application firewall (WAF), and user and application controls. This firewall tier is designed to help protect our cloud-based workloads against advanced threats.

4.4.2 TLS Termination tier To help ensure the best possible performance, our cloud service and infrastructure uses a dedicated tier, where the sole purpose is to handle TLS/SSL termination. There is a layered approach to centrally managing TLS certificates and optimize requests for better performance in a secure manner.

4.4.3 WAF tier The Web Application Firewall (WAF) tier protects applications against sophisticated layer 7 attacks that might otherwise lead to systems that are taken over by attackers, loss of sensitive data, and downtime. This includes the detection and denial of attacks such as: • SQL Injection (SQLi) • Cross-Site Scripting (XSS) • Local File Include (LFI) • Cross-Site Request Forgery (CSRF) • Remote Code Execution (RCE) • HTTP Protocol violations • IP blocking using reputation data from the Project Honey Pot database 4.4.4 Reverse proxy tier We base our cloud services upon a micro services-based architecture, so we use a dedicated layer 7 load balancer and router tier to insulate our consumers from internal changes. Beyond the ability of preventing a single endpoint to access all of our APIs, using this tier also enables the ability to limit the number of requests for each second by consumer to ensure that no single client consumes all resources. The reverse proxy tier has the following capabilities:

• TCP and UDP load balancing • Layer 7 request routing using URIs and cookies for example. • Active health checks on API endpoints • Service discovery using DNS • JWT authentication for APIs and OpenID Connect for Single Sign-On (SSO) • Request and connection limiting



4.5.0 Securing platform using Azure subscriptions All employees and contractors who manage our subscriptions and access our infrastructure are required to use our Johnson Controls Azure Active Directory (AAD) instance. This provides several advantages:

• As employees leave the company, deactivating their Johnson Controls account removes access to all Azure Resources.

• Multi-factor authentication is enabled on our Johnson Controls domain, and as such all accounts having access to our subscription also have MFA configured as an additional security measure to prevent unauthorized access.

• Employees accessing and managing our subscriptions are assigned specific roles and permissions so that information is viewed and modified only by appropriate people. For example, developers get read or write access only to non-production subscriptions.

5 Transparency in response We created several roles to assist in supporting the complex and ever-evolving field of cybersecurity. Some of these roles include:

Security Champion: A senior product developer or software engineer is chosen for each product in Digital Solutions to assist in the compliance process outlined in the Design for Security Program.

Security Architect: A global cybersecurity expert who works with Security Champions to guide them through DFS activities and answer difficult security questions.

DFS requirements: Each product team implements security controls during the design and development phase to create a resilient product for release to market.

Security Council: All Security Champions and Security Architects are members of the Johnson Controls Security Council and meet on a regular basis to share challenges and solutions across business units and disciplines. This fosters an environment where security is seen as a critical part of the development process and not just a checklist item done before release.

Digital Solutions product management: Individuals that plan and forecast features and functions into all our products. Cybersecurity is one of our top priorities and it is vital that product management has visibility into the current state of our security practices. This enables them to provide appropriate resources to develop non-functional features that focus on security to continuously improve the overall cybersecurity practices.

5.1.0 Incident response Johnson Controls anticipates and has procedure in place to prepare for the rare event of a security incident or breach. Incident reporting can originate with automated tools, through internal discovery, using a service provider, or through notification from an external source. A tiered escalation process is followed that includes initial triage, severity determination, and customer notification.

5.1.1 Step 1: PSIRT The Product Security Incident Response Team (PSIRT) is called upon any time a suspected or actual attack has occurred on a deployed Johnson Controls building system or product.



17

The Product Security Incident Response Plan (PSIRP) is a guideline for practices related to product security incidents, providing direction to PSIRT members when responding to suspected or actual exploitation of vulnerabilities identified for in-scope Johnson Controls products. This includes all confirmed or suspected cyberattacks against products and unplanned disclosure of, or actual exploitation of, product vulnerabilities.

5.1.2 Step 2: Coordinated disclosure When a new software vulnerability is discovered in a release product. Johnson Controls publishes on the Johnson Controls’ website product security advisories as required. Johnson Controls works with security researchers that conduct independent reviews of our products for coordinated disclosure. To view security advisories navigate to https://www.johnsoncontrols.com/cyber-solutions/security-advisories

As a MITRE Common Vulnerability and Exposures (CVE) numbering authority (CNA), Johnson Controls has the ability to self-report to the publically accessible National Vulnerabilities Database https://nvd.nist.gov. This capability is incorporated into our PSIR and vulnerability management processes.

6 Education We train all our employees in the company frequently to ensure that they are educated in cybersecurity: what to be aware of, and what are the steps to be taken if they come across a vulnerability. Each training is customized to the function they perform in the company.

6.1.0 Focus on continuous learning All Digital Solutions products have Security Champions embedded in their engineering organizations to ensure that all security requirements are completed efficiently and effectively. Our Security Champions have achieved some of the highest third-party security certifications the industry has to offer, including:

• Certified Secure Software Lifecycle Professional (CSSLP) • Certified Ethical Hacker (CEH) • Certified Information Systems Security Professional (CISSP) • Certified Cloud Security Professional (CCSP)

Our product cybersecurity training helps ensure our engineers have ongoing instructor-led training (ILT) and computer-based training (CBT) courses on various cybersecurity, application security, and secure software development topics, building upon our engineers’ deep technical expertise. Our program consists of both mandatory and recommended courses and is delivered to engineers in Digital Solutions.

These in-person courses not only focus on ensuring that Security Champions and software architects have access to these classes, but Johnson Controls encourages all software engineers to attend these courses. The personnel who are writing the code participate in learning the best practices of secure software development so software security flaws are minimized from the very beginning. In addition to providing in-person courses, Johnson Controls also partners with world-class online training providers to help support the Johnson Controls team with on-demand content at whatever technical level is appropriate to the individual.

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

https://www.johnsoncontrols.com/cyber-solutions/security-advisories

https://nvd.nist.gov/



Continued emphasis on training is the primary way we arm our developers against bad practices that create risk. Security Champions benefit from both in-classroom and online training. The training offered to Security Champions is extended to team leads and interested developers. Team Leads of every agile team must have a baseline level of knowledge enablement and hands-on training with the tools necessary to help them to make better decisions from

Connected Chillers Cybersecurity Overview

Documents

Transcript of Connected Chillers Cybersecurity Overview