Stopping a Cyber Hurricane: A Call for Proactive National Cybersecurity
A hurricane and malicious cyber activity are analogous based on their ability
to affect our nation's critical infrastructure, our safety, and our security.
But, hurricanes are unpredictable, natural events in a domain no human can
control, while significant malicious cyber activity starts in a human's mind
and exists in a domain humans exert some control over. Current US government
efforts to counter significant malicious cyber activity are focused on using
existing agencies to prepare for and react to these threats. Instead, we
should consider methods for the government and private industry to take a more
proactive approach to counter these threats before they can affect our nation.
The potential exists to build upon the model used in the fight against drug trafficking to synchronize capabilities across a wide-range of government agency authorities, in conjunction with improved private industry participation. While there are numerous legal and regulatory concerns to address, it will take leadership from all levels, particularly from the bottom up, to initiate the effort required to solve these complex issues.
Healthcare Data Protection Hazards
Protecting medical data is one of the cybersecurity industry's top challenges
today. Banks and credit card companies now have processes and technology in
place to protect customers from financial fraud, but if a medical record is
compromised and someone's identity is stolen, that breach can affect someone
for potentially the rest of their life.
Caroline Wong, VP of Security Strategy at Cobalt, will interview Bob Wood, Head of Trust at Nuna Health, about the work that his team does to protect the organization. They will discuss approaches to talking about risk effectively and creating stories around various technical and process-related security scenarios to communicate what needs to be done in order to get buy-in for appropriate controls.
Cyber Mutual Assistance - Bringing Mutual Assistance to Electric Utility
Operators
Owners and operators of the electric grid in the United States are facing an
unprecedented number of physical and cyber security risk. This session will
discuss the methods that electric utilities are using to address the wide
variety of risks, with special focus on a new program call "Cyber Mutual
Assistance"
Based on lessons learned from major destructive cyber incidents overseas, and
from exercises in North America, the Cyber Mutual Assistance program was
developed. It is a extension of the electric power industry's longstanding
approach of sharing critical personnel and equipment when responding to
emergencies.
David Batz will be providing information about the Cyber Mutual Assistance
program which refers to a series of industry initiatives developed by the
Electricity Subsector Coordinating Council (ESCC) to provide emergency cyber
assistance to entities in the electricity sector.
Caroline is a dynamic cybersecurity expert with more than a decade of industry experience as a day-to-day manager at eBay and Zynga, product manager at Symantec, and managing consultant at Cigital (now Synopsys). She is currently VP of Security Strategy at Cobalt, a company that connects SaaS companies who want to improve their cybersecurity posture with hackers who can help find their problems before the bad guys do. Caroline received a 2010 Women of Influence Award in the One to Watch category and authored the popular textbook Security Metrics: A Beginner’s Guide, published by McGraw-Hill in 2011. She graduated from U.C. Berkeley with a B.S. in Electrical Engineering and Computer Sciences.
Steve Luczynski currently serves as the Deputy Director, Cyber Plans and Operations for the Under Secretary of Defense for Policy at the Pentagon. He works with national policymakers, interagency counterparts, and combatant command staff to support the Department of Defense mission to defend the nation in cyberspace. His interest in cybersecurity began 10 years ago developing innovative warfighting concepts for the Navy’s future cyberspace operations. Over his 24-year career, Steve has flown the F-15C and F-22 around the world, and he looks forward to beginning a new career in the information security industry.
Leveraging over 20 years of utility experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. In addition to providing technical knowledge of security and network issues, Mr. Batz leverages a decade of energy regulatory compliance as well as physical and cyber security policy experience and engagement with federal agencies including Department of Energy (DoE), and the Department of Homeland Security (DHS). Mr. Batz is a member of InfraGard, and serves on the SANS Institute Advisory Board. He has served on the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection Committee (CIPC) and the CIPC- Executive Committee. Batz has authored various articles and presented at numerous events on securing critical infrastructure, industrial systems and standardization topics for prominent industry associations including NIST, National Association of Regulatory Utility Commissioners and the American Society Civil Engineers to name a few.
Robert Wood runs the trust and security team at Nuna, whose core directive is to protect one of the nation's largest collective healthcare data sets. Previously, Robert was a Principal Consultant at Cigital where he founded and led the red team assessment practice and worked with strategic clients across the United States in an advisory capacity.