Summit Spotlight: Securing the Public Sector, IoT and Healthcare

By Simon Bracey Lane, PhD student, University of Canberra.

As our societies become more interconnected, the threat vectors adversaries exploit to damage our critical infrastructure has also grown. The Cyber Security Summit’s Monday programming will allow participants to engage with a broad array of topics that impact cybersecurity in the public sector, healthcare and IoT device space.

 

Inaugural Public Sector Workshop

The Summit’s Public Sector Workshop will be introduced by Rohit Tandon who serves as CISO for the State of Minnesota’s IT services and Carlos Kizzee, Vice President of Stakeholder Engagement at the Center for Internet Security. These accomplished experts will begin the discussion by outlining key challenges, and solutions being implemented to address the cybersecurity concerns for this sector.

The opening keynote will be delivered by Eugene Kipniss, MS-ISAC’s Member Programs Manager at the Center for Internet Security. This will provide critical insights from this year’s Nationwide Cybersecurity Review (NCSR). The NCSR is an anonymous cybersecurity maturity self-assessment, completed by thousands of state, local, tribal and territorial governments (SLTT) and presented to Congress bi-annually. His briefing will provide a summary of the threat landscape facing all levels of government and describe how the NCSR can inform lawmakers on legislative decisions.

Moving on from the keynote’s brief on the threat landscape facing the public sector, we begin a more granular analysis of those risks, threats and solutions. One non-technical threat facing public sector cybersecurity is politicization. Jim Nash, Assistant Minority Leader, Minnesota House of Representatives will address participants on the importance of keeping cybersecurity non-partisan. In this time of heightened partisan divide, work must be done to improve how legislatures are engaged to ensure that lawmakers understand the importance of tech legislation.

The Public Sector Workshop will be heavily case study driven. Shawn Riley, Chief Information Officer for the State of North Dakota will brief participants on how, as a national leader in energy and agriculture with a significant military footprint, North Dakota has built a cybersecurity strategy that involves a whole-of-government approach. Riley will brief participants on how North Dakota is training the next generation of cybersecurity professionals. Detailing the development of the “PK-20W” Initiative. This program is designed to equip every student with an understanding of computer science and cybersecurity from kindergarten to PhD. Equipping students with 21st Century Skills whilst protecting the economy of the state, data of citizens, and security of all residents.


Expanded Healthcare & Med Device Seminar

The healthcare industry is continuously on the bleeding edge of innovation. As providers continue to deploy medical devices that significantly improve the quality and delivery of care, the need for visibility and security of these devices is more critical than ever. Bill Aerts, Executive Director, Archimedes Center for Healthcare and Device Security will begin The Cyber Security Summit’s Healthcare& Med Device Seminar. This will include a high-level summary of current security threats to medical devices and healthcare, and the efforts in place to address the risks.

Benjamin Stock, Director of Healthcare Product Management at Ordr will follow the introduction with a session on increasing the collaborative capacity of healthcare technology management (HTM), cybersecurity, and information technology. Whilst they share common objectives, there are still barriers to building a successful medical device security program. This session will discuss ways to build a successful medical device security program and getting HTM, IT, and cybersecurity to work together.

John Seaman, Regional Director at Axonius will present a session that will underscore the importance of Cybersecurity Asset Management. This session will develop participants understanding of cybersecurity asset management. Explaining why all major security frameworks consider asset management to be foundational. It will also detail how and how healthcare organizations can use data from the tools already in place to solve asset management for cybersecurity.

Healthcare and medical device companies are some of the most targeted organizations in the world. Humans, when appropriately involved in your defense, can be very effective sensors against these attacks. Through empowering people, we can create a resilience not achieved by technology alone. The power of this collective is achieved through a comprehensive, positive, human-focused program looking at the issues from end to end.

 

IT / OT / IoT Convergence Seminar

Showcasing thought leaders, strategies, opportunities and business cases of implementing security solutions across a broad spectrum of industries. IT, OT and IoT cybersecurity decision-makers and practitioners will evaluate the security risks of IoT and create insights into new technologies and best practices for securing smart, connected operations and facilities.

This session will be begun by Paul Veeneman, President of Beryllium InfoSec Collaborative. He will lead a session that examines the vulnerabilities in the Nation’s critical infrastructure. This session will analyze the sophisticated threats currently facing an expanded attack surface. Requiring organizations to address risk management strategies, realign operations safety and engineering accountability. Delivering comprehensive business and cyber resiliency solutions from top to bottom.

This discussion will be followed by Joe Weiss, Managing Partner at Applied Control Solutions, LLC. He will outline the unique challenges in securing IoT devices and what steps we can take to better adapt to this rapidly expanding threat surface. The current gaps in our understanding have resulted in ~12 million control system cyber incidents, killing more than 1,500 people and causing over $90 Billion worth of damage. This session will discuss how the cybersecurity community can adapt, and reconcile the disparate elements within this field

The title of this year’s Cyber Security Summit is the Power & Peril of Connection. These horizon-scanning sessions will deepen participants understanding of how we can protect our interconnected institutions from adversaries and strengthen our community to ensure we can better protect healthcare institutions, public bodies, and IoT security entities. Ensuring they can safely do what they do best: provide people with the services they need.