Lightning Talks: Thinking Different presented at bsideslasvegas 2017

by Caroline Wong, Robert Wood, David Batz, Steven Luczynski,

Summary : Stopping a Cyber Hurricane: A Call for Proactive National Cybersecurity
A hurricane and malicious cyber activity are analogous based on their ability to affect our nation’s critical infrastructure, our safety, and our security. But, hurricanes are unpredictable, natural events in a domain no human can control, while significant malicious cyber activity starts in a human’s mind and exists in a domain humans exert some control over. Current US government efforts to counter significant malicious cyber activity are focused on using existing agencies to prepare for and react to these threats. Instead, we should consider methods for the government and private industry to take a more proactive approach to counter these threats before they can affect our nation.
The potential exists to build upon the model used in the fight against drug trafficking to synchronize capabilities across a wide-range of government agency authorities, in conjunction with improved private industry participation. While there are numerous legal and regulatory concerns to address, it will take leadership from all levels, particularly from the bottom up, to initiate the effort required to solve these complex issues.
***
Healthcare Data Protection Hazards
Protecting medical data is one of the cybersecurity industry's top challenges today. Banks and credit card companies now have processes and technology in place to protect customers from financial fraud, but if a medical record is compromised and someone's identity is stolen, that breach can affect someone for potentially the rest of their life.
Caroline Wong, VP of Security Strategy at Cobalt, will interview Bob Wood, Head of Trust at Nuna Health, about the work that his team does to protect the organization. They will discuss approaches to talking about risk effectively and creating stories around various technical and process-related security scenarios to communicate what needs to be done in order to get buy-in for appropriate controls.
***
Cyber Mutual Assistance – Bringing Mutual Assistance to Electric Utility Operators
Owners and operators of the electric grid in the United States are facing an unprecedented number of physical and cyber security risk. This session will discuss the methods that electric utilities are using to address the wide variety of risks, with special focus on a new program call “Cyber Mutual Assistance”
Based on lessons learned from major destructive cyber incidents overseas, and from exercises in North America, the Cyber Mutual Assistance program was developed. It is a extension of the electric power industry’s longstanding approach of sharing critical personnel and equipment when responding to emergencies.