Medical Device Cybersecurity: Top Priorities

Kevin Fu,
Associate Professor, IEEE Fellow, Dr. Dwight E. Harken Memorial Lecturer, Founder of the Archimedes Center for Healthcare and Device Security, University of Michigan
Edison Alvarez,
Director, Information Security – Cybersecurity Governance, BD (Becton, Dickinson & Company)

The cybersecurity threats and challenges involving medical devices just keep growing, potentially putting patient safety, data confidentiality and security at risk. This session will explore ways healthcare CISOs and their teams can better address issues, including:

• The differences between IT cybersecurity and OT cybersecurity in dealing with medical devices
• How healthcare delivery organizations can prioritize and put into action recommendations contained in guidance materials, vulnerability alerts, white papers and other documents pertaining to medical device cybersecurity
• Top medical device lessons emerging from ransomware and other disruptive cyberattacks that have been hitting the healthcare sector
• The importance of medical device SBOMs – as well as dealing with the challenges that SBOMs create for some entities

Why It’s Essential to Operationalize a Cybersecurity Framework for Critical Infrastructure

Steve King,
Managing Director, Cybersecurity Marketing Advisory Services, CyberTheory
Grant Schneider,
Senior Director for Cybersecurity Services (Former U.S. federal CISO), Venable LLP
Roger Caslow,
CISO, Hampton Roads Sanitation District

There are many options to choose from when selecting a framework for your cybersecurity program and typically your choice comes down to your industry vertical. We will have a discussion on the most commonly used enterprise-level frameworks, what is needed to adopt them, and how they benefit your organization. Our expert panel will:

• Evaluate some of the best practices for structural alignment with capabilities and solutions, and which security controls are needed for audit
• Analyze how to align IT with OT, as well as the overarching organizational strategy needs and roadmaps
• Discuss ways to not only support governance structure internally, but also ensure regulation and other external requirements are met

Surface Management: Avoiding Device Whack-a-Mole

Tari Schreider,
Strategic Advisor, Aite-Novarica Group – Cybersecurity Practice

Chief information security officers (CISOs) face unseen and unmanaged assets, resulting in poor asset hygiene and exploitable areas of an IT estate. Various cybersecurity solutions attempt to discover computing assets, but few are equipped to identify today’s expansive and complex attack surfaces.

OFAC on Crypto Sanctions Compliance

Lawrence Scheinert,
Associate Director, Compliance and Enforcement, Office of Foreign Assets Control (OFAC), U.S. Department of the Treasury

Virtual currencies are beginning to play an increasingly prominent role in the global economy. The growing prevalence of virtual currency as a payment method, likewise, brings greater exposure to sanctions risks — like the risk that a sanctioned person or a person in a jurisdiction subject to sanctions might be involved in a virtual currency transaction. Accordingly, the virtual currency industry, including technology companies, exchangers, administrators, miners, wallet providers and users, plays an increasingly critical role in preventing sanctioned persons from exploiting virtual currencies to evade sanctions and undermine U.S. foreign policy and national security interests.

In this exclusive session, Lawrence Scheinert, associate director, compliance and enforcement, Office of Foreign Assets Control (OFAC) at U.S. Department of the Treasury, will:

• Identify who must comply with OFAC sanctions and why
• Discuss the consequences of noncompliance and the implications of this on cybersecurity practitioners
• Analyze how to “block” virtual currency

Live Interactive SBOM Discussion

James DeLuccia,
Product Security Chief, Honeywell
Michael Baker,
Vice President, IT CISO, DXC Technology

Join this interactive session to discuss with the SBOM and how it will affect your organization. A Software Bill of Materials (“SBOM”) has been identified by the cybersecurity community as a key aspect of modern cybersecurity, including software security and supply chain security. E.O. 14028 declares that “the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced. In this session our panel of experts will explore and debate:

• Sharing and Exchanging SBOMs—Moving SBOMs and related metadata across the software supply chain
• Implementation —SBOM implementation will be driven by a range of accessible and constructive tools and enabling applications, both open source and commercial in nature.
• Can you write your own SBOM

Collaborative Cyber Defense: Just a Promise or a Practical Reality?

Howard Grimes,
CEO, Cybersecurity Manufacturing Innovation Institute (CyManII)
Paris Stringfellow,
Director of Sustainability, Cybersecurity Manufacturing Innovation Institute (CyManII)
Jerry Cochran,
Deputy CIO – Cybersecurity & DigitalOps, Pacific Northwest National Laboratory

Cyber defense is increasingly becoming more important to the federal government’s overarching administrative agenda. There is an important need from the various organizations (CISA, DOE CESER, etc.) to incentivize the transition from collaboration to cooperation within these distinct entities.

This panel will cover these strategies and will:

• Discuss ways to collaborate across public/private as well as intra- and inter-sector entities to thwart and stay ahead of adversaries targeting critical infrastructures
• Debate whether or not the 20-year evolution of cyber information/threat sharing is still working, and, if not, how can it be improved
• Assess the opportunities for mutual aid and defense from the government to various sectors

Regulating and Being Regulated: A Public-Private Partnership at the Ports

Nick Parham,
Marine Transportation System Cybersecurity Coordinator, United States Coast Guard Atlantic Area Command
Chris Carter,
Information Security Analyst, Port of Vancouver, USA
Charles Blackmore,
Marine Transportation Specialist (Cyber), United States Coast Guard

In the wake of the 9/11 terrorist attacks, the Maritime Transportation Security Act (MTSA) was implemented across the commercial shipping industry in the United States. With the rise and evolving threat of cybersecurity attacks during the past decade, the Coast Guard has worked with public and private partnerships at America's ports to leverage the MTSA and enhance cybersecurity mitigation and resiliency at these ports. The industries operating in America's ports are critical components of multiple supply chains and often fall into multiple critical infrastructure categories.

Key takeaways include actionable insights to:

• Leverage existing partnerships within ports to address cybersecurity vulnerabilities
• Take action within an existing regulatory framework to address cybersecurity vulnerabilities
• Facilitate information sharing and analysis to bridge the public/private communication gap

How the Future of U.S. Crypto Regulation Will Impact Your Organization

Cody Carbone,
VP of Policy, Chamber of Digital Commerce

Crypto has been one of the top buzz words across all industries in 2022 - from some of the most high-profile crimes involving crypto to President Biden's historic executive order - but what does this actually mean for CISOs when it comes to their day-to-day security measures and implementation? This session will address what your organization should be cognizant of in the crypto regulatory landscape going into 2023. Join this session where Cody Carbone, former commissioner at U.S. Commodity Futures Trading Commission and the chief policy officer at the Chamber of Digital Commerce, will:

• Assess 2023 predictions for the U.S. crypto regulations and their impacts on the private sector
• Discuss the latest updates and takeaways from the Biden administration’s crypto strategy report
• Analyze how businesses can best prepare for future regulation and adapt accordingly

Interactive Session: Cyber Resiliency by Design

Ron Ross,
Fellow, NIST

During this live interactive session, attendees will have the opportunity to engage with NIST Fellow Ron Ross.

Ross will dive into the recently revised NIST Special Publication 800-160, Volume 2, Revision 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach. His current project is to help update Volume 1, as well as 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. His focus areas include system and cyber resiliency and the importance of implementing well-established design principles for trustworthy secure systems.

In this exclusive, live session, Ross will take questions directly from summit attendees and speak about topics such as:

• Gaps in building cyber resiliency by design
• NIST's revised and pending guidance
• The CISO's burden in overseeing cyber risk - and how it can be eased.

Faster Payments Fraud: How Can We Outpace the Criminals?

Mike Timoney,
Vice President - Secure Payments, Federal Reserve Bank of Boston
Deborah Baxley,
Partner, PayGility Advisors
Peter Tapling,
Board Member, U.S. Faster Payments Council

As banks, merchants and individuals continue to adopt faster payments, fraud is outpacing fraud prevention. How are patterns of fraudulent activity in faster payments different from traditional payment methods? How are the fraud actors collaborating within their fraud community? What technologies and controls do we need to mitigate such fraud?

Our expert panel will share insights and strategies that will:

• Discuss the faster payments fraud landscape
• Assess the technologies and controls needed to mitigate this criminality
• Evaluate how we can improve information sharing and collaboration.

Little Device, Big Threat!: IoT Attacks, Vulnerabilities and Prolific Risk

Matanda Doss,
Executive Director, Cybersecurity and Technology Controls, Commercial Bank, JPMorgan Chase & Co.

The Internet of Things (IoT) is expanding at a dramatic rate. As we connect our devices to more and more aspects of our daily lives, we are creating a roadmap for invasive listening, hacking and business disruption. Join us to learn more about where IoT is headed and how you can stay safe while still reaping the benefits of a digital world.
This session will shed light on:

• Biggest threats based on trending attacks
• Challenges of IoT security based on common vulnerabilities
• Vulnerabilities caused by new technologies
• Strategies for securing huge attack surfaces
• Regulatory and compliance issues arising from third-party partnerships

Election Security: What Did We Learn From the Mid-Term Elections

Elvis Chan,
Asst. Special Agent in Charge San Francisco Division, Cyber Branch, FBI

Since 2016, election security has emerged as one of the newest and most urgent aspects of critical infrastructure protection. And Elvis Chan of the FBI's San Francisco office has been at the forefront of assessing and mitigating election security threats. In this session, Chan will:

• Address the latest threats to election integrity
• Explain the stepped-up effort of the U.S. government in general and FBI in particular
• Describe the shifting cyber threat landscape post-Russia's invasion of Ukraine

Mastercard's Claire Le Gal on Responding to the New 'Fraud Universe'

Claire Le Gal,
Sr. VP, Fraud Intelligence, Strategy & Cyber Products, Mastercard

If we have learned anything from digital transformation, it is that fraud now comes in multiple forms across multiple vectors - simultaneously. And for financial services organizations to be able to spot and stop these schemes requires tearing down silos and building new partnerships like never before.

Claire Le Gal, a 26-year Mastercard veteran, will share exclusive insights and will

• Analyze the emerging fraud trends, and take a deep dive into the reasons why they are so challenging to detect
• Discuss strategies that inhibit fraudsters and make it harder for them to succeed
• Shed light on what constitutes fraud fusion centers and how they offer cross-enterprise collaboration that is much needed

Biometrics and IoT: The Golden Ticket of Security?

Lana DeMaria,
Director, Data Privacy, Alaska Airlines
Alexander Vitruk,
Senior Litigation Associate, Baker & Hostetler LLP

Governments and industries in the private sector are ever interested in using biometrics for automatic identification or authentication of people. Biometrics definitely appears to be the “golden key” of security – it’s much harder to spoof an iris scan or fingerprint than a password! However, collection of biometric data also comes with its share of unique risks.

Attend this session to learn how Alaska Airlines has embraced the use of biometrics to streamline and improve the guest experience without compromising guest privacy and security of their data.

Interactive Session

Ari Redbord,
Head of Legal and Government Affairs, TRM Labs
Caroline Hill,
Director of Global Policy and Regulatory Strategy, Circle
Alex Zerden,
Founder and Principal, Capitol Peak Strategies
Eric Lorber,
Principal, Financial Crimes Unit, PwC

Join us for this exclusive, live and interactive video session. Our expert group of industry thought leaders will continue the conversation from their session earlier in the day - “Crypto's Promise: The Use of Digital Assets for Economic Prosperity.” Don’t miss out on your chance to ask these experts all of your pressing crypto questions. Do you share their passion for crypto and believe that it can address humanitarian needs, or do think it is the downfall of civilization? What does the FTX bankruptcy mean for the rest of the industry? We look forward to seeing you join this live conversation.

How Is Mobile Phone Fraud Evolving: and What Can We Do About It?

Karen Boyer,
SVP Financial Crimes, Fraud Intelligence, M&T Bank
Kristi Wilson,
Senior Fraud Manager, Special Investigations, T-Mobile

An acceleration in the pace of digital transformation has undoubtedly seen many consumers adopting mobile banking. However, criminals have also adapted to this new environment and have accordingly evolved their tactics in the form of increasingly sophisticated and targeted account takeover attacks. So how can we improve our detection and mitigation techniques to thwart fraudsters and protect consumers?

This expert panel will share insights and strategies, including:

• How the past two-plus pandemic years have changed the face of fraud
• The evolution of unauthorized mobile porting, SIM swapping and account takeover fraud
• How the industry can adopt stronger authentication methods such as FIDO

The Critical Role of Compliance and Collaboration in Crypto and Payments

Troy Leach,
Chief Strategy Officer, Cloud Security Alliance
Samant Nagpal,
General Manager and Global Head of Risk, Square

Establishing trust in industry guidelines for crypto and other payments is crucial, but how is this trust truly built? Our expert speakers will take a deep dive into best practices for transparency, in which they will:

• Discuss the increasing importance of third-party transparency
• Analyze how the industry is trying to streamline the many different requests for guidance
• Evaluate emerging solutions that allow for the most effective scalability

Lessons Relearned From the Russian Invasion of Ukraine - the Cybersecurity Threat Reality and Defense

Mike Manrod,
CISO, Grand Canyon Education, Inc.
Armando Seay,
Founder, Maryland Innovation and Security Institute
Roger Caslow,
CISO, Hampton Roads Sanitation District

Since the late ’90s, our critical infrastructure has been under a documented attack from various APT groups affiliated with nation-states, including Russia. Russia’s directed cyberattacks on Ukraine are well documented, as is the intended blast radius to include the U.S. and allies, which has been ramped up since the February 2022 invasion of Ukraine. So how do we defend our critical infrastructure from this, now and into the future? Our cybersecurity defenses have not changed. They have merely evolved to include OT and IoT basic hygienic solutions. Expect to learn key practices from our session, in which our panel of experts will:

• Discuss incident response plans that can proactively defend your organization against a number of potential threats
• Assess the best strategies to build a defensible architecture and ensure network security is properly monitored in the process
• Look at the most effective vulnerability and patch management testing methods

The Challenge of Zelle Fraud

Karen Boyer,
SVP Financial Crimes, Fraud Intelligence, M&T Bank
James Hitchcock,
Vice President, Fraud Mitigation, American Bankers Association

Fast, convenient and free! It's not surprising that Zelle is America's most popular payment app. The peer-to-peer (P2P) payment service, created by a consortium of major U.S. banks, lets users transfer funds directly between bank accounts at no charge. Unfortunately, it's also proven popular with fraudsters. Through well-crafted social engineering techniques, criminals are successfully duping consumers to make fraudulent transactions. How can we tackle the new challenge of P2P payment fraud?

This expert panel will share insights and strategies and will:

• Analyze the Zelle scams and other social engineering trends, and their impact on the overall payment fraud landscape
• Discuss the challenges for banks, consumers and regulators
• Evaluate best practices to prevent and reduce the impact of impersonation fraud

Securing the People in Our Streets Through the Interconnections of Technology

Troy Leach,
Chief Strategy Officer, Cloud Security Alliance
John Yeoh,
Global Vice President of Research, Cloud Security Alliance

Technology has enabled humans to do more than we ever have before. Intelligent systems have reached our cars, bikes, scooters and skateboards for use in navigation, streaming services, safety and more. Controlled by critical ingredients, the smart city ecosystem ensures that we are protecting our most valuable assets, the human. Troy Leach, our expert speaker, will share his insights on how technology is being used for everyday living and safety and will:

• Highlight the edge networks, application management systems and highway infrastructure that support our day-to-day living and security
• Discuss the most innovative technology stacks to reach new capabilities
• Assess how security must be addressed to keep our data, lives and streets safe

The State of Critical Infrastructure Resilience

Grant Schneider,
Senior Director for Cybersecurity Services (Former U.S. federal CISO), Venable LLP
Puesh Kumar,
Director, Office of Cybersecurity, Energy Security, and Emergency Response, U.S. DOE
Virginia Wright,
Energy-Cyber Portfolio Manager, Idaho National Laboratory
Jerry Cochran,
Deputy CIO – Cybersecurity & DigitalOps, Pacific Northwest National Laboratory

If you talk to the energy sector, they will weave resilience into their cybersecurity discussions. For example, the electric, oil and gas, transportation, water, and telecommunications sectors will look at cyber differently than the health or financial sectors. Generally, the water, electric, and oil and gas sectors have more similarities and interdependencies than any other critical infrastructure sectors combined. Our panel will shed light on some of the most effective cross-sector resilience strategies and will:

• Discuss the best ways to adopt a framework and the best communications and operational methods to achieve this
• Analyze the performance of scenario-based risk assessments to better help inform business continuity plans
• Assess the broader regulatory and operational requirements that guide these critical business decisions

Energy Sector: Drill Down Best Practices for Preemption and Resilience

Manny Cancel,
SVP and CEO, E-ISAC
Mara Winn,
Deputy Director, Preparedness, Policy and Risk Analysis, CESER, U.S. DOE

The energy sector puts significant resources into building systems that are resilient. These efforts have traditionally been focused on capacity building and preparing for potential natural disasters. The challenge of resilience changes when preparing for and recovering from a cyber-attack that may not be limited to a particular geographic area. This discussion will:

• Address practices that ensure energy resilience in the digital age
• Identify systems and processes required to mitigate risk across the industry
• Provide insights on how energy companies can work better with others across the value chain to improve cybersecurity

Crypto and Crime: How to Detect and Protect Your Organization

Ari Redbord,
Head of Legal and Government Affairs, TRM Labs
Erin West,
Deputy District Attorney, Santa Clara County, California
Shawn Bradstreet,
Special Agent in Charge, San Francisco Field Office, U.S. Secret Service

The same qualities that make crypto a force for good - decentralized cross-border value transfer at the speed of the internet - also make it susceptible to illicit actors who want to move large amounts of funds quickly. While, in recent years, we have seen a proliferation of scams and fraud - from pig butchering to discord hacks, wash trading to rug pulls - we have also seen law-savvy law enforcement and prosecutors at the state and federal level meet the challenge with new tools and expertise. Our panel of expert crypto investigators will:

• Discuss the latest in investigating crypto- specialized units, tools, training and the most notable types of cases
• Evaluate the trends and major typologies that are most prominent today
• Assess what are the biggest challenges today in crypto investigations, as well as what is on the horizon in the future investigative space
• Discuss the importance of public/private partnerships in reducing crypto illicit actors across the board

Healthcare Sector Progress: Collaborations and Public Partnership

Errol Weiss,
CSO, Health Information Sharing and Analysis Center
Erik Decker,
VP & CISO, Intermountain Healthcare

Healthcare is among the most targeted critical infrastructure sectors. How are healthcare sector entities - and their CISOs and security teams - working with their peers, industry competitors, government agencies and information sharing organizations to help fend off the rising cyberthreats striking from so many different directions? This session will:

• Spotlight information sharing and other collaborative healthcare sector cybersecurity efforts – where progress is being made
• Identify cybersecurity resources for the private and public health sectors, and what else is still much needed
• Explore ways healthcare organizations and their security leadership can become more proactive in addressing sector-specific cyberthreats and risks.

The Global State of Crypto: Regulations and Challenges on the Horizon

Troy Leach,
Chief Strategy Officer, Cloud Security Alliance
Ari Redbord,
Head of Legal and Government Affairs, TRM Labs

From brazen crypto fraud schemes to landmark arrests and an historic executive order, 2022 has been a watershed year for cryptocurrency. But how are global entities both using and regulating crypto, and what is the global outlook/influence?

Join government/crypto expert Ari Redbord for an entertaining and informative look at global governments’ approach to crypto, where he will:

• Analyze the global investigatory practices being used to reduce crypto crime
• Discuss the global legislation that is being implemented, and how this impacts the cybersecurity space
• Assess the impact of major legislations, such as Biden's Executive Order, as well as other notable global policies affecting the crypto space