Gartner predicts there will be an estimated 8.4 billion IoT devices by 2020. Tenable President, Chief Operating Officer and Co-Founder Jack Huffard discusses how the proliferation of digital assets and connected devices are creating an exposure gap in cyber defenseand shares how organizations can fight back against cyber-attacks. Huffard participated on the Successful Cybersecurity Growth Companies In the Region panel at the Capital Cybersecurity Summit on Nov. 15, 2017.


jack-huffard-2015-2-webIt’s been more than two years since the Office of Personnel Management (OPM) disclosed one of the largest data breaches in history, but just last week, the agency’s inspector general gave them a failing grade when it comes to critical areas like risk management and contingency planning.

In addition, the data breaches and attacks we’ve recently seen across a variety of industries, including entertainment, critical infrastructure, retail and finance, make it clear that all organizations are still failing when it comes to basic cyber hygiene.

Today, a company’s assets range not just from laptops to servers, but include mobile devices, internet-connected appliances and the cloud. The latest research shows the number of these assets are only going to increase. For example, Gartner predicts there will be an estimated 8.4 billion IoT devices by 2020. And according to a 2016 IDG Enterprise Cloud Computing Survey, 70 percent of organizations already have apps in the cloud and 16 percent more will in 12 months. This modern, elastic attack surface, where the assets themselves and their associated vulnerabilities are constantly expanding, contracting and evolving, has created a massive gap in organizations’ ability to truly understand their cyber exposure at any given time.

Another major component of today’s elastic attack surface is operational technology (OT), particularly given the growth in the risk of cyber-attacks against critical infrastructure sectors. A recent Ponemon Institute study on the state of cybersecurity in the U.S. oil and gas industry found, for example, that OT targets now comprise 30 percent of all cyberattacks. Like cloud and IoT assets, the cyber exposure gap is exacerbated by the mismatch of cyber measures deployed by critical infrastructure companies and the rapid pace of digitization in operations. Operational technologies present an additional challenge – they often can’t be assessed with the same approaches as IT assets, creating blind spots for security operations and compliance teams.

We recently announced a partnership with global engineering and technology leader Siemens that aims to address those unique risks. The product, Industrial Security from Tenable, was designed specifically for industrial control systems and will be delivered through Siemens to give energy and utilities companies full visibility into production networks to reduce compliance risk and their cyber exposure.

Both public and private organizations in every sector need to change their approach to cyber risk to effectively manage their cyber exposure. That starts with understanding and protecting what matters most across their entire attack surface. And it means looking at server and endpoint hardening, IoT discovery and hardening, container and web app vulnerability identification and OT asset and vulnerability detection.

Understanding risk and cyber exposure is also an awareness issue that should start at the top. If the C-suite and board of directors know which areas of their business are secure or exposed, that knowledge can drive strategic business decisions, including where and how much to invest to reduce risk. Attackers will always find the weak link, and right now there are too many weak links – even more than companies are aware of.

This year alone, there were several high-profile, large-scale cyber-attacks, including the NotPetya destructionware, CrashOverride/Industroyer threats to critical infrastructure, and the Reaper IoT botnet. No organization wants to experience one of these security headlines firsthand, which claimed millions of dollars in company damage and compromised sensitive customer data. Only with a holistic approach that starts with basic cyber hygiene – visibility to identify all assets and their vulnerabilities – can companies secure today’s complex attack surface.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

NVTC’s newest guest blog post from Exostar explains why new government regulations are giving organizations a fresh concern when it comes to cybersecurity. Exostar’s Senior Vice President of Product Development Vijay Takanti will be part of the panel discussion, NIST 800-171: Is the Government Paving the Way for Commercial Security? at the 2017 Capital Cybersecurity Summit November 14-15.


exostar v2Cybercrime is on the rise, and could cost businesses over $2 trillion by 2019. These losses could be the result of outright theft, lost productivity, impact to customer confidence or costs associated with repairing breaches. But a new, equally ominous risk associated with cybersecurity is emerging for both government contractors and downstream commercial businesses—the risk of losing current and future contracts due to non-compliance with new government standards.

Department of Defense contracts now include a clause, DFARS 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting.” The new clause requires contractors (and their extended supply chains) to implement NIST SP 800-171 cyber safeguards by December 31, 2017 – or at least have a coherent plan for doing so.

NIST SP 800-171 is a set of 110 security controls regulating the handling of sensitive (but not classified) data. Most organizations in the aerospace and defense industry are well aware of these standards and their application to the DFARS mandate by now. However, other organizations, who don’t work directly with the government, may get pulled into NIST 800-171 compliance because of the global, multi-tiered nature of prime contractors’ supply chains.

Keep in mind that the supply chain on any given project can include hundreds or even thousands of suppliers who are privy to controlled defense information (CDI). As the volume of suppliers and the information they exchange rises, the more vulnerable they are to cyber-attack and CDI compromise. Even small pieces of information need to be protected at all times.

The NIST 800-171 rules are designed to best protect this sensitive information as it moves across every level of the supply chain. If even one link in the chain is insecure, it could spell trouble for all parties participating on a government program. Officially, the government can start including NIST 800-171 compliance as a requirement for contracts once the rules are in effect. If organizations are not compliant, they will not be able to bid on those contracts, and existing contracts could be in jeopardy.

Organizations that are not compliant with these new cybersecurity controls run the risk of losing out on business, as primes and larger suppliers select preferred vendors who can demonstrate proper cybersecurity hygiene.

The deadline is looming. Mitigate the latest cybersecurity risk by understanding and implementing the NIST 800-171 security controls now, or find a qualified partner to help you do so.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

The Myth of Cloud Insecurity

October 31st, 2017 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cloud | Guest Blogs - (Comments Off)

Telos Corporation CEO and Chairman of the Board John Wood addresses cloud security in his new guest blog. Wood will be moderating the State of Cloud Security and Compliance panel at the Capital Cybersecurity Summit on Nov. 14-15 at The Ritz-Carlton, Tysons Corner.


John-WoodIt’s not exactly clear when the term “cloud” was first used to describe shared pools for configurable IT resources. However, it’s safe to say that it started creeping into our lexicon less than ten years ago.

Back then, the official definition of cloud was even less clear than it is today. Regardless of what the cloud actually was, this mysterious cloud entity was widely assumed to be unsafe.

That said, even from the beginning, I saw that the cloud offered many security advantages, especially to smaller companies that couldn’t afford to make infrastructure investments and hire many highly-skilled staff to manage complex IT systems in their own on-premises data centers. Still, doubts about cloud security swirled.

But in 2014, a crazy thing happened. Defying conventional wisdom, the CIA, arguably the most security conscious organization in the world, announced their plan to work with Amazon Web Services (AWS) to adopt commercial cloud services. Shortly thereafter, C2S was born.

Even though countless other agencies had already adopted the cloud by 2014 – the CIA and C2S gave the cloud instant credibility. It made federal agencies and highly-regulated commercial organizations realize that if cloud technology is good enough, and secure enough for the CIA, then it must be secure enough for them. Granted, the C2S is an isolated environment, it was noteworthy that CIA made the often trumpeted “cloud first” policy a reality.

AWS recognized early on that security was important to ensure continued, widespread adoption of cloud services. For this purpose they introduced a shared responsibility model to help explain the security benefits you derive simply by hosting your workloads within AWS. Under this model, the customer is responsible for security in the cloud, and AWS is responsible for security of the cloud.

Not only does this shared responsibility model help address a number of security questions, especially in the areas of infrastructure and physical security, it also helps clients demonstrate compliance requirements more quickly and efficiently, because they can inherit results directly from AWS.

AWS certainly isn’t the only cloud service provider (CSP) in the game – Azure and Google also understand how important the message of cloud security and compliance is to drive further cloud adoption.

Despite all of this it is essential for organizations to understand the potential security pitfalls of cloud adoption. It’s essential to know where your cloud service provider responsibility stops and customer responsibility starts. There have been a number of recent breaches resulting from unsecured cloud-based database deployments. Customers need to understand, and take seriously, their responsibility in protecting their systems, their applications and their data.

The cloud has come a long way over the last ten years. Much progress has been made to enhance security and promote these security and compliance benefits. However, there is still work to be done to address lingering security concerns, questions and perceptions to help drive even broader adoption of cloud services.

If you’d like to hear what CSPs have to say about the myth of cloud insecurity, join me on Wednesday, November 15 at NVTC’s Capital Cybersecurity Summit. I will be moderating a panel that will discuss the current state of cloud security and compliance, featuring prominent voices from the big three cloud providers: Google, Microsoft and AWS. I hope to see you there!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

National security is now the number one security concern for Americans, according to the recently-released global 2017 Unisys Security Index, replacing financial security as the top fear from the 2014 survey. Americans’ concerns about internet security, specifically viruses and hacking, rose most dramatically over the last three years, coming in as the number two security concern in this year’s index.

In a world more interconnected by technology than ever, the cyber threat landscape has never been more daunting. Alarmingly, one in three website visitors last year were attack bots and over 94 percent of 100,000 websites analyzed over a 90-day survey period experienced at least one bot attack, according to Imperva’s Bot Traffic Report 2016. Companies and agencies at the frontline of protecting the country and consumers from cyber-attack face countless challenges beyond the cybersecurity threats themselves.

2017 Cybersecurity Infographic v102317

NVTC 2017 Cybersecurity SitRep

NVTC’s newest infographic provides an updated look into NVTC members’ cybersecurity hiring and resource allocation trends while reiterating the key takeaway of last year’s cyber infographic: The human element exposes us to the greatest cyber risk, from cyber talent to employee training to insider threats.

Acquiring top cyber talent remains a priority to NVTC members, with 50 percent reporting they will hire cyber professionals over the next 12 months, a five percent decrease from last year. Employee training is the single greatest focus for our members with 50 percent reporting it as their greatest cyber resource allocation, while 42 percent are targeting a technical solution first. The human element – both human error and insider threats – was acknowledged as the greatest cyber threat facing the country today.

Cybersecurity Talent Gap Continues to Widen in 2017

Organizations are experiencing tremendous difficulties filling cybersecurity positions and retaining skilled talent in these positions. By 2022, it is predicted there will be a shortfall of 1.8 million cybersecurity professionals in the U.S. In Greater Washington alone, there are over 44,000 open cybersecurity positions.

The 50 percent of NVTC members reporting cyber hiring needs are in stiff competition to attract the cyber talent with the experience, skills and certifications they require to be competitive in today’s marketplace. Local tech employers are looking for creative ways to engage new talent pools to fill their cyber workforces, using models such as NVTC’s own Tech Talent Employer Collective, which uses the U.S. Chamber of Commerce Foundation’s Talent Pipeline Management methodology to put employers into the driver’s seat, setting the workforce development requirements around shared employer needs.

Cybersecurity Venture Funding In the Region Remains Steady

While it is unlikely we will again see cyber ventures play such an outsized role in venture funding such as in 2015 when 46 percent of all funding went to cybersecurity services and products, a steady stream of cyber venture funding continues in Greater Washington, with $210 million collected in calendar year 2016 and $173.2 million from Q4 2016 through Q3 2017.

This support network, including incubators and innovators from MACH37 to In-Q-Tel to CYBERCOM at Ft. Meade, enables a community with innovation capacity and the agility to rapidly evolve to meet the ever-growing cyber threat.

Evolving Cyber Threat Vectors

Internet crimes reported to the FBI’s Internet Crime Complaint Center (IC3) in 2016 represented more than $1.3 billion in losses. Those nearly 300,000 reported crimes are only estimated to be 15 percent of all internet crimes that took place. This year’s numbers so far show that things continue to rise – distributed denial of service (DDoS) attacks alone showed a 380 percent increase in Q1 2017 over Q1 2016.

Even with the rise of more sophisticated bot attacks and ransomware, 63 percent of NVTC members rank the human element as the cyber threat requiring their greatest focus. A recent study on email threats estimates that one in four emails appearing to come from a dot-gov domain is a phishing attempt and three out of four organizations reported being the victim of a phishing attack in 2016.

The threat landscape seems even more ominous when you add in the increasing sophistication of the methods used in spear phishing, a more targeted attack that often spoofs more realistic identities known to the victim; the days of being asked to help move royal gold reserves out of Africa are being replaced by seemingly innocuous requests from “Randy in accounting” to take a look at an attached spreadsheet. Despite this increasing threat, progress is being made through awareness and training programs teaching how to stay secure and safe in the current environment, an approach being adopted by all industry sectors, not just IT.

Community Threats Need a Community Response

We are lucky to reside in the nation’s cyber capital, where the resources and environment support cyber innovation and where the nation’s most qualified cyber workforce lives and works. Perhaps Greater Washington’s biggest advantage in cybersecurity is the collaboration happening in the region. Each day stakeholders from the private, public, incubator and academic communities come together to work on the biggest cyber threats.

To deepen cyber collaboration in the region, NVTC will be hosting the second annual Capital Cybersecurity Summit on November 14-15, 2017 at The Ritz-Carlton, Tysons Corner. At the Summit, the nation’s cyber leaders will share their unique insights and best practices into topics such as attracting top cyber talent, cloud security, cyber risk management, strengthening cybersecurity through public-private partnerships and more. Attendees will have unmatched networking opportunities to discuss their latest innovations and the cyber challenges they face. Get the latest Summit agenda here.

View NVTC’s 2017 cybersecurity infographic at www.NVTC.org/2017CybersecurityInfographic

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Fortalice Solutions President and CEO and Dark Cubed Co-Founder Theresa Payton sheds light on the gender gap in cybersecurity and discusses ways to engage more women in cyber careers. Fortalice Solutions Chief Information Security Officer Ken Bailey will be speaking on the The Life of a Hack: A Business Survival Guide panel at the second annual Capital Cybersecurity Summit on Nov. 14-15, 2017 in Tysons Corner.


Fortalice logo blueWhat image flashes in your mind when you hear the word “cybersecurity?” Is it a room filled with happy, diverse, productive people making a difference in the world around them? Sadly no. More than likely, it’s a guy hunched over his computer wearing a dark hoodie with some ones and zeros floating above his head. Or maybe it’s a cold room in a basement filled with rows and rows of computer servers. If you’re a woman looking at the next 30-40 years of your life, would you pick a career that looks so ominous? Probably not.

Optics is one of the biggest hurdles we face as cybersecurity professionals and the hurdle is even greater for women in security. Generally speaking, women are more drawn to careers where they can use their intellectual, emotional and interpersonal skills and cybersecurity does a terrible job promoting itself in those areas. What if I told you that cyber can be an extremely emotionally charged field? Yes, it’s logical and yes, it’s technical – but the beauty is that we use those skills in conjunction with softer skills to truly help people.

In my daily life as CEO of Fortalice Solutions, I work directly with the government, corporations and people to protect what’s most important to them, including intellectual property, financial assets and healthcare information. And perhaps the most rewarding of all, I work frequently with law enforcement to use innovative technology to combat human trafficking and childhood sexual exploitation. We need to demystify cybersecurity and talk plainly about how our field helps people, in real tangible ways.

For example, I’ve often said that security is inherently flawed because it is not designed for the human psyche. Today security is not only an afterthought, security designs have zero empathy for the human. Do you know any non-technical professionals that profess a deep fondness for strong passwords? You don’t. Passwords are designed for the technology and we ask the human to conform. According to cybersecurity best practices, people will share and forget passwords and they will do unsafe things to get their jobs done, such as use free, unsecure Wi-Fi. Haven’t you? Women’s natural intuition and emotional intelligence to see themselves in someone else’s shoes is exactly what we need to combat this problem!

In order to be more inclusive of women in cybersecurity, at least three things need to happen.

First, hiring managers need to expand their criteria and qualifications. Many hiring managers are leaving women and minority candidates on the sidelines by chasing the same resumes, the same degrees and the same alphabet soup of certifications in future employees. While this might be one indicator of a successful hire it is not the only indicator. The best cybersecurity professionals are insatiable learners and highly skilled problem solvers who think about the user while never underestimating the adversary. Take a chance on a different degree and background and invest in cross training. Some of my best cybersecurity team members started out in a different field and are now some of the best, most well rounded cybersecurity professionals we have on the front lines of fighting cybercrime.

Second, an April 2013 survey of Women in Technology, found that 45% of respondents noted a “lack of female role models or [the encouragement to pursue a degree in a technology-related field].” It’s been proven that professional mentorship and development dramatically increase participation in any given field, so the lack of women in cybersecurity is really a compounding problem – we don’t have enough women in cyber because there aren’t enough women role models in cyber. While connecting with other women has had its challenges, there are wonderful women in cyber today… look at KT McFarland, Deputy National Security Advisor and Ambassador to Singapore, and Keren Elazari, a global speaker on cybersecurity and ethical hacker out of Israel. They are rock stars.

I’ve been very lucky to work with wonderful, inspiring women in cyber, but I recognize that my exposure might be more than women starting their career. This brings me to my third point: I recommend all cyber practitioners, and especially women, take advantage of all the amazing free tools out there from RSA, TED talks, and even YouTube. You can watch speeches from veteran cybersecurity professionals about their careers, hear their advice on how to succeed, and learn new skills to keep you competitive in the workplace. Consider free online courses in cybersecurity or popular programming languages like Python. Ask your colleagues to show you their favorite geek gadget or ethical hack. There are some excellent security frameworks and guidance available for free online such as the NIST framework, CIS Critical Security Controls, SSÅE 16, and discussions on GDPR. Leverage social media to hear what’s on the minds of security experts. In this field, be a constant student of your profession.

It’s true there is a shortage of women in cybersecurity but there is not a lack of talented and strong women in this world. Cybersecurity requires a general shakeup and perhaps women are the ones to do it. I’m grateful that I can talk about my industry and I hope more women join this exciting field… and they can even wear their favorite hoodie.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Hear why modern day supply chain risk management is requiring new architectural paradigm shift in NVTC’s latest Capital Cybersecurity Summit guest blog by Strategic Cyber Ventures CEO Tom Kellermann. Kellermann will be moderating the What Keeps CISOs Up At Night? panel at the second annual Capital Cybersecurity Summit on Nov. 14-15.


SCV Logo2017 has been a reality check for corporations. The reality is that cyberspace has become a free-fire zone with a multiplicity of actors who are determined to wreak havoc. The dark-side of globalization resides in cyberspace. Corporations are regularly under siege from a multiplicity of threat actors. The cyber arms bazaar that flourishes around the world has allowed for criminals and nations to wage long-term campaigns against corporations and government agencies. These cybercriminals stalk businesses and consumers from the fog of the Dark Web. Evidence suggests that the Dark Web has become an economy of scale wherein the cyber-crime syndicates have begun to target the interdependencies of our networks. 2017 has ushered in a foreboding era of digital colonization of American cyberspace.

As the cybercriminal community burrows into our networks we must appreciate that after the initial theft of data they tend to hibernate. This hibernation allows for secondary schemes of monetization. Some of these criminal endeavors include reverse business email compromise against your customers and/or selective Wateringhole attacks. Cybercriminals realize that there is implicit trust in your brand; trust that can and will be exploited. The modus operandi of cybercriminals has been modernized and thus we should allow their offense to inform our defense.

SCV Image 2In 2017, CSOs must enhance the scope and diligence of their supply chain security assessment. First, security strategies must encompass more than technology vendors. Law firms and marketing firms should be included in all annual security assessments. Second, any merger or acquisition must include a compromise assessment. Such a compromise assessment should include a penetration test from within your network to the outside world. Finally, service level agreements (SLAs) must be modernized to mitigate the cyber threats of 2017, therefore the rigor of the security controls required must encompass elements of intrusion suppression like the proactive use of deception grids and adaptive authentication.

Managing cyber exposures to your supply chain is a function of conducting business in 2017. Beyond mere compliance with existing standards corporations must protect their brand before it is hijacked. Supply chain risk management requires an architectural paradigm shift to intrusion suppression. Modernizing defense in depth will allow an organization to thwart the burgeoning digital invasion of their network. It is imperative that we reevaluate vendor relationships and institute increased safeguards and oversight as information supply chain risk is here to stay. Cybersecurity investment begets brand protection which in turn mitigates third-party risk. Those companies who embrace brand protection as a function of comparative advantage will be better prepared to combat the inevitable attacks that will occur, and will become the titans of industry.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Your company has just encountered a data breach? Now what? In NVTC’s guest blog, Veronica Jackson, associate at Miles & Stockbridge, provides immediate steps a company should take upon discovery of a data breach. Jackson will be participating on the Life of a Hack: A Business Survival Guide panel at the Capital Cybersecurity Summit on Nov. 14-15, 2017.


MS Logo (.JPG)In the wake of the latest massive data breach, this one involving Equifax, more and more companies are likely wondering what they should do in the event that they are faced with a data breach that exposes the personal data of their employees or customers. Data security incidents involve complex legal issues that must be navigated carefully to reduce the risk of improper (or unnecessary) breach notification, attention from state and federal regulators, and potential class actions related to the exposure of personal information. There are several key steps a company should take upon discovery of a data breach. While these steps are numbered, many of them must happen both immediately and simultaneously.

First, immediately contact your company’s incident response team pursuant to your Written Information Security Plan (or “WISP”). Second, contact law enforcement and any relevant insurance carriers to assist with coverage of costs for the data breach response effort and to prevent waiver of potential coverage for tardy notice. Third, quickly assess the scope of the breach (i.e., whether the breach is ongoing, whether data was acquired or simply accessed by the hacker, who suffered a breach of their personal information, and what type of information was exposed). Fourth, stop the breach, if possible, through remedial data security measures, possibly with the assistance of a forensic IT consultant to bolster your company’s security systems.

Organizations that have already suffered from a breach especially must consider what additional safeguards (including employee training) should be implemented to avoid another breach in the future. Fifth, analyze data breach compliance requirements by identifying the jurisdictions of residence for the affected population and assessing what notification requirements are triggered by each applicable statute.

Data breach compliance requirements also may be triggered by the regulatory framework covering the type of information that was exposed (i.e., HI-TECH and HIPAA compliance for personal health information). For affected persons residing in Maryland, for example, notification is not required if, after an investigation, the entity determines that personal information has not been or is not likely to be misused (documentation of that conclusion, however, must be retained by the entity for three years). In instances where notification is required, even for just one Maryland resident, notice must first be sent to the Maryland Attorney General’s data breach notification department. In the District of Columbia, on the other hand, there is no “likely harm” exception to notification, and notice to the Attorney General is not required. In instances where 1,000 or more residents are receiving notice at a single time, both Maryland and the District of Columbia require that notice be sent to all nationwide consumer reporting agencies regarding the timing, distribution and content of the notices.

Finally, prepare a data breach response plan that attempts to mitigate potential harm to the affected population and complies with applicable data breach requirement statutes and regulations. Since the Supreme Court’s decision in Spokeo v. Robins attempted (but failed) to clarify the legal standard for what constitutes sufficient harm to a person affected in a data breach for legal standing purposes, a Circuit split has emerged. Because it remains unclear what level of risk for future harm or actual harm is required (short of actual identity theft), efforts to minimize the risk of identity theft and other subsequent harm, as well as providing free preventative services to affected people, are valuable tools that may provide a defense against subsequent litigation stemming from the data breach. Many organizations elect to provide an affected population with identity theft prevention services that monitor their credit and also aid them in any credit repair efforts they may need should they fall victim to identity theft.  Many state attorneys general also look at whether an organization is providing such services to its residents when reviewing data breach response notifications.

This blog was written by Veronica Jackson at Miles & Stockbridge.

 

Opinions and conclusions in this post are solely those of the author unless otherwise indicated. The information contained in this blog is general in nature and is not offered and cannot be considered as legal advice for any particular situation. The author has provided the links referenced above for information purposes only and by doing so, does not adopt or incorporate the contents. Any federal tax advice provided in this communication is not intended or written by the author to be used, and cannot be used by the recipient, for the purpose of avoiding penalties which may be imposed on the recipient by the IRS. Please contact the author if you would like to receive written advice in a format which complies with IRS rules and may be relied upon to avoid penalties.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Final Logo Capital Health Tech Summit NVTC (2)The inaugural Capital Health Tech Summit took place on June 15, 2017 at the Inova Center for Personalized Health. Following a series of “flash briefings” highlighting the latest innovations in health tech in Greater Washington, the Summit’s engaging Innovation Panel discussed how the Greater Washington ecosystem can catalyze and invest in innovations like those presented in the briefings. The panelists also discussed opportunities for innovators to work with the federal government to launch their innovations.

Panelists included FDA Senior Innovation Architect and Advisor to the CTO and Director of Innovation Steven Hubbard, U.S. Department of Health and Human Services Acting Executive Director for Innovation, Immediate Office of the Secretary Sanjay Koyani, Dcode42 Founder and CEO Meagan Metzger, and MedStar Health Chief Innovation Officer and MedStar Institute for Innovation Director Dr. Mark S. Smith. Booz Allen Hamilton Senior Vice President Robert Silverman moderated.

Innovation panel v2

According to panelists, Greater Washington is a global leader in health innovation because of its:

  • Wealth of talent: the region’s talent pool is hungry to make a difference in people’s lives
  • Federal government opportunitiess: innovators can make a tangible impact on healthcare by taking advantage of real opportunities to launch technologies in the government (including challenge.gov)
  • Unmatched university and health systems open to embracing new health innovations and incorporating them into practice

The speakers also discussed the need for new partnerships between health systems, the private sector and incubators to spur innovation, and the need for enhanced innovation in the area of home health and preventive care, a booming field.

View full video from the panel:

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

The healthcare industry is a top target for cyber criminals and can face a variety of security vulnerabilities. In fact, over 200,000 health systems were impacted by the recent WannaCry cyber-attacks.

Cyber panel v2At NVTC’s Capital Health Tech Summit on June 15, 2017, a panel of cyber experts discussed the current health tech threat landscape and highlighted the technologies and services being developed to protect the healthcare industry’s digital systems. Participating on the panel were Ostendio CEO and Co-Founder Grant Elliott, PwC Managing Director of Advisory Services Suzanne Hall, Berkeley Research Group Director Katherine Norris and Leidos Chief Cybersecurity Technologist Gib Sorebo. Carilion Clinic Senior Vice President and CMIO Dr. Stephen Morgan moderated.

Some of the key themes that emerged from the panel included:

  • Emerging tech fields like biomedicine and IoT devices need enhanced collaboration and stakeholder engagement around cybersecurity efforts.Cyber Panel Morgan v2
  • There is no shortage of new security techniques and applications to protect health systems today, but organizations still need to implement the basic cybersecurity controls and educate employees to mitigate human risk.
  • Cybersecurity must find its way into the boardroom with CISOs and CSOs at the table lending their perspectives; cybersecurity has huge business implications.

View full video from the panel below:

Check out panelist Grant Elliott’s recent piece in HIT Leaders and News on cybercrime in healthcare

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

NVTC recently hosted the first-ever Capital Health Tech Summit on June 15, 2017 at the Inova Center for Personalized Health. The fascinating field of pharmacogenomics, the study of how genes affect a person’s response to medications, was covered by an expert panel.

Final Logo Capital Health Tech Summit NVTC (2)Pharmacogenomics panelists included Translational Software Chief Science Officer Dr. Houda Hachad, Inova Center for Personalized Health Assistant Vice President of Personalized Health Franziska Moeckel and CGI Chief Architect and Corporate Ambassador, Global Health IT Practice, Stephen Saunders. Inova Translational Medicine Institute Chief Operating Officer Dr. John Deeken moderated.

Pharmacogenomics v2The session explored emerging solutions and opportunities for individualized therapies and patient-centric systems using pharmacogenomics. Key themes that emerged from the panel included:

  • Pharmacogenomics is putting data in patients’ hands, empowering them to live healthier lives
  • Pharmacogenomics has significant implications for reducing long-term healthcare costs and improving long-term health outcomes.
  •      According to panelists, 8% of all ER visits are because of drug reactions; pharmacogenomics can help reduce these visits and the medical costs associated with them considerably.
  •     Pharmacogenomics mapping, starting as early as maternity, can help ensure patients are receiving the most personalized, impactful care over their lifetimes.
  • The translational software fueling pharmacogenomics today is the missing bridge between laboratories and hospitals and doctors’ offices.

View the full video from the panel below to learn more:

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS