Medical Demonstration - Billy Rios & Chris Clark
Patient Harm? Analyzing Cyber Security Vulnerabilities for Patient Safety Issues
CVE, CCE, CPE, NVD, CVSS, CWE… What is this alphabet soup and can we actually use these scoring systems to determine whether a particular vulnerability presents a patient safety issue? This talk provides case studies involving specific medical device vulnerabilities and covers strategies to determine whether those vulnerabilities present patient safety issues. We’ll explore the problem from the perspective of both the device manufacturer and healthcare delivery organizations.
Billy Rios, founder of Whitescope
Mr. Rios is the founder of Whitescope, a startup focused on embedded device security, and a consultant to Synopsys on this project. He is recognized as one of the world’s most respected experts on emerging threats related to Industrial Control Systems (ICS), Critical Infrastructure (CI), and medical devices. Mr. Rios discovered thousands of security vulnerabilities in hardware and software supporting ICS and critical infrastructure. He has been publicly credited by the Department of Homeland Security (DHS) numerous times for his support to the DHS ICS Cyber Emergency Response Team (ICS-CERT).
Chris Clark, Principal Security Engineer – Strategic Initiatives, Synopsys Software Integrity Group
Chris Clark is a twenty-two-year veteran of the Information Technology world who uses his experience in management, information systems, and cyber security to help organizations effectively integrate meaningful security practices into their environments. Chris holds a Masters in Cyber Security from the University of Maryland University College as well as having held numerous certifications throughout his career. Chris has worn many hats, including roles as Project Manager, Director of Information Systems, hospital system CIO, and Principal Security Engineer. Chris also participates with standards bodies to ensure effective security requirements are included in standards. Chris currently is focusing on educating customers on how to minimize their cybersecurity risks by engaging with customers and sharing his knowledge and experiences in the hopes of building a more cyber resilient future.