Willkommen, Bienvenue, Bienvenido, Bem-vindo, Добро пожаловать, أهلا بك , ברוך הבא, kaabo.
Lets talk about the strides we, as a village and a community, have made in one year.
The Digital Physiome - How wearables can (and are) transforming healthcare
Jennifer Goldsack and Jessilyn Dunn
Only in the recent past have accurate and scalable methods for biometric monitoring and edge computing become possible, providing a unique opportunity to collect and analyze continuous physiologic measurements and enabling a new mechanistic understanding of acute and chronic diseases. We are focused on using digital health tools such as wearables and smart phones to uncover physiologic signatures of disease, which we refer to as digital biomarkers and that can serve as sentinels of disease onset. Overall, we aim to develop tools and infrastructure using digital health data for disease detection, monitoring, and intervention.
The Next Critical Infrastructure: Understanding the Bioeconomy
Charles Fracchia and Nathan Case
We will use a fictional -but highly realistic- biomanufacturing scenario and company to share with the audience how cybersecurity has become a critical component of biosecurity and public health. We will review the importance of biomanufacturing to the world's public health posture, in particular in light of the COVID19 pandemic and share how vulnerable digital technologies have become exploited vectors for global geopolitical moves.
"Who Bears the Risk?" Why a Market Incentives Perspective is Critical to Protecting Patients from Cyber Threats
Matt McMahon and Shannon Lantzy
Cyberattacks in healthcare abound. Sensitive health data is stolen, and patients’ lives are put at risk by the fleet of outdated, legacy medical devices in our hospitals that are vulnerable to attackers. As the market for internet of medical things (IoMT) rapidly expands, these trends will only increase. While we have the technology to fix this problem, traditional market incentives have not been able to induce a more secure healthcare environment. This talk will discuss those market failures from an economics perspective and suggest new strategies for properly incentivizing medical device manufacturers to make more cyber secure and resilient devices.
At least ten questions for “Bad HIPPA Takes” (@BadHIPPA), 2021’s best tweeter on privacy, pandemic, and snark.
Lucia Savage and @BadHIPPA
From the start of the pandemic, through the election and the insurrection on the Capitol and on into the vaccine roll-out, the nationwide health privacy law, HIPAA, has gotten more famous and more misunderstood than ever. Out of this morass of politicization and polemic emerged “Bad HIPPA Takes” (@BadHIPPA), shining a light on the absurd, funny, sad and even accurate in a must-follow for anyone interested in privacy. In this session, we’ll ask Bad HIPPA Takes some questions, check out their views based on the past year, and even see if they have any inkling about the future of privacy law in the U. S.
Open-Source Vaccine Developer Kits (VDKs) with RaDVaC
Vaccine development has traditionally been an expensive and thus primarily proprietary endeavor. Tools to decrease costs, increase adaptability, speed of production, speed of testing, and expand access to could help increase participation, collaboration, innovation, infectious disease biosecurity, and equity in vaccine development and ultimately vaccine deployment globally. Open-Source VDKs could fill a vital and underserved niche in the ecosystem or vaccine development.
RaDVaC is building tools to increase participation in vaccine development. Key features of a useful vaccine developer kit (VDK) include technical specs for vaccine candidate design, production, testing, adaptation, and collaboration. The ecosystem of vaccine development is weaker for a lack of open-source toolkits (open-source infrastructure is an investment in anti-fragility).
Truth, Trust, and Biodefense
We all hope for a truly “post COVID” world sooner rather than later, but that can only happen if we learn from the past and apply those lessons to our future. Our institutions and our people were unprepared for the harsh realities of the medical, scientific, economic and social demands that an emergency such as the COVID pandemic entails. Our national biodefense program had been steadily diminished while at the same time its focus was increasingly dedicated to human/terrorist threats over two decades. Our decentralized “public health” infrastructure was quickly shown to be simultaneously redundant and ineffective, and our national response was critically hampered by political agendas and rampant propaganda at the greatest scale ever witnessed in US history. Despite the tragic loss of more than 600,000 lives in the United States and millions worldwide, infectious disease experts know that it could have been much worse and would have been, if the pathogen had been even slightly more deadly than the SARS-CoV-2 virus proved to be. Can we imagine the outcome if the COVID mortality rate was far greater than the 1.8% seen in the United States? What if coronavirus infections carried the same mortality rate as infectious encephalitis (100%), Ebola Zaire (25%-90%), or even smallpox in unvaccinated populations (>65%)? In this talk, we will discuss the history and future of biodefense with a specific focus on data, technology, communications, and the rapidly deteriorating concept of “truth.” Radicalization, misinformation, technology, the surveillance economy, information security, and personal privacy will all be discussed with an eye toward building back better, smarter, and more engaged institutions that are driven by better-prepared humans.
Healthcare Innovation With People of All Abilities
Pia Zaragoza and Joel Isaac
The World Bank reported in their 2020 Disability Inclusion report that there are one billion people or 15% of the world’s population that experience some form of disability. During this presentation, Joel Isaac and Pia Zaragoza will go over key concepts around disability inclusion, universal design and accessibility to spark ideas around healthcare innovation amongst the disability, medical manufacturers, regulators, cyber research, citizen science, and biohacker communities.
No Aggregation Without Representation
As we emerge from a pandemic and a year where we all became at risk of developing COVID, many of us have become patients and caregivers navigating a healthcare system under siege. With the rise in ransomware attacks on hospitals, disinformation campaigns from state actors on social media, and new biosecurity threats there has never been a greater need to develop capacity for a new kind of immune response to emerging threats in digital health. Representation matters. During this talk, BRCA mutant turned Security Researcher share how patient communities - namely "the ePatient movement" - holds potential to bring a new type of representation to the field of cybersecurity. ePatients with disabilities have superpowers to co-design and co-production of new technologies with fresh eyes - and to help us protect the emerging technologies that have the power to cure or kill.
Lets Get Real About The Future State of Healthcare
Christian 'quaddi' Dameff and Jeff 'R3plicant' Tully
Taking the lessons of COVID-19 and the healthcare response, how can we create an improved state of resilience in healthcare?
How to Not Miss The Point: Reflections on Race, Health, and Equity
For many, 2020 was a year of reckoning-a reckoning of systems, a reckoning a racial inequity, and the reckoning of the self. Most of us are catching our breath after the highs and lows of a global pandemic, but we are approaching the time to reflect on what actually happened in 2020. This talk aims to help us reflect on this past year, the pandemic itself, and what we can gather about our healthcare systems. It will also center on the role that health disparities, mistrust in medicine, and general weathering played in exacerbating the pandemic.
Chinese Military Bioweapons and Intimidation Operations: Part III
Chinese Military Bio Weapons Future State is third in a three part series examining the Chinese military use of biological reagents in a kinetic capacity. The unrestricted warfare strategy outlined in the early 1990's clearly defines this Chinese military initiative. The supply chain, Program 863 and other supporting components of his strategy will be revealed.
It is TLP : RED
Cloud security for healthcare and life sciences
Michelle Holko, Andrea Matwyshyn, Matt Hazelett, Dan Prieto, Alexis Bonnell
Cloud computing is increasingly used, across sectors, to scale data storage, compute, and services on demand. There are many recent examples of healthcare and life sciences cloud-based projects, including AnVIL for genomics data and the All of Us Research Program for precision medicine research. These cloud implementations include data and analytic workflows that pose added security concerns due to the sensitive nature of the information. This panel will discuss recent use cases highlighting best security practices for cloud computing in healthcare and life sciences.
Securing the Internet of Biological Things
The coming age of robust two-way communication between living and non-living systems can simply be described as the Internet of Biological Things (IoBT). Interfacing optoelectronic systems with optogenetic-, bioelectrochemical- and biosensor-based information substrates will challenge key assumptions underpinning information security. A cyberbiosecurity mindset is needed to maximise the benefits and minimise the downsides of the pervasive, persistent and immersive information environment that arises from an IoBT world.
The Real Story on Patching Medical Devices
Michael Murray, Aftin Ross, Tara Larson, Matt Hazelett, Samantha Jacques, Erik Decker
One of the constant debates in the medical device sector is around patching of medical devices. While the FDA issues clear guidance that devices can and should be patched, some device manufacturers often claim that the FDA is the reason that they can't issue patches, and the hospitals and healthcare organizations using the devices are left confused and accepting risk that they can't manage. With this panel, we will have the conversation out in front of the Defcon audience. Panelists will include representation from the FDA, a product security leader from a device manufacturer and a healthcare CISO with the goal being for the entire Defcon Biohacking Village audience to come away understanding what the truth really is about whether they can patch their devices, and how the sector can continue to move this conversation forward.
OWASP & CSA IoT: Impacting Medical Security
The Open Web Application Security Project (OWASP) IoT Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things as well as enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies. Similarly, CSA's IoT Working group is dedicated to understanding IoT deployments and defining actionable guidance to secure ecosystems. Their efforts are often used to develop medical security guidelines for developers and manufacturers alike but also to influence IoT security assessment methodologies for later use on commercial IoT certification schemes. This session will provide insights into current project initiatives, including those that directly impact medical devices and how you can save lives by getting involved.
A Cohort of Pirate Ships
A presentation on our newly published research on ethics attitudes and preferences in biomedical citizen science, biohacker, and community bio groups. As biomedical citizen science initiatives become more prevalent, the unique ethical issues that they raise are attracting policy attention. One issue identified as a significant concern is the ethical oversight of bottom-up biomedical citizen science projects that are designed and executed primarily or solely by members of the public. That is because the federal rules that require ethical oversight of research by institutional review boards generally do not apply to such projects, creating what has been called an ethics gap. Working to close this gap, practitioners and scholars have considered new mechanisms of ethical oversight for biomedical citizen science. To date, however, participants’ attitudes about ethics and oversight preferences have not been systematically examined. This information is useful to efforts to develop ethical oversight mechanisms because it provides a basis for evaluating the likely effectiveness of specific features of such mechanisms and their acceptability from the perspective of biomedical citizen scientists. Here, we report data from qualitative interviews with 35 stakeholders (some from BHV!) in bottom-up biomedical citizen science about their general ethics attitudes and preferences regarding ethical oversight. Interviewees described ten ethical priorities and endorsed oversight mechanisms that are voluntary, community-driven, and offer guidance. Conversely, interviewees rejected mechanisms that are mandatory, hierarchical, and inflexible. Applying these findings, we conclude that expert consultation and community review models appear to align well with ethical priorities and oversight preferences of many biomedical citizen scientists, although local conditions should guide the development and use of mechanisms in specific communities.
The Little Things
Was 2020 not the best year for you? Has 2021 not been a huge improvement? Are you sick of being dependent on infrastructure which fails? Do you wish there was something to look forward to? The Four Thieves Vinegar Collective has been quiet, because we've been busy this last year. We have a lot of things to share.
But that's not what this talk is about. Instead of the new tools to eradicate diseases, tools to make medicines, ways to administer them, and DIY medical machinery, we're talking about just making it through the day.
There are tools which are not well known, but are easily accessible and can help you sleep better, not be hungover, clear brain fog, and take the edge off depression. These tools are not as well known as they should be, so we're talking about them.
Because as fun as the big things are, daily life is about the little things.
Playing with FHIR: hacking and securing healthcare APIs
Alissa Knight and Mitch Parker
Hear from renowned bank, automotive, and healthcare API Hacker Alissa Knight on her tactics and techniques in hacking mHealth and FHIR APIs. Alissa walks through the tactics and techniques she uses in her API kill chain. Mitch, IU Health CISO, follows up with tactical and strategic maneuvers to maintain the integrity of the data.
Cyber Defense Matrix in Healthcare
The Cyber Defense Matrix helps us understand what we need organized through a logical construct so that when we go into the security vendor marketplace, we can quickly discern what products solve what problems and be informed on what is the core function of a given product. In addition, the Cyber Defense Matrix provides a mechanism to ensure that we have capabilities across the entire spectrum of options to help secure our environments.
Exploiting Security Controls Within COVID Crisis Management Apps
With outbreak of Covid-19, various solutions are developed to control the crisis situation. 1) With emerging need of the contact tracing apps, although holistically such apps could serve purpose of controlling spread of Covid-19, but there have been many flip sides of such contact tracing apps, the biggest of all - the risks is abusing security controls, as that can completely turn the feature of the application against the primary agenda of its usage. Since all of the contact tracing apps, for features like GPS, HTTPS/WSS Communication, BLE, app-sandbox, etc., rely upon Android-iOS platform security, compromising the underlying platform would eventually lead to exploitation of such contact tracing apps. This study depicts how a malicious evil-doer can conduct frauds, thereby remaining unnoticed, since major activities happen at client-side. 2) Solutions like epass for vaccinated people are now evolving, which would certify a person had been vaccinated or not. These are planned to be kept open in public domain where government as well as private agencies can verify epass of any person, who is willing to avail any service, travel flexibility, etc. With practically no Authorization (just by relying on Authentication), plus these epass would contain PII of almost all individuals who are vaccinated, it opens a wider scope at national and international level.
Internet-of-Ingestible-Things Security by Design
In this talk I will share the outcomes of the very first Internet-of-Ingestible-Things workshop that brings cybersecurity experts and medical device regulatory bodies together to think about cyber-biosecurity at design stage of medical devices and to inform policy by delivering a set of principles for Security by Design.
Sex / Intimate Tech
In this workshop, participants will become Sex Tech experts by exploring how to “tear down” a device of their choosing to see what makes it unique on the inside. This workshop is an opportunity to build greater intimacy with your favourite toys with a team of experienced Sex Tech Hackers on hand to guide you!
Participants will be shown how to tear something down, and given time to take apart their own devices before being invited to collectively share any new discoveries or questions with the group.
By the end of the session, participants will have a core understanding of how various Sex Tech devices function from both a hardware and software perspective, as well the confidence and knowledge to move forward with more complex Sex Tech hacking and customisation projects.
Fishing or Hunting
Create a safer cyber space for the medical sector and the life-saving organizations.
The CTI League aspires to protect the medical sector and the life-saving organizations (MS-LSO) worldwide from cyber-attacks, supplying reliable information, reducing the level of threat, supporting security departments, and neutralizing cyber threats.
U.S. FDA 101: Introduction to Medical Device Security
In this session, attendees will receive a caffeinated “FDA 101” introduction to medical device security through the FDA lens. Come learn about the nuance of how the U.S. Food and Drug Administration works to improve medical device security. Participants will learn about (1) the regulations and expectations of security engineering in medical device design, (2) best practices for coordinated disclosure of vulnerabilities with clinical impact to medical devices, (3) how BHV researchers can be part of the solution to improving security in the medical device ecosystem, and (4) facts and myths about FDA expectations for medical device security.
Red vs Blue vs Green : The ultimate battle of opinions (or is it)
Vee Schmitt, Ken Kato
Often when it comes Medical Devices and Healthcare everyone has an opinion. Ever wonder why there is such a difference of opinion. Deep diving into the context and perspective of the various teams involved in the manufacturing, attacking, and defending of medical devices. We explore and discuss why these opinions are different and how we can better communicate our perspective to one another. This talk explores the complexity and constraints that each team faces and how if the silos are broken down it makes for a more collaborative understanding and coming full circle. Often you will that it is Red versus Blue then versus Green. We work against each other rather than coming full circle logically and openly discussing problems in this space. The main theme of this talk is that differences in opinions are often needed to solve complex problems. Let’s face it the secure manufacturing and implementation of these devices is a complex problem. Lifting the veil of problems that each of these team’s face.
Backdoors and Breaches
Black Hills Security
The Security of Your Digital DNA, from Inception to Death
Genetic data is some of your most sensitive and personal info, and it is being used to advance society. However, it is also identifiable, immutable and weaponizable. For these and other reasons, our genetic data deserves the highest security. But how secure is its point of origin? This talk will cover the current genetic threat landscape and the potential risks from the misuse of genetic data. A focus will be applied to DNA sequencers and their operational environments, where both digital genetic data and insecurity are introduced into the system.
Application Security and Medical Security: The Odd Couple
This talk will discuss the importance of application security concepts in medical security. With the increase of medical devices and medical instruments depending on application code it's important to make sure they're built securely. This talk also describes case studies and the ramifications of having insecure code in medical security. Topics explored: Software Development Lifecycle (SDLC), OWASP Top 10, and Regulatory guidelines.
It takes a village: Why you should join the Biohacking Village
The Biohacking Village brings medical device manufacturers and security researchers together for one purpose: to strengthen medical device cybersecurity. In this presentation, BD CISO Rob Suárez will share his perspective on crowdsourcing cybersecurity and how creating a community of practice strengthens cybersecurity, promotes ethical coordinated vulnerability disclosure processes, and accelerates the application of emerging best practices across industries. Participants will also hear from Scott Shindledecker, Chief Product Security Officer for BD and Nastassia Tamari, Director of Information Security - Operations for BD, on practical tips for participating in events like the Biohacking Village Medical Device Lab and fostering collaborative relationships with security researchers and fellow medical device manufacturers.
Lets Wrap This Up
Vital Signs: Biohacking Village
As we wrap this event with the Biohacking Village, we wanted to share our statistics and findings this week.
August 7 Keynote: Trust Talks - Nina Alli, Executive Director of the Biohacking Village, chats with Vee Schmitt, Yusuf Henriques, Devabhaktuni Srikrishna, Cannibal, Najla Lindsay, Josh O'Connor, Dr. Nathaniel DeNicola (FACOG) to get to the ground truth of what needs to be changed for improving the current US biomedical ecosystem.
August 7: Fireside Chat with Dr. Amy Abernethy (FDA) and Mohamed Ali (Boehringer Ingelheim Pharmaceuticals)
August 7: Katie Doroschak Porcupine: Rapid and robust tagging of physical objects using DNA with highly separable nanopore signatures
August 7: Dena Mendelsohn and Jen Goldsack: Redefining patient safety in the digital era
August 7: Khatuna Mshvidobadze: Russian Cyber Threats in The Pandemic Era
August 7: Michelle Holko: Digital Health Technologies in the NIH All of Us Research Program
August 7: Chloe Messdaghi, Casey Ellis, Eirick Lurass: Medical Device Vulnerability Disclosure
August 7: Anthony DiFranco: Hacking the Insulin Supply Chain To Save Lives
August 7: Meg Doerr: Cybersecurity informed consent for medical devices
August 7: William Dougherty and Patrick Curry: INCLUDES NO DIRT: Threat Modeling for Healthcare
August 8: Keynote: Yong-Bee Lim: Understanding DIYBio and Community Labs - A Social Science Approach
August 8: Christian Dameff and Jeff Tully: How COVID19 Changed Our Understanding of Cyber Disaster Medicine
August 8: Vee Schmitt: Medical Technology: How do we unfuck things
August 8: Mitchell Parker, Florence D Hudson, Rob Suarez, Michael McNeil: Advancing Medical Device Security – How collaboration between providers, manufacturers, and pen testers is advancing what’s possible with security.
August 8: Bryson Bort and Nina Alli: MedICS
August 8: Sarah Blossom Ware: Towards an Institutional Review Board for Biohackers
August 8: Dr. Dina Truxius, Julian Sulede, Dr. Mike Rushanan: DIY Diabetics and a Million Boluses
August 8: The Red Dragon: Chinese Military Labratory Mission + COVID-19
August 8: Lucia Savage: What's up with proposed privacy legislation and how to influence the debate
August 9 Keynote: Seth Carmody: Why is Security Hard?
August 9:Andrea Downing: Infodemic: Threat models for patient communities on social networks
August 9: Kyle Erickson, Vee Schmitt, Natali Tshuva, Peter Morgan: How Independent Security Researchers work with Medical Device Manufacturers - The Bad, The Ugly & The Great (BUG)
August 9: Jack Twiddy: How to Grow a Brain in a Jar - Neuroengineering 101
August 9: Vidya Murthy: The Underestimated Threat Vector: Homogeneity
August 9: Mixael Laufer: Making Next Generation Drugs at Home
August 9Sam CervantesOpen Ventilator Remote Monitoring Project
August 9: Matt McMahon and Helen Negre: Securing Your Medical Device Network on a Shoestring Budget