 Hello and welcome. My name is Rob Suarez and I'm the Chief Information Security Officer for BD. BD is one of the largest global medical technology companies in the world and we're advancing the world of health by improving medical discovery, diagnostics and the delivery of care, including the fight against COVID-19. And a little bit about myself and my background, I've been in healthcare for more than a decade and I started my career actually in software engineering and in R&D and moved my way into milk and bite cybersecurity and product security and in recent years I've been leading cybersecurity efforts again across all of BD and Enterprise at IT and manufacturing and in our products as the Chief Information Security Officer. And so at BD, we believe that there's a patient at the end of everything we do and patients don't always have a say in what devices they're connected to. Each hospital room might have 10 to 15 different devices from multiple manufacturers. In addition, each of these devices very likely contain third-party software components. And so here's what we know about all software. It ages like the human body and instead of a companion, it develops vulnerabilities, weaknesses that can be exploited by cyber criminals to gain access to a computer system or to various types of data. But in healthcare, we're not just protecting IT systems and data. We're protecting patient safety and the stakes could not be higher. As manufacturers, we integrate and we really need to integrate cybersecurity into everything of our product lifecycle from R&D through supporting the product in use and customer support. But that's not enough. Criminals are working 24-7 to disrupt the production and supply of medical technology to cause reaches and compromises of patient information, protected health information, and to disrupt the clinical workflows and the delivery of healthcare. It happens every day. And what you see on the news, like the ransomware attacks on gasoline, pipelines, and distribution, like on meat manufacturing, it's just a small slice of the cyber attack that happened on a daily basis. And with hackers working in real time around the clock, we have to put, we have to up our date. And that's why we have to work together as mobile device manufacturers, healthcare providers, industry regulators, security researchers, and other stakeholders. So I'm often time to ask by security professionals in other industries is there any benefit to participating in ethical hacking events like the Biohacking Village at DEF CON? And my answer is yes. The Biohacking Village at DEF CON brings mobile device manufacturers and security researchers together for one purpose, which is to strengthen mobile device cybersecurity. And this approach makes us stronger. Really, what I see is three different ways. One is that it allows us to crowdsource cybersecurity. Two is that, you know, it allows us to create a strong community of practice. And three, it really promotes ethical coordinated vulnerability disclosures. So ethical hacking events allow you to crowdsource cybersecurity. And events like the Biohacking Village and the Medical Device Lab at DEF CON, you know, bring together the security community in a way that not many others can. Tapping into the goodwill of a large group of security researchers, you know, that means accessing a broader set of skills and expertise. And at BED, you know, we do our own security research and vulnerability assessment and threat mulling. But we're always asking ourselves, what are we now seeing? And as an organization, we talk a lot about having a growth mindset, you know, viewing challenges as opportunities to grow and improve and having the courage to iterate, try new things and embrace change. And if you've never participated in an ethical hacking event, because you don't want weaknesses or vulnerabilities to come to light, then you're missing out. We all need to put customers and patients first. And what matters is uncovering vulnerabilities and communicating these actions, the actions to your customers need to take and also participating in the Biohacking Village can really save patient lives. It's sad and impactful. So, you know, instead of shying away and collaborating with security researchers, we need to build a strong community practice for advancing cybersecurity. The reality is that cyber attacks are happening more frequently every single year and in fact every single day. And, you know, around the world, many hospitals don't even have a single person dedicated to cybersecurity, which makes it hard to address vulnerabilities that exist in local devices. We can help by creating a strong community practice. And I encourage all of us in the local device community to make a commitment to being collaborative, not just with our fellow medical device manufacturers and their customers, but also last but not least with security researchers. There's no, there's so much knowledge to share. And we work with healthcare and medical technology trade associations around the world. And the information and expertise shared helps us respond more effectively to potential threats and vulnerabilities. And it also becomes a feedback loop that helps us design more secure and resilient products. And it allows us to provide actual guidance to our customers. And security researchers are absolutely a component, you know, to, to these practices and to these benefits. You know, we have, we have to really remember that new cybersecurity threats are emerging every single day. And there will always be more to learn. So it's not a matter of if you'll take cybersecurity threats, but it's a matter of when. And defensive strategies are not enough. You know, no system can be 100% protected against any and all vulnerabilities. So that's why we need to work together to build a strong community of practice. And events like the biohacking village promote ethical, coordinated vulnerability disclosures and new support, including our processes for, for doing vulnerability disclosures. It's time to take the stigma out of vulnerability disclosures. Every security researcher at the biohacking village, you know, signs the Hippocratic host for hackers, and, and they agree to the biohacking village rules of engaging. And this includes court effort for coordinated vulnerability disclosures. So it's important to know that the discovery of a previously unknown vulnerability needs to be addressed with a sense of urgency and due diligence. FDA guidance direct manufacturers to disclose vulnerability notification within 30 days, and to remediate or provide compensation controls within 60 days. And this allows time to confirm the finding, establish any potential clinical impact if needed, and identify mitigation and compensation controls that we value the relationship with security researchers. And, and so, you know, along the way, you know, make sure to communicate where you are in this process with your stakeholders, including security researchers, you know, trust goes both ways. And remember that your shared goal is patient taking. It's also important to communicate with your customers and patients about your coordinated vulnerability disclosure processes. When cyber street vulnerabilities emerge, provide guidance so customers can manage potential risk properly. And at BD, we do this by posting product security bulletins and patches to our cyber security trust center in our website at bd.com forward slash cyber security. This is something that health care providers and patients should expect from every medical device manufactured. And posting a vulnerability disclosure doesn't mean your organization has a cyber security problem. It means that you're enabling customers to properly manage risk through awareness and through guidance. In coordinated disclosures, in fact, I assign a maturity for an organization. So collaboration and transparency are essential to advancing cyber security and health care. And in health care, cybersecurity isn't just about protecting systems. It's about protecting patient, patient data, patient privacy, and patient safety. Events like the biohacking village allow us to crowdsource cyber security. It allows to build a community practice and develop and mature coordinated vulnerability disclosure in our processes. As a result, we can make our systems products and customers and our patients more secure. Hi, I'm Scott Schindldecker, Chief Product Security Officer for BD. I wanted to share my perspective on participating in events like the biohacking village. It's an exciting opportunity, especially for my team. And if you're looking to motivate your team, I highly recommend getting involved in the biohacking village medical device lab. It's a controlled environment and provides an opportunity for my security team to create a partnership with our product teams and rally around the event. In years past, we've been able to participate in person due to COVID. We're participating remotely this year, but still a great event. One of the benefits is being able to work with fellow medical device manufacturers and security researchers. It's a lot like having external third party independently assess the product and its internal security controls. We know our products and we communicate what we know with customers about how to use them in a secure environment. But participating in an event like biohacking village gives us an opportunity to validate our assumptions. It provides great feedback for improvement. Put simply, it pushes us further on our mission to control risk. We do our own pentesting and threat modeling, but this goes a step further. An event like the biohacking village really serves our customers, making our products and processes more secure. So with that, I want to turn it over to Nastasia Tamari, who will tell you a bit about how events like biohacking village can also help improve coordinated disclosure processes across the industry. Hi, I'm Nastasia and I'm a director of security operations at BD. We focus on security operations for our manufacturing, product and enterprise environment. And at BD, our experience with security researchers has really been overwhelmingly positive. Events like biohacking village really improve communication between BD and other device manufacturers and security researchers. And as a result, we're really able to participate in a more consistent coordinated vulnerability disclosure process. And what we talk a lot about is that our customers can't protect what they don't know. And so when security researchers provide BD and other device manufacturers with research about vulnerabilities, it's an opportunity to provide transparency and awareness for our customers. We're always actively working on releasing vulnerabilities. It's really just something that's part of the software lifecycle. And this is really in alignment with making information available to our customers, which really can shows our commitment to manage reported vulnerabilities. So we launched our BD Cyber Trust Center last year in an effort to increase that transparency. And that collaboration with both researchers and customers, we really want to make it easy to connect with our teams. There are forums on our website where security researchers can go through and report a vulnerability. And then the biohacking village allows us to have those in person touch faces. And so this year, obviously, we know there's a lot of virtual sessions happening. And even virtually, we're able to connect with researchers. So it really is a good experience, overwhelmingly positive for both BD and researchers alike to be able to connect and talk through our process around coordinated vulnerability disclosure.