impact washingtoncamps.nateandbecca.com/wp-content/uploads/2018/01/impact...impact washington...

Impact WashingtonBuilding Better Companies

CAMPSJanuary 25, 2018

Loren Lyon


Impact Washington Overview

Manufacturing USA

Cyber Security

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY MEP MANUFACTIURING EXTENSION PARTNERSHIP

U.S. DEPARTMENT OF COMMERCE


Impact Washington is a non-profit organization whose

mission is to strengthen MANUFACTURING in the state

of Washington through a public private partnership

offering consulting, educational and advocacy services

in order to contribute to a healthy Washington

economy.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY MEP MANUFACTIURING EXTENSION PARTNERSHIP

U.S. DEPARTMENT OF COMMERCE

Impact Washington History NIST-MEP Affiliate in Washington State for 20 years with over 2000 engagements.

NIST – 4000 scientists setting standards/technical experts.

Non-Profit consultant for manufacturers in Washington.

Impact is our measure of success, not profit.

Third party independent client survey.

Metrics over the last 5 years:

400 manufacturers

$372M in New Sales

$240M in Retained Sales

$418M in Increased Investment

4,569 Jobs created or retained

$78M in Cost Savings

The MEP National Network

Client Challenges

7

70%

54%

47%45%

21%

15%13%

9%7%

0%

10%

20%

30%

40%

50%

60%

70%

80%

CostReduction

Growth EmployeeRecruitment

ProductDevelopment

Sustainability TechnologyNeeds

ManagePartners

Financing Exporting

Market Size

EmploymentNumber of

Firms

Percent of

Firms

Number of

Employees

Percent of

Employees

1 - 19 5262 76.2% 27146 12.81%

20 - 99 1300 18% 55705 24.80%

100 - 249 318 4.3% 47556 20.06%

250 - 499 79 1% 27316 11.49%

500 + 41 .5% 123397 30.84%

Total 7050 100% 233564 100%

What we do

Productivity Improvement

/Cost Reduction

Leadership and Organizational Development

Growth

Lean & ISO Consulting

Supply Chain Consulting

FSMA Training & Compliance

Transition & Succession PlanningHigh-Performance Leadership

Development

Export Consulting

Strategy Consulting

Growth Consulting

Manufacturing technology

Core Value®Valuation tool

Manufacturing USA

• 14 Institutes• Technology development – mfg breakthroughs• Global competitiveness• Quality Jobs • Economic benefit

Manufacturing USA

Institute Overview

Organization:• New York MEP awarded in Round 1; 10/1/16 – 9/30/18

Staffing:• New York MEP 1.0 FTE Terry Clas at AIM Photonics HQ

• New York MEP 1.0 FTE Jesse Bonfeld at Composite

Prototyping Center on Long Island (IACMI Northeast

Satellite)

• New York MEP 1.0 FTE Bill Murray at Rochester Institute

of Technology (member, America Makes & DMDII)

Project Objectives:• Develop messaging and conduct outreach/dissemination

• Cultivate project teams with SMMs

• Organize institute site visits, tours

• Refer SMMs to institutes and MEP for services/projects,

membership

• Fund company projects involving institute-related

technologies

1. Develop MEP expertise

2. Reach 1,000 SMMs through

“push” activities

3. Fund projects where SMMs

advance or adopt

technologies in these 4

areas

4. More SMMs participating in

Institute research

Embed Overview

Program

Outcomes

History & Organization:• Institute awarded by DoD in 2015

• Led by SUNY Polytechnic Institute

• Objective: Develop an end-to-end

integrated photonics ecosystem,

including domestic foundry access,

integrated design tools, test,

assembly & packaging and

workforce development.

• www.aimphotonics.com

Geographic Reach:• HQ in Rochester, NY

• Academic leads: MIT, UCSB, RIT,

Boston University., U of R, UC

Davis, University of Arizona

• 84+ members representing 34 U.S.

States interested in AIM Photonics

Research Focus: Integrated

photonics circuits use photons instead

of electrons; transport more information

at faster speeds with less energy.

Target Market

Application AreasPrimary NAICS Codes:

• Telecommunications subsector - NAICS

5173344

• Data Processing, Hosting, and Related

Services subsector - NAICS 518

• Other Information Services subsector -

NAICS 519

• Computer and Electronic Product

Manufacturing subsector - NAICS 334

• Electrical Equipment, Appliance, and

Component Manufacturing subsector -

(NAICS 335)

• Semiconductor and Other Electronic

Component Manufacturing – NAICS 3344

SMM Value/Interest

• SMMs with applications & products

utilizing integrated photonics circuits

• Contract manufacturing service

companies for assembly and

packaging integrated photonic

components to OEMs

• Equipment manufacturers to AIM

• Component mfg. within supply chain

• Telecom/Datacom➢ Cloud based applications (Google,

Amazon, Facebook, etc.)

• RF analog➢ Military communications

• Photonic integrated circuit sensors➢ Biomedical & Chemical

➢ Aersopsace

➢ Energy

➢ Transporation & Infrastructure

• Photonic integrated circuit arrays➢ Military

➢ Imaging

➢ Urban mapping

American Institute for Manufacturing Integrated Photonics

(AIM Photonics)

New York MEP

Progress of Institute:• ~30,000ft2 Test, Assembly, &

Packaging (TAP) facility being

outfitted

• Wafer Fab in Albany; 135k ft2 of

class 1 capable cleanroom facilities

• 300mm tools provide

unprecedented quality photonics

Membership Model for SMMs:• “Tier 3” $100K/year (can be in-

kind)

• Observer level $2,500/year cash;

key entry point

Sustainability Model:• Contract development, prototyping,

low volume production and

services (test, metrology, etc.)

• Education and workforce

development

Technology Aspects:• Electronic photonic design

automation

• Multi-project wafer/assembly

• Inline control & test

• Test, assembly, & optical

packaging

Institute Overview

Outreach Map

Organization:• NCMEP awarded in Round 1; Term 10/1/16 – 9/30/18

Staffing:• NCMEP 1.0 FTE at PowerAmerica HQ (24 months)

• GENEDGE & TMAC – contractors with NCMEP for part-

time work (24 months)

Project Objectives:1. Embedded learning – training MEP staff

2. Embedded & partner state outreach

3. USA awareness

4. Regional learning (workforce development)

1. >500 SMEs will participate in outreach/engagement activities: webinars, meetings, and

conferences and/or receive written/online info

2. >50 SMEs will gain access to shared facilities, resources, or participate in meetings to

get company specific info about PowerAmerica

3. Min. of 10 local start-ups and small U.S. manufacturers are provided help to scale up

new technologies and accelerate tech transfer to the marketplace

Embed Overview

Program Outcomes

History & Organization:• Institute awarded by DOE in 2015

• Objective: Accelerate development

and large-scale adoption of WBG

semiconductor technology

• Membership of industry, academic,

and government organizations

• Website URL:

www.poweramericainstitute.org

Geographic Reach:• HQ in Raleigh, NC

• Members, national in 21+ states

• Memberships: 46 = 27 corporate +

16 university + 3 government labs

* Naval Research Lab,

* Argonne National Lab,

* National Renewable Energy Lab

Research Focus:• Foundry and device development

• Module development and mfg.

• Commercialization applications

• Education and workforce

development

Target Market

Wide Bandgap

Application Areas

Primary NAICS Codes:

• 334411 Electronic Computer Mfg.

(OEMs)

• 334412 Bare Printed Circuit Board Mfg.

• 334413 Semiconductor & Related

Device Mfg.

• 334416 Capacitor, Resistor, Coil,

Transformer, & Other Inductors Mfg.

• 334417 Electronic Connector Mfg.

• 334418 Printed Circuit Assembly

(Electronic Assembly) Mfg.

• 334419 Other Electronic Comp. Mfg.

Products Enabled

• Reduction of energy consumption

and emissions

• Enable systems to be smaller,

lighter, and more efficient

• Allow products to operate at higher

temperatures and voltages than

silicon semiconductor products

• WBG switches faster than silicon

and has lower on-state power

losses

• Power transmission

• Inverters for solar applications

• Wind power / turbines

• Data centers

• Electric and hybrid vehicles

• Industrial equipment

• Motor drives

• Control of renewable energy

• Consumer products: AC to DC

adapters chargers / etc.

PowerAmericaNorth Carolina Manufacturing Extension Partnership

Progress of Institute:• Clean room & packaging labs on

NCSU’s campus, with others on

other university member campuses

• 87 Total Project Calls Awarded

(BP1 = 25, BP2 = 36, BP3 = 26)

Membership Model for SMMs:• Defined WBG supply chain and

engaging potential SMMs

Sustainability Model:• University support

• Membership dues

• Consulting services

• User facility revenue

• Device bank

• Short courses / training programs

• Proposal wins and grants

Technology Aspects:• Power WBG device fabrication,

packaging, and system insertion

EmbeddedPartners

In-Depth MeetingsStates Reached

Potential OEMs:• Automotive

• Aerospace & Defense

• Industrial Equipment

• Data

Centers

• Solar Farms

• Wind Power

Institute Overview

Outreach Map

Organization:• Michigan Manufacturing Technology Center

• Center for Automotive Research, Ann Arbor (Sub-recipient)

Staffing:• Gregg Peterson, Embedded 1.0 FTE @LIFT, 24 months

• Edith Wiarda, 0.25 FTE, 24 months

• The Center’s Market Research staff engaged on Task Basis

Resources for SME-Relevant Projects:• $96k each year held for contractors to work on SME projects

Project Objectives:1. Motivate SME activity via Market & Technology Understanding

2. Sustainability = $600k annual revenue in SME-relevant

lightweighting & advanced metalworking – to LIFT or The

Center

1. LIFT Prospect List Development, 5 State LIFT Region

2. SME LIFT Project Participation via “Fast Forge” Process

3. Market Research to Uncover Auto Supply Chain Capability Gaps

4. SME Awareness & Education Events

5. Accelerate SME Adoption of TRL 7-8-9 Technologies

Embed Overview

Program Outcomes

History & Organization:• Institute awarded by Department of

Defense, Office of Naval Research,

in 2014

• Membership of 123

• Website URL: https://lift.technology

Geographic Reach:• HQ in Detroit

• Members, national in 25 states

• Memberships: 123 = 89 corporate &

SMEs + 21 University & Research

Partners + 4 states + 9 Education &

Workforce Development org’s.

Objective:• Accelerate the development and

application of innovative lightweight

metal production and component

manufacturing technologies to

benefit the US transportation,

aerospace and defense market

sectors.

Target MarketTechnology Areas

LIFT RegionEmbed, M-TACTransportation-Intensive States


• 336 Transportation Manufacturing

• 3335 Metalworking Machinery, Tooling

• 331 Primary Metal Manufacturing

• 3321 Forging, Stamping

• 3323, 3324 Plate Work & Related

• 333992 Welding, Soldering Equipment

Secondary NAICS Codes:• 33522 Major Appliance

• 3336 Engines, Turbines &

Transmissions

• 3339 General Industrial Equipment

• 337214 Office Furniture (ex. Wood)

Successes

• Developed process which enables

weight reduction of over 40% in

ductile iron castings

• Program underway to reduce fatal

Humvee rollovers by up to 74%

• Program utilizing automotive

welding technology in shipbuilding

LIFT – Lightweight Innovations for Tomorrow

<Michigan Manufacturing Technology Center

Progress of Institute:• HQ building: LIFT (with IACMI) has

invested in $50 million worth of

equipment and infrastructure

upgrades to its facility to create an

87,000 sq. ft. applied research and

development lab

• 17 Programs Awarded, valued at

approximately $52 million

Membership Model for SMMs:• Start-up (<50 employees & less

than 5 years in business: $1,000

• SME (1-250 employees): $2,500

• SME (251-500 employees): $5,000

Sustainability Model:• Engineering Services

• Prototyping – large and small

• Additional Government Contracts

Technology Pillars:• Melt processing

• Powder Processing

• Thermo-Mechanical Processing

• Low Cost, Agile Tooling

• Coatings

• Joining and Assembly

Technology Themes:• Integrated Computational Materials

Engineering (ICME)

• Design, Cost Modeling, Supply Chain

ARMI will make practical the large-scale manufacturing of engineered tissues and tissue-related technologies, to benefit existing industries and grow new ones.

ARMI BioFab USA, NIIMBL, MassMEP, NH MEP, up to 10 other centers where research is being conducted. (MN, NJ, CA, CT, NC and others to be determined.)

• Technology cluster to be located near the institutes includes startups resulting from international research.

• Equipment used in the process will be developed by SMMs. This includes 3D Printers, automation and test equipment, filtration, purification, fluidics and bioreactors.

• Penetration into the previously untapped “Bio-Medical” industries prevalent in our areas.

• Support of New Startups and Technology Cluster center in Massachusetts, New Hampshire and Connecticut region

• The majority of the projects are TRL3 or lower with proof of concept being partial organs at best

• International Universities own IP for many concepts

Institute Overview

Outreach Map

Organization:• PA MEP awarded in Round 3; Term 9/1/2017 – 9/30/2019

Staffing: PA MEP• Embedded: Catalyst Connection (PA) two x 0.5 FTE

• CMTC (CA) 0.5 FTE (18 months)

• FuzeHub (NY) 0.5 FTE (18 months)

• Impact Washington (WA)

Project Objectives:1. Facilitate knowledge sharing among Institutes, other

Embed projects & MEPs

2. Develop sustainable business model to transition robotics

technology to SMMs nationwide to strengthen supply chain

3. Ensure SMM involvement in the development of ARM

initiatives and technology development

1. AR-MEP Collaborative, Working Groups & Ecosystem established

2. Outreach, Education & Awareness

3. MEP Practitioner Toolset & Business Model for replication nationwide

4. SMMs Reached & Pilot Projects Executed (Training, Readiness Assessment,

ROI)

5. SMMs involved in ARM’s Research and Technology Development

Embed Overview

Program Outcomes

History & Organization:• Institute awarded by DoD in January

2017

• Objective: To be the leading catalyst

of robotics innovation and expertise

in the U.S., accelerating growth in

manufacturing and high value

careers

• Membership of industry, academic &

government organizations

• Website URL: www.arminstitute.org

Geographic Reach:• HQ in Pittsburgh, PA

• 8 Regional Collaboratives for

scalable national reach


• Memberships: 121 total = 72

corporate, 49 University, not-for-

profit, government organizations

Research Focus:• Robotics technologies that are cost-

effective, versatile, collaborative &

safe, and cyber-secure

• Education & Workforce development

Target Market

AR Focus Areas

EmbeddedSupport

Primary & Secondary NAICS

Codes include:

• 31-33 Manufacturing

The target profile and target markets

are broad reaching for robotics.

Products Enabled

• Extensive range of manufactured

products benefit from the efficiency

and cost benefits that can be

achieved through the application of

advanced robotics technologies.

Segments identified by ARM that are

ripe for rapid adoption of robotics:

• Aerospace

• Automotive

• Composites

• Electronics

• Food & Beverage

• Logistics

• Textiles

Advanced Robotics for Manufacturing (ARM) Institute

<PA MEP

Progress of Institute:• Currently based in National

Robotics Engineering Center

(NREC) facility

• New Pittsburgh HQ under

construction; targeted Spring 2019

• 4 Quick start projects underway

• 0 Project Calls Awarded; first PC

in-progress; 7 technology topics &

1 workforce development

Membership Model for SMMs:• Bronze & Start-up Member levels

Sustainability Model:• Develop (for license or resell)

standardized robotics technology

• Create certification programs for

robotics career opportunities

Technology Aspects:• Human-robot interaction

• Scheduling, learning & control

• Dexterous manipulation

• Mobility & navigation

• Perception & sensing

• Testing, verification & validation

• Mechanism design

http://www.arminstitute.org/

Institute Overview

Outreach Map

Organization:• CMTC awarded in Round 2; Term 01/15/2017 –

01/14/2019

Staffing:• CMTC 1.0 FTE at CESMII HQ (24 months)

• NY MEP– 0.5 FTE at Fuzehub (18 months)

• GC MEP – 0.5 FTE at TMAC-TEEX (18 months)

• NC MEP & Impact Washington – contractors with CMTC

for part-time work (18 months)

Project Objectives:• Deliver the Proposed Outcomes – Awareness,

Engagement, Participation

• Prove a sustainability model for years 3 through “n” for

traditional MEP and SM-specific services

1. Embedded Learning - training MEP staff in the first 9 months of the program

2. Regional Outreach - anticipate reaching at least 5000 SMMs nationally

3. Regional Learning - target a minimum of 950 SMMs for engagement & interactions

4. Regional Impact - attract a minimum of two hundred (200) SMMs per year

5. Capture Client Impact & Satisfaction - obtain quarterly NIST Survey from SMMs

Embed Overview

Program Outcomes

History & Organization:• Institute awarded by DoC in 2017

• Objective: Enables rapid technology

adoption to increase productivity, job

growth, energy efficiency, safety and

reduce time to market for companies of

all sizes.



• Website URL: www.CESMII.org

Geographic Reach:• HQ in Los Angeles, CA

• Membership availability in 50 states

• Memberships: 48 = corporate +

university + not for profit

• Government organizations

Research Focus:• Hardware, software, and cyber physical

security requirements

• Sensor technologies, multi-sensor data

fusion, and sensor-actuator-human

interfaces

• Process verification, validation, and

uncertainty quantification

• Data structures, contextualization,

configuration, and management

• Reference architectures and platform for

process technology digitization Target MarketCESMII Application

Areas

EmbeddedSupportStates in scope


• 324110 – Petroleum Refining

• 325 - Chemicals

• 311,312 – Food & Beverage

Secondary NAICS Codes:• 326119 – Plastics Manufacturing

• 335999 – Electrical Equipment &

Component Manufacturing

• 339112 – Surgical & Medical

Instrument

• 339920 – Sporting & Athletic Goods

• 332710 – Machine Shops

Products Enabled

• Next generation sensors

• Open sourced smart

manufacturing platforms

• Wireless plug and play devices

• Cyber physical systems

• Advanced sensors

• Models and computational tools

• Data structures and

configurations

• Process controls

• Hardware

• Software

• Reference Architectures

Clean Energy Smart Manufacturing Innovation Institute

<CMTC

Progress of Institute:• HQ building in LA

• 5 Regional Manufacturing Centers

located in– CMTC

– Rensselaer Center for

Industrial Innovation

– Texas A&M University

– NC State University

– PNNL Labs

with two demonstration centers:– Southern California

Demonstration Center at UC

Irvine

– Northern California

Demonstration Center at UC

Berkeley

• First Request for Projects of

$10.5M released

Membership Model for SMMs:• Exploring engagement models

Sustainability Model:• Test Bed collaborations

• Certification Programs

• Mfg. as a service program

Technology Aspects:• Advanced sensor systems

• Next generation data analytics and

modeling

• Systems engineering methods

http://www.cesmii.org/

Institute Overview

Outreach Map

Organization:• CMTC awarded in Round 1; Term 10/1/16 – 9/30/18

Staffing:• CMTC 1.0 FTE at NextFlex HQ (24 months)

• GA Tech – 0.5 FTE at GA Tech (18 months)

• Purdue – 0.5 FTE at Purdue (18 months)

• Florida Makes, Genedge & Impact Washington –

contractors with CMTC for part-time work (18 months)

Project Objectives:1. Deliver the Proposed Outcomes – Awareness,

Engagement, Participation

2. Prove a sustainability model for years 3 through ‘n’ for

traditional MEP and FHE-specific services

1. Embedded Learning - training MEP staff in the first 9 months of the program

2. Regional Outreach - anticipate reaching 25% of the high potential SMMs

3. Regional Learning - target a minimum of 10 RFP applications from SMMs

4. Regional Impact - engage a minimum of two hundred (200) SMMs per year

5. Capture Client Impact & Satisfaction - obtain quarterly NIST Survey from SMMs

Embed Overview

Program Outcomes

History & Organization:• Institute awarded by DoD in 2015

• Objective: Mature the manufacture

of Flexible Hybrid Electronics (FHE)

thru WFD, education and awareness



• Website URL: www.nextflex.us

Geographic Reach:• HQ in San Jose, CA


• Memberships: 77 = 40 corporate +

University + not for profit

• Government organizations

Research Focus:• Manufacturing technology for

Flexible Hybrid Electronics

• Integration & packaging; Materials

• Printing & microfluidics

• Modeling & design tools

• Standards, test & reliability

Target MarketFHE Application

Areas

EmbeddedSupportStates in Scope


• 3344 - Semiconductor and Other

Electronic Component Manufacturing

• 3345 - Navigational, Measuring,

Electromedical and Control Instruments

Manufacturing

• 3332 - Semi-Conductor Machinery

Manufacturing

Secondary NAICS Codes:

• 3391 - Medical equipment and supplies

manufacturing

• 3231 – Commercial printing

• 333 – Machinery Manufacturing

Products Enabled

• FHE films that monitor structural

integrity in automotive, aircraft and

civil infrastructure

• Bandages that monitor biomarkers

and administer medicine

• Patches that monitor and alert for

medical crises

• Human Health & Performance

Monitoring Systems

• Asset & Environmental Monitoring

Systems

• Specialized: Soft Robotics and

Integrated Array Antennas

• Collaborative efforts with other

institutes on projects for integrated

technology

NextFlex

California Manufacturing Technology Consulting

Progress of Institute:• HQ building with 10,000ft2 Class

10K clean room

• 24 Project Calls Awarded for PC-

1&2; PC-3 closed 31Aug2017

Membership Model for SMMs:• Exploring engagement models

Sustainability Model:• Addressing supply chain

• Contract prototype, small & pilot

production runs

• WFD training at high schools &

community colleges

• NRE funded by commercial

enterprises & government orgs.

Technology Aspects:• Combining flexible substrates and

conductive interconnect with

semiconductors

• Substrates for low temp, high

volume apps: paper, PEN, PET

• Substrates for high temp apps: thin

glass, thin ceramic, thin foil

• Autonomous intelligent sensors for

IIOT apps

http://www.nextflex.us/

Manufacturing USA

Technology Advancements

Beginning to see affordable technologies for SMMs in robotics and smart manufacturing

Reliant on technology to increase productivity and competitiveness

Automation is the extension of Lean

Attacks are becoming common place. Hacking is a fact of life.

Cyber Attacks on the Rise!

Cyber Security

Estimated Losses

Globally- $400B-$1T

USA- $120B/annually

National Risk (Homeland Security)

International Terror

Cyber Attack

International Military Crises

Major accidents or disaster

60% of SMB cybercrime victims go out of

business within 6 months of attack (NCSA)

50% of all surveyed in 2014

reported being victims of cyber attacks. (National SBA)

70% of all targeted attacks struck

small to mid-sized organizations in 2016 (SMB Group)

50% of small and midsized businesses have fallen victim to ransomware

48% of those paid a ransom (2017 Ponemon Institute)



79% percent of small businesses do not have an incident response plan. Without one, you may never be able to fully recover when a cybersecurity incident becomes a reality.

75% of spear-phishing attacks in 2015 targeted businesses less than 250 employees.

53% of small businesses reported they do not allocate budget for risk mitigation services because they do not store valuable data, yet the majority of respondents reported they store email addresses (68%) and phone numbers (65%), along with other valuable Personal information.

56% of SMB’s are unprepared to identify and respond to a security event (EiQ Networks 2017)

75% of SMB’s admitted a small-to-nonexistent IT security staff, with zero to two employees dedicated to that role. (EiQ Networks 2017)

Real World Anecdotes

OH Manufacturing Company: CEO’s email account hijacked and makes request to CFO to send wire while he is on vacation.

Manufacturer in NJ: Put out RFP for components. Provided information about its products to bidders. Direct competitors in China stole their IP and were immediately in the market.

University of Washington: 90,000 patients data was stolen by hackers. Rich data for identity thieves.

Manufacturer in MI: Hit by ransomware 3 different times. Paid increasing amounts of ransom to decrypt files.

RANSOMWARE… MORE INFO

• Malware provisioned on your network that encrypts all of your organization’s files and demands a payment to for a decryption key.

• The infection typically happens in one of two ways: by clicking on a link or attachment in an email or via an exploit kit released by a compromised website.

• Ransomware authors will often leverage slight modifications, process injection, and other techniques to make their programs slip past antivirus security undetected. Once on a machine, ransomware searches the system for files to encrypt. Some ransomware target specific file types (for example: .docx, .xlsx, etc.).

• In many cases, encryption can occur in minutes or even seconds e.g. Chimera encrypted an entire network in 18 seconds. Files are rendered inaccessible and typically renamed with a new file extension that can sometimes signal which type of ransomware you’re dealing with.

• Once encryption is complete, a ransom or lock screen is displayed informing the user they have X amount of time to pay a fine (typically in the form of Bitcoin) in exchange for a decryption key. After that deadline the ransom will go up or the files will be destroyed.

- 26 -

RANSOMWARE RISK MITIGATION TIPS:

• Establish a third-party user education program on how to identify a phishing email.

• Shut down the ability for user terminals to share resources peer-to-peer.

• Implement a back-up strategy for personal data on external drives or virtual drives.

• Install a reputable antivirus program that will block a majority of known ransomware attacks.

• Never host an external-facing server on the same hardware as a database or data store.

• Ensure proper segmentation between web servers and database servers.

• Track vulnerability patch status of critical data servers and file shares.

• Make sure IT staff has a data back-up strategy for databases and file shares.

• Consider using secure third-party cloud or virtualized services for critical data storage and files shares offsite.

- 27 -

TIPS AND TRICKS

• Never open email from unknown senders

• Right click on email addresses to verify sender’s domain is legitimate, prior to opening an email message.

• When in doubt about an email and its intentions, call the sender to verify.

• Use two step verification / authentications

• If it’s being offered for free, it’s never free

• Use antimalware and antivirus products vs nothing

• Always update security when requested by legitimate publishers

• Back-up your data, use multiple places/locations.

• Back up your data offline when possible

• Do not download applications from unknown publishers or sites

• Never share USB keys/drives

• Do not open attachments in email messages from suspicious senders – verify sender and intentions

• Using mobile devices for browsing is just as risky as laptops for discovering malware and virus’s

• Check what ports are open on your network and their behaviors

• Segment your network for guest and internal users

• Public Wi-Fi networks are very risky for data protection on your devices – use a VPN

• Use a secure password manager for all your unique passwords

• Never use the same password 2x

• Physical spying takes place as much as digital spying, watch who is looking over your shoulder.

• No one is protected from being hacked, you are, will and have been hacked!

• Set strong privacy setting on your devices – you don’t want to overshare

- 28 -

TIPS AND TRICKS

• Java script in your browser is insecure, disable it!

• Always ask yourself questions about communications sent to you, be suspicious is the best practice.

• Use the best browser available from a security perspective, stay aware of exploits of browsers.

• Patch, patch, patch!

• Pay attention to mobile app permissions and access, some will access very private, personal and proprietary information you want to remain confidential.

• Clean up (delete) apps you don’t use

• Use device passwords to lock and encrypt the data wherever possible – losing a device is painful enough!

• Never leave devices set to default

• Change Wi-Fi passwords often and never repeat

• Don’t use names, birthdates, and phone numbers as passwords – be unique and complex

• Social media has risks associated with personal information – don’t feed the bad guys information they can use against you.

• Inventory your devices and their IP addresses on your network

• Remove any devices that are end-of-life from their manufacturer from your network – they are attack points

• Log-out of services like banking when your done with your business.

• Don’t store UID/PW in cookies on devices, just don’t do it

• IoT is pretty cool, but, make sure you manage these IoT devices with the same care as your computer.

- 29 -

Cyber Security

Reluctance of Private Industry

Cost

Not me

Unknowns

Government Intervention

National defense Authorization Act

DFARS

NIST- 800-171

Will evolve to other private industry

Assessment is important

Thank you

impact washingtoncamps.nateandbecca.com/wp-content/uploads/2018/01/impact...impact washington...

Documents