impact washingtoncamps.nateandbecca.com/wp-content/uploads/2018/01/impact...impact washington...
TRANSCRIPT
Impact WashingtonBuilding Better Companies
CAMPSJanuary 25, 2018
Loren Lyon
Impact WashingtonBuilding Better Companies
Impact Washington Overview
Manufacturing USA
Cyber Security
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY MEP MANUFACTIURING EXTENSION PARTNERSHIP
U.S. DEPARTMENT OF COMMERCE
Impact WashingtonBuilding Better Companies
Impact Washington is a non-profit organization whose
mission is to strengthen MANUFACTURING in the state
of Washington through a public private partnership
offering consulting, educational and advocacy services
in order to contribute to a healthy Washington
economy.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY MEP MANUFACTIURING EXTENSION PARTNERSHIP
U.S. DEPARTMENT OF COMMERCE
Impact Washington History NIST-MEP Affiliate in Washington State for 20 years with over 2000 engagements.
NIST – 4000 scientists setting standards/technical experts.
Non-Profit consultant for manufacturers in Washington.
Impact is our measure of success, not profit.
Third party independent client survey.
Metrics over the last 5 years:
400 manufacturers
$372M in New Sales
$240M in Retained Sales
$418M in Increased Investment
4,569 Jobs created or retained
$78M in Cost Savings
5
The MEP National Network
Client Challenges
7
70%
54%
47%45%
21%
15%13%
9%7%
0%
10%
20%
30%
40%
50%
60%
70%
80%
CostReduction
Growth EmployeeRecruitment
ProductDevelopment
Sustainability TechnologyNeeds
ManagePartners
Financing Exporting
Market Size
EmploymentNumber of
Firms
Percent of
Firms
Number of
Employees
Percent of
Employees
1 - 19 5262 76.2% 27146 12.81%
20 - 99 1300 18% 55705 24.80%
100 - 249 318 4.3% 47556 20.06%
250 - 499 79 1% 27316 11.49%
500 + 41 .5% 123397 30.84%
Total 7050 100% 233564 100%
What we do
Productivity Improvement
/Cost Reduction
Leadership and Organizational Development
Growth
Lean & ISO Consulting
Supply Chain Consulting
FSMA Training & Compliance
Transition & Succession PlanningHigh-Performance Leadership
Development
Export Consulting
Strategy Consulting
Growth Consulting
Manufacturing technology
Core Value®Valuation tool
Manufacturing USA
• 14 Institutes• Technology development – mfg breakthroughs• Global competitiveness• Quality Jobs • Economic benefit
Manufacturing USA
Institute Overview
Organization:• New York MEP awarded in Round 1; 10/1/16 – 9/30/18
Staffing:• New York MEP 1.0 FTE Terry Clas at AIM Photonics HQ
• New York MEP 1.0 FTE Jesse Bonfeld at Composite
Prototyping Center on Long Island (IACMI Northeast
Satellite)
• New York MEP 1.0 FTE Bill Murray at Rochester Institute
of Technology (member, America Makes & DMDII)
Project Objectives:• Develop messaging and conduct outreach/dissemination
• Cultivate project teams with SMMs
• Organize institute site visits, tours
• Refer SMMs to institutes and MEP for services/projects,
membership
• Fund company projects involving institute-related
technologies
1. Develop MEP expertise
2. Reach 1,000 SMMs through
“push” activities
3. Fund projects where SMMs
advance or adopt
technologies in these 4
areas
4. More SMMs participating in
Institute research
Embed Overview
Program
Outcomes
History & Organization:• Institute awarded by DoD in 2015
• Led by SUNY Polytechnic Institute
• Objective: Develop an end-to-end
integrated photonics ecosystem,
including domestic foundry access,
integrated design tools, test,
assembly & packaging and
workforce development.
• www.aimphotonics.com
Geographic Reach:• HQ in Rochester, NY
• Academic leads: MIT, UCSB, RIT,
Boston University., U of R, UC
Davis, University of Arizona
• 84+ members representing 34 U.S.
States interested in AIM Photonics
Research Focus: Integrated
photonics circuits use photons instead
of electrons; transport more information
at faster speeds with less energy.
Target Market
Application AreasPrimary NAICS Codes:
• Telecommunications subsector - NAICS
5173344
• Data Processing, Hosting, and Related
Services subsector - NAICS 518
• Other Information Services subsector -
NAICS 519
• Computer and Electronic Product
Manufacturing subsector - NAICS 334
• Electrical Equipment, Appliance, and
Component Manufacturing subsector -
(NAICS 335)
• Semiconductor and Other Electronic
Component Manufacturing – NAICS 3344
SMM Value/Interest
• SMMs with applications & products
utilizing integrated photonics circuits
• Contract manufacturing service
companies for assembly and
packaging integrated photonic
components to OEMs
• Equipment manufacturers to AIM
• Component mfg. within supply chain
• Telecom/Datacom➢ Cloud based applications (Google,
Amazon, Facebook, etc.)
• RF analog➢ Military communications
• Photonic integrated circuit sensors➢ Biomedical & Chemical
➢ Aersopsace
➢ Energy
➢ Transporation & Infrastructure
• Photonic integrated circuit arrays➢ Military
➢ Imaging
➢ Urban mapping
American Institute for Manufacturing Integrated Photonics
(AIM Photonics)
New York MEP
Progress of Institute:• ~30,000ft2 Test, Assembly, &
Packaging (TAP) facility being
outfitted
• Wafer Fab in Albany; 135k ft2 of
class 1 capable cleanroom facilities
• 300mm tools provide
unprecedented quality photonics
Membership Model for SMMs:• “Tier 3” $100K/year (can be in-
kind)
• Observer level $2,500/year cash;
key entry point
Sustainability Model:• Contract development, prototyping,
low volume production and
services (test, metrology, etc.)
• Education and workforce
development
Technology Aspects:• Electronic photonic design
automation
• Multi-project wafer/assembly
• Inline control & test
• Test, assembly, & optical
packaging
Institute Overview
Outreach Map
Organization:• NCMEP awarded in Round 1; Term 10/1/16 – 9/30/18
Staffing:• NCMEP 1.0 FTE at PowerAmerica HQ (24 months)
• GENEDGE & TMAC – contractors with NCMEP for part-
time work (24 months)
Project Objectives:1. Embedded learning – training MEP staff
2. Embedded & partner state outreach
3. USA awareness
4. Regional learning (workforce development)
1. >500 SMEs will participate in outreach/engagement activities: webinars, meetings, and
conferences and/or receive written/online info
2. >50 SMEs will gain access to shared facilities, resources, or participate in meetings to
get company specific info about PowerAmerica
3. Min. of 10 local start-ups and small U.S. manufacturers are provided help to scale up
new technologies and accelerate tech transfer to the marketplace
Embed Overview
Program Outcomes
History & Organization:• Institute awarded by DOE in 2015
• Objective: Accelerate development
and large-scale adoption of WBG
semiconductor technology
• Membership of industry, academic,
and government organizations
• Website URL:
www.poweramericainstitute.org
Geographic Reach:• HQ in Raleigh, NC
• Members, national in 21+ states
• Memberships: 46 = 27 corporate +
16 university + 3 government labs
* Naval Research Lab,
* Argonne National Lab,
* National Renewable Energy Lab
Research Focus:• Foundry and device development
• Module development and mfg.
• Commercialization applications
• Education and workforce
development
Target Market
Wide Bandgap
Application Areas
Primary NAICS Codes:
• 334411 Electronic Computer Mfg.
(OEMs)
• 334412 Bare Printed Circuit Board Mfg.
• 334413 Semiconductor & Related
Device Mfg.
• 334416 Capacitor, Resistor, Coil,
Transformer, & Other Inductors Mfg.
• 334417 Electronic Connector Mfg.
• 334418 Printed Circuit Assembly
(Electronic Assembly) Mfg.
• 334419 Other Electronic Comp. Mfg.
Products Enabled
• Reduction of energy consumption
and emissions
• Enable systems to be smaller,
lighter, and more efficient
• Allow products to operate at higher
temperatures and voltages than
silicon semiconductor products
• WBG switches faster than silicon
and has lower on-state power
losses
• Power transmission
• Inverters for solar applications
• Wind power / turbines
• Data centers
• Electric and hybrid vehicles
• Industrial equipment
• Motor drives
• Control of renewable energy
• Consumer products: AC to DC
adapters chargers / etc.
PowerAmericaNorth Carolina Manufacturing Extension Partnership
Progress of Institute:• Clean room & packaging labs on
NCSU’s campus, with others on
other university member campuses
• 87 Total Project Calls Awarded
(BP1 = 25, BP2 = 36, BP3 = 26)
Membership Model for SMMs:• Defined WBG supply chain and
engaging potential SMMs
Sustainability Model:• University support
• Membership dues
• Consulting services
• User facility revenue
• Device bank
• Short courses / training programs
• Proposal wins and grants
Technology Aspects:• Power WBG device fabrication,
packaging, and system insertion
EmbeddedPartners
In-Depth MeetingsStates Reached
Potential OEMs:• Automotive
• Aerospace & Defense
• Industrial Equipment
• Data
Centers
• Solar Farms
• Wind Power
Institute Overview
Outreach Map
Organization:• Michigan Manufacturing Technology Center
• Center for Automotive Research, Ann Arbor (Sub-recipient)
Staffing:• Gregg Peterson, Embedded 1.0 FTE @LIFT, 24 months
• Edith Wiarda, 0.25 FTE, 24 months
• The Center’s Market Research staff engaged on Task Basis
Resources for SME-Relevant Projects:• $96k each year held for contractors to work on SME projects
Project Objectives:1. Motivate SME activity via Market & Technology Understanding
2. Sustainability = $600k annual revenue in SME-relevant
lightweighting & advanced metalworking – to LIFT or The
Center
1. LIFT Prospect List Development, 5 State LIFT Region
2. SME LIFT Project Participation via “Fast Forge” Process
3. Market Research to Uncover Auto Supply Chain Capability Gaps
4. SME Awareness & Education Events
5. Accelerate SME Adoption of TRL 7-8-9 Technologies
Embed Overview
Program Outcomes
History & Organization:• Institute awarded by Department of
Defense, Office of Naval Research,
in 2014
• Membership of 123
• Website URL: https://lift.technology
Geographic Reach:• HQ in Detroit
• Members, national in 25 states
• Memberships: 123 = 89 corporate &
SMEs + 21 University & Research
Partners + 4 states + 9 Education &
Workforce Development org’s.
Objective:• Accelerate the development and
application of innovative lightweight
metal production and component
manufacturing technologies to
benefit the US transportation,
aerospace and defense market
sectors.
Target MarketTechnology Areas
LIFT RegionEmbed, M-TACTransportation-Intensive States
Primary NAICS Codes:
• 336 Transportation Manufacturing
• 3335 Metalworking Machinery, Tooling
• 331 Primary Metal Manufacturing
• 3321 Forging, Stamping
• 3323, 3324 Plate Work & Related
• 333992 Welding, Soldering Equipment
Secondary NAICS Codes:• 33522 Major Appliance
• 3336 Engines, Turbines &
Transmissions
• 3339 General Industrial Equipment
• 337214 Office Furniture (ex. Wood)
Successes
• Developed process which enables
weight reduction of over 40% in
ductile iron castings
• Program underway to reduce fatal
Humvee rollovers by up to 74%
• Program utilizing automotive
welding technology in shipbuilding
LIFT – Lightweight Innovations for Tomorrow
<Michigan Manufacturing Technology Center
Progress of Institute:• HQ building: LIFT (with IACMI) has
invested in $50 million worth of
equipment and infrastructure
upgrades to its facility to create an
87,000 sq. ft. applied research and
development lab
• 17 Programs Awarded, valued at
approximately $52 million
Membership Model for SMMs:• Start-up (<50 employees & less
than 5 years in business: $1,000
• SME (1-250 employees): $2,500
• SME (251-500 employees): $5,000
Sustainability Model:• Engineering Services
• Prototyping – large and small
• Additional Government Contracts
Technology Pillars:• Melt processing
• Powder Processing
• Thermo-Mechanical Processing
• Low Cost, Agile Tooling
• Coatings
• Joining and Assembly
Technology Themes:• Integrated Computational Materials
Engineering (ICME)
• Design, Cost Modeling, Supply Chain
ARMI will make practical the large-scale manufacturing of engineered tissues and tissue-related technologies, to benefit existing industries and grow new ones.
ARMI BioFab USA, NIIMBL, MassMEP, NH MEP, up to 10 other centers where research is being conducted. (MN, NJ, CA, CT, NC and others to be determined.)
• Technology cluster to be located near the institutes includes startups resulting from international research.
• Equipment used in the process will be developed by SMMs. This includes 3D Printers, automation and test equipment, filtration, purification, fluidics and bioreactors.
• Penetration into the previously untapped “Bio-Medical” industries prevalent in our areas.
• Support of New Startups and Technology Cluster center in Massachusetts, New Hampshire and Connecticut region
• The majority of the projects are TRL3 or lower with proof of concept being partial organs at best
• International Universities own IP for many concepts
Institute Overview
Outreach Map
Organization:• PA MEP awarded in Round 3; Term 9/1/2017 – 9/30/2019
Staffing: PA MEP• Embedded: Catalyst Connection (PA) two x 0.5 FTE
• CMTC (CA) 0.5 FTE (18 months)
• FuzeHub (NY) 0.5 FTE (18 months)
• Impact Washington (WA)
Project Objectives:1. Facilitate knowledge sharing among Institutes, other
Embed projects & MEPs
2. Develop sustainable business model to transition robotics
technology to SMMs nationwide to strengthen supply chain
3. Ensure SMM involvement in the development of ARM
initiatives and technology development
1. AR-MEP Collaborative, Working Groups & Ecosystem established
2. Outreach, Education & Awareness
3. MEP Practitioner Toolset & Business Model for replication nationwide
4. SMMs Reached & Pilot Projects Executed (Training, Readiness Assessment,
ROI)
5. SMMs involved in ARM’s Research and Technology Development
Embed Overview
Program Outcomes
History & Organization:• Institute awarded by DoD in January
2017
• Objective: To be the leading catalyst
of robotics innovation and expertise
in the U.S., accelerating growth in
manufacturing and high value
careers
• Membership of industry, academic &
government organizations
• Website URL: www.arminstitute.org
Geographic Reach:• HQ in Pittsburgh, PA
• 8 Regional Collaboratives for
scalable national reach
• Members, national in 24 states
• Memberships: 121 total = 72
corporate, 49 University, not-for-
profit, government organizations
Research Focus:• Robotics technologies that are cost-
effective, versatile, collaborative &
safe, and cyber-secure
• Education & Workforce development
Target Market
AR Focus Areas
EmbeddedSupport
Primary & Secondary NAICS
Codes include:
• 31-33 Manufacturing
The target profile and target markets
are broad reaching for robotics.
Products Enabled
• Extensive range of manufactured
products benefit from the efficiency
and cost benefits that can be
achieved through the application of
advanced robotics technologies.
Segments identified by ARM that are
ripe for rapid adoption of robotics:
• Aerospace
• Automotive
• Composites
• Electronics
• Food & Beverage
• Logistics
• Textiles
Advanced Robotics for Manufacturing (ARM) Institute
<PA MEP
Progress of Institute:• Currently based in National
Robotics Engineering Center
(NREC) facility
• New Pittsburgh HQ under
construction; targeted Spring 2019
• 4 Quick start projects underway
• 0 Project Calls Awarded; first PC
in-progress; 7 technology topics &
1 workforce development
Membership Model for SMMs:• Bronze & Start-up Member levels
Sustainability Model:• Develop (for license or resell)
standardized robotics technology
• Create certification programs for
robotics career opportunities
Technology Aspects:• Human-robot interaction
• Scheduling, learning & control
• Dexterous manipulation
• Mobility & navigation
• Perception & sensing
• Testing, verification & validation
• Mechanism design
Institute Overview
Outreach Map
Organization:• CMTC awarded in Round 2; Term 01/15/2017 –
01/14/2019
Staffing:• CMTC 1.0 FTE at CESMII HQ (24 months)
• NY MEP– 0.5 FTE at Fuzehub (18 months)
• GC MEP – 0.5 FTE at TMAC-TEEX (18 months)
• NC MEP & Impact Washington – contractors with CMTC
for part-time work (18 months)
Project Objectives:• Deliver the Proposed Outcomes – Awareness,
Engagement, Participation
• Prove a sustainability model for years 3 through “n” for
traditional MEP and SM-specific services
1. Embedded Learning - training MEP staff in the first 9 months of the program
2. Regional Outreach - anticipate reaching at least 5000 SMMs nationally
3. Regional Learning - target a minimum of 950 SMMs for engagement & interactions
4. Regional Impact - attract a minimum of two hundred (200) SMMs per year
5. Capture Client Impact & Satisfaction - obtain quarterly NIST Survey from SMMs
Embed Overview
Program Outcomes
History & Organization:• Institute awarded by DoC in 2017
• Objective: Enables rapid technology
adoption to increase productivity, job
growth, energy efficiency, safety and
reduce time to market for companies of
all sizes.
• Membership of industry, academic &
government organizations
• Website URL: www.CESMII.org
Geographic Reach:• HQ in Los Angeles, CA
• Membership availability in 50 states
• Memberships: 48 = corporate +
university + not for profit
• Government organizations
Research Focus:• Hardware, software, and cyber physical
security requirements
• Sensor technologies, multi-sensor data
fusion, and sensor-actuator-human
interfaces
• Process verification, validation, and
uncertainty quantification
• Data structures, contextualization,
configuration, and management
• Reference architectures and platform for
process technology digitization Target MarketCESMII Application
Areas
EmbeddedSupportStates in scope
Primary NAICS Codes:
• 324110 – Petroleum Refining
• 325 - Chemicals
• 311,312 – Food & Beverage
Secondary NAICS Codes:• 326119 – Plastics Manufacturing
• 335999 – Electrical Equipment &
Component Manufacturing
• 339112 – Surgical & Medical
Instrument
• 339920 – Sporting & Athletic Goods
• 332710 – Machine Shops
Products Enabled
• Next generation sensors
• Open sourced smart
manufacturing platforms
• Wireless plug and play devices
• Cyber physical systems
• Advanced sensors
• Models and computational tools
• Data structures and
configurations
• Process controls
• Hardware
• Software
• Reference Architectures
Clean Energy Smart Manufacturing Innovation Institute
<CMTC
Progress of Institute:• HQ building in LA
• 5 Regional Manufacturing Centers
located in– CMTC
– Rensselaer Center for
Industrial Innovation
– Texas A&M University
– NC State University
– PNNL Labs
with two demonstration centers:– Southern California
Demonstration Center at UC
Irvine
– Northern California
Demonstration Center at UC
Berkeley
• First Request for Projects of
$10.5M released
Membership Model for SMMs:• Exploring engagement models
Sustainability Model:• Test Bed collaborations
• Certification Programs
• Mfg. as a service program
Technology Aspects:• Advanced sensor systems
• Next generation data analytics and
modeling
• Systems engineering methods
Institute Overview
Outreach Map
Organization:• CMTC awarded in Round 1; Term 10/1/16 – 9/30/18
Staffing:• CMTC 1.0 FTE at NextFlex HQ (24 months)
• GA Tech – 0.5 FTE at GA Tech (18 months)
• Purdue – 0.5 FTE at Purdue (18 months)
• Florida Makes, Genedge & Impact Washington –
contractors with CMTC for part-time work (18 months)
Project Objectives:1. Deliver the Proposed Outcomes – Awareness,
Engagement, Participation
2. Prove a sustainability model for years 3 through ‘n’ for
traditional MEP and FHE-specific services
1. Embedded Learning - training MEP staff in the first 9 months of the program
2. Regional Outreach - anticipate reaching 25% of the high potential SMMs
3. Regional Learning - target a minimum of 10 RFP applications from SMMs
4. Regional Impact - engage a minimum of two hundred (200) SMMs per year
5. Capture Client Impact & Satisfaction - obtain quarterly NIST Survey from SMMs
Embed Overview
Program Outcomes
History & Organization:• Institute awarded by DoD in 2015
• Objective: Mature the manufacture
of Flexible Hybrid Electronics (FHE)
thru WFD, education and awareness
• Membership of industry, academic &
government organizations
• Website URL: www.nextflex.us
Geographic Reach:• HQ in San Jose, CA
• Members, national in 40 states
• Memberships: 77 = 40 corporate +
University + not for profit
• Government organizations
Research Focus:• Manufacturing technology for
Flexible Hybrid Electronics
• Integration & packaging; Materials
• Printing & microfluidics
• Modeling & design tools
• Standards, test & reliability
Target MarketFHE Application
Areas
EmbeddedSupportStates in Scope
Primary NAICS Codes:
• 3344 - Semiconductor and Other
Electronic Component Manufacturing
• 3345 - Navigational, Measuring,
Electromedical and Control Instruments
Manufacturing
• 3332 - Semi-Conductor Machinery
Manufacturing
Secondary NAICS Codes:
• 3391 - Medical equipment and supplies
manufacturing
• 3231 – Commercial printing
• 333 – Machinery Manufacturing
Products Enabled
• FHE films that monitor structural
integrity in automotive, aircraft and
civil infrastructure
• Bandages that monitor biomarkers
and administer medicine
• Patches that monitor and alert for
medical crises
• Human Health & Performance
Monitoring Systems
• Asset & Environmental Monitoring
Systems
• Specialized: Soft Robotics and
Integrated Array Antennas
• Collaborative efforts with other
institutes on projects for integrated
technology
NextFlex
California Manufacturing Technology Consulting
Progress of Institute:• HQ building with 10,000ft2 Class
10K clean room
• 24 Project Calls Awarded for PC-
1&2; PC-3 closed 31Aug2017
Membership Model for SMMs:• Exploring engagement models
Sustainability Model:• Addressing supply chain
• Contract prototype, small & pilot
production runs
• WFD training at high schools &
community colleges
• NRE funded by commercial
enterprises & government orgs.
Technology Aspects:• Combining flexible substrates and
conductive interconnect with
semiconductors
• Substrates for low temp, high
volume apps: paper, PEN, PET
• Substrates for high temp apps: thin
glass, thin ceramic, thin foil
• Autonomous intelligent sensors for
IIOT apps
Manufacturing USA
Technology Advancements
Beginning to see affordable technologies for SMMs in robotics and smart manufacturing
Reliant on technology to increase productivity and competitiveness
Automation is the extension of Lean
Attacks are becoming common place. Hacking is a fact of life.
Cyber Attacks on the Rise!
Cyber Security
Estimated Losses
Globally- $400B-$1T
USA- $120B/annually
National Risk (Homeland Security)
International Terror
Cyber Attack
International Military Crises
Major accidents or disaster
60% of SMB cybercrime victims go out of
business within 6 months of attack (NCSA)
50% of all surveyed in 2014
reported being victims of cyber attacks. (National SBA)
70% of all targeted attacks struck
small to mid-sized organizations in 2016 (SMB Group)
50% of small and midsized businesses have fallen victim to ransomware
48% of those paid a ransom (2017 Ponemon Institute)
Cyber Attacks on the Rise!
Cyber Attacks on the Rise!
79% percent of small businesses do not have an incident response plan. Without one, you may never be able to fully recover when a cybersecurity incident becomes a reality.
75% of spear-phishing attacks in 2015 targeted businesses less than 250 employees.
53% of small businesses reported they do not allocate budget for risk mitigation services because they do not store valuable data, yet the majority of respondents reported they store email addresses (68%) and phone numbers (65%), along with other valuable Personal information.
56% of SMB’s are unprepared to identify and respond to a security event (EiQ Networks 2017)
75% of SMB’s admitted a small-to-nonexistent IT security staff, with zero to two employees dedicated to that role. (EiQ Networks 2017)
Real World Anecdotes
OH Manufacturing Company: CEO’s email account hijacked and makes request to CFO to send wire while he is on vacation.
Manufacturer in NJ: Put out RFP for components. Provided information about its products to bidders. Direct competitors in China stole their IP and were immediately in the market.
University of Washington: 90,000 patients data was stolen by hackers. Rich data for identity thieves.
Manufacturer in MI: Hit by ransomware 3 different times. Paid increasing amounts of ransom to decrypt files.
RANSOMWARE… MORE INFO
• Malware provisioned on your network that encrypts all of your organization’s files and demands a payment to for a decryption key.
• The infection typically happens in one of two ways: by clicking on a link or attachment in an email or via an exploit kit released by a compromised website.
• Ransomware authors will often leverage slight modifications, process injection, and other techniques to make their programs slip past antivirus security undetected. Once on a machine, ransomware searches the system for files to encrypt. Some ransomware target specific file types (for example: .docx, .xlsx, etc.).
• In many cases, encryption can occur in minutes or even seconds e.g. Chimera encrypted an entire network in 18 seconds. Files are rendered inaccessible and typically renamed with a new file extension that can sometimes signal which type of ransomware you’re dealing with.
• Once encryption is complete, a ransom or lock screen is displayed informing the user they have X amount of time to pay a fine (typically in the form of Bitcoin) in exchange for a decryption key. After that deadline the ransom will go up or the files will be destroyed.
- 26 -
RANSOMWARE RISK MITIGATION TIPS:
• Establish a third-party user education program on how to identify a phishing email.
• Shut down the ability for user terminals to share resources peer-to-peer.
• Implement a back-up strategy for personal data on external drives or virtual drives.
• Install a reputable antivirus program that will block a majority of known ransomware attacks.
• Never host an external-facing server on the same hardware as a database or data store.
• Ensure proper segmentation between web servers and database servers.
• Track vulnerability patch status of critical data servers and file shares.
• Make sure IT staff has a data back-up strategy for databases and file shares.
• Consider using secure third-party cloud or virtualized services for critical data storage and files shares offsite.
- 27 -
TIPS AND TRICKS
• Never open email from unknown senders
• Right click on email addresses to verify sender’s domain is legitimate, prior to opening an email message.
• When in doubt about an email and its intentions, call the sender to verify.
• Use two step verification / authentications
• If it’s being offered for free, it’s never free
• Use antimalware and antivirus products vs nothing
• Always update security when requested by legitimate publishers
• Back-up your data, use multiple places/locations.
• Back up your data offline when possible
• Do not download applications from unknown publishers or sites
• Never share USB keys/drives
• Do not open attachments in email messages from suspicious senders – verify sender and intentions
• Using mobile devices for browsing is just as risky as laptops for discovering malware and virus’s
• Check what ports are open on your network and their behaviors
• Segment your network for guest and internal users
• Public Wi-Fi networks are very risky for data protection on your devices – use a VPN
• Use a secure password manager for all your unique passwords
• Never use the same password 2x
• Physical spying takes place as much as digital spying, watch who is looking over your shoulder.
• No one is protected from being hacked, you are, will and have been hacked!
• Set strong privacy setting on your devices – you don’t want to overshare
- 28 -
TIPS AND TRICKS
• Java script in your browser is insecure, disable it!
• Always ask yourself questions about communications sent to you, be suspicious is the best practice.
• Use the best browser available from a security perspective, stay aware of exploits of browsers.
• Patch, patch, patch!
• Pay attention to mobile app permissions and access, some will access very private, personal and proprietary information you want to remain confidential.
• Clean up (delete) apps you don’t use
• Use device passwords to lock and encrypt the data wherever possible – losing a device is painful enough!
• Never leave devices set to default
• Change Wi-Fi passwords often and never repeat
• Don’t use names, birthdates, and phone numbers as passwords – be unique and complex
• Social media has risks associated with personal information – don’t feed the bad guys information they can use against you.
• Inventory your devices and their IP addresses on your network
• Remove any devices that are end-of-life from their manufacturer from your network – they are attack points
• Log-out of services like banking when your done with your business.
• Don’t store UID/PW in cookies on devices, just don’t do it
• IoT is pretty cool, but, make sure you manage these IoT devices with the same care as your computer.
- 29 -
Cyber Security
Reluctance of Private Industry
Cost
Not me
Unknowns
Government Intervention
National defense Authorization Act
DFARS
NIST- 800-171
Will evolve to other private industry
Assessment is important
Thank you