healthcarereimagined

Top military health officials recently highlighted the importance of maintaining premium care for patients at a time when information technology systems are changing rapidly across the Military Health System.

Speaking at the Health Information Management Systems Society conference in Orlando, Florida, in March, Dr. Barclay Butler, the Defense Health Agency’s assistant director of management, spoke about the intricacies of institutional transformation, especially standardization and consolidation.

“This transformation changes everything,” Butler said. “Everything except the care of our patients.”

Butler said the DHA is placing a high priority on protecting staff from burnout while focusing on their goals and patient care.

Following Dr. Butler’s presentation was a briefing from Lance Scott, the program manager for the Defense Medical Information Exchange program, and Crystal Baum, the Joint Health Information Exchange product owner for the Federal Electronic Health Record Modernization Office.

They talked about optimizing and expanding the joint health information exchange. They highlighted specific programs underway such as the effort to use natural language processing to make searching easier for providers. They also talked about the retirement of older software systems and what that really looks like in practice.

The conference’s second day featured a panel discussion on “Experiencing, Enhancing, and Evolving Federal Electronic Health Records.” Experts talked about how systems like MHS GENESIS foster innovation and improve responsiveness.

Pat Flanders, DHA’s chief information officer and the deputy assistant director for information operations, said that often there are the “haves and the have-nots when it comes to [Military Treatment Facilities], and the smaller MTFs wonder why they don’t have access to the same systems and opportunities. A standardized electronic health record bridges that gap.”

Meanwhile, Holly Joers, program executive officer for Defense Healthcare Management Systems, said deploying the standardized electronic health records is a team effort. “Our success as a team relies on doing this with commanders on the ground,” she said. “Not to them or for them. But with them.”

Flanders recalled his own military retirement as a difficult process involving a three-month search to locate his health records. In the future, however, Flanders said he hopes others will be able to complete that same process by just checking a box on the computer.

The conference’s second day concluded with Army Lt. Gen. Ron Place, the DHA’s director, providing keynote remarks and a briefing entitled, “Clear and Present Danger.” Place began by noting that human beings aren’t perfect, but technology can be a solution to reduce human error. “Done right, health IT can make doing the right thing the easy thing,” said Place.

The director closed his remarks by reminding the audience that the single most important factor that determines whether an injured or wounded service member survives isn’t the talented combat surgeon or doctor back home, but “the skills of the medics and corpsmen who treat the fallen soldier, sailor, airman, or Marine on the battlefield [where] technology, communication and rapid evacuation may not be available.”

Place emphasized that although “we utilize technology to train our medical teams and to outfit our home stations, deployed hospitals and clinics … our most important tool is the medic or the corpsman stepping out into the unknown, unafraid, with the skills gained through training and experience – the sets and reps needed to hone those skills.

The final day of DHA engagement at the HIMSS conference closed with motivational words from Dr. Brian Lein, the DHA’s assistant director for healthcare administration.

Lein provided a frank and illuminating brief on “Developing the Military Medical Digital Patient Experience.” He issued a stark reminder for all those working within the MHS. “There’s no other healthcare system in the world that has our mission. We have to focus on readiness first,” Lein said.

While discussing the future of digital health care in the era of COVID-19 and the use of electronic health records, he declared “we cannot optimize until we standardize.”

Article link: https://health.mil/News/Articles/2022/04/05/How-Health-IT-Upgrades-are-Transforming-the-Military-Health-System

Years ago, surgeons removed patients’ gall bladders by making a large incision and cutting through abdominal muscles. If the procedure went well, the patient went home about 10 days later.

Fortunately, those days are over. Thanks to new medical technology, today most gall bladder patients can go home the same day of their surgery. Typically they’re eating and back to their daily routine in three to five days.

Health care has come a long way in recent years, thanks to technology, innovation and unexpected challenges like the COVID-19 pandemic. Dr. Brian Lein, the Defense Health Agency’s assistant director of healthcare administration, cited the gall bladder example and pointed to an array of advancements in surgical techniques when he spoke at a recent presentation on the role of military hospitals and clinics in the next decade.

“Facing almost three years of a global pandemic has completely reshaped how it is that we do medicine,” he said. Lein spoke at a virtual event hosted by AMSUS, the Society of Federal Health Officials, on Feb. 23.

The explosion of capabilities includes robots in the operating room, the expansion of virtual health care and virtual encounters, remote patient monitoring and artificial intelligence, he said.

At the same time, the COVID-19 pandemic has made the entire Military Health System more flexible and agile, more receptive to change and innovation.

For example, “we know patients recover better at home,” he said. “You’re sleeping in your own bed. You’re eating your own food. You’re not tripping over stuff going to your bathroom because you’ve walked to that bathroom for the last 30 years. And you have one nurse taking care of you, so there’s no concern about different kinds of medications or medication errors.”

Lein’s role at DHA involves planning and managing health care facilities as well as implementing changes that affect health care delivery and administration. He foresees a “huge increase in a mixture between what used to be purely inpatient care to what is now often outpatient care.”

For example, he explained “we are at the very infancy of artificial intelligence and machine learning.” Those technologies are never going to replace physicians. But they are going to augment physicians’ abilities to do their job, he said.

“They’re going to help make decisions for me. They’re going to advise me on the best recommendations that are out there based upon gathering of millions upon millions of data points that I may not even be aware of as the provider taking care of a patient,” he said.

“Now, that doesn’t mean that we should ever take away the face-to-face encounters with our patients,” Lein said. “As a provider, I can tell you, I pick up on a lot of things when I have patients in the office, so we can never take that away.”

But for most visits that only require medication refills and routine checks, he said, increasing the use of virtual encounters might be better for everyone involved.

Recalling his experience as a surgeon, Lein said he would operate on someone and send them home, but need to see them again soon afterward to make sure they were progressing as expected.

“Often their spouse had to put them in the car. They were uncomfortable riding in the backseat of the car because the seatbelt hurts. And then they get in to see me and all I do is look at them and say: ‘Hey, you’re good to go. Come back and see me in a couple of weeks.'”

Doctors don’t need to do that anymore, he said. “We’ve learned over the course of COVID that a lot of the consultations that we need don’t necessarily need to be face-to-face.”

However, “what will never change in the military [hospitals and clinics] is our responsibility for readiness, the readiness of the soldiers, sailors, airmen, Marines and guardians on the installations that we support, and the readiness of the medical force that works in those military [hospitals and clinics],” he said. “That’s been a hallmark of military [hospitals and clinics] since they were first established.”

As he looks toward the future, Lein said the Military Health System will make sure that the core functions of the military hospitals prioritize the readiness of individuals.

“What we considered ready versus non-ready 10 years ago has markedly changed based upon health care delivery, health care options, and innovations,” he said.

“We’ve got to change with the times.”

Article link: https://health.mil/News/Articles/2022/03/23/Top-Military-Health-Care-Leader-Looks-to-the-Future-of-Medicine

NVIDIA cuQuantum debuts with an expanding ecosystem and a collaboration building the programming model for tomorrow’s most powerful systems.

March 22, 2022 by TIMOTHY COSTA

We’re working with leaders in quantum computing to build the tools developers will need to program tomorrow’s ultrahigh performance systems.

Today’s high-performance computers are simulating quantum computing jobs at scale and with performance far beyond what’s possible on today’s smaller and error-prone quantum systems. In this way, classical HPC systems are helping quantum researchers chart the right path forward.

As quantum computers improve, researchers share a vision of a hybrid computing model where quantum and classical computers work together, each addressing the challenges they’re best suited to. To be broadly useful, these systems will need a unified programming environment that’s efficient and easy to use.

We’re building this onramp to the future of computing today. Starting with commercially available tools, like NVIDIA cuQuantum, we’re collaborating with IBM, Oak Ridge National Laboratory, Pasqal and many others.

A Common Software Layer

As a first step, we’re developing a new quantum compiler. Called nvq++, it targets the Quantum Intermediate Representation (QIR), a specification of a low-level machine language that quantum and classical computers can use to talk to each other.

Researchers at Oak Ridge National Laboratory, Quantinuum, Quantum Circuits Inc., and others have embraced the QIR Alliance, led by the Linux Foundation. It enables an agnostic programming approach that will deliver the best from both quantum and classical computers.

Researchers at the Oak Ridge National Laboratory will be among the first to use this new software.

Ultimately, we believe the HPC community will embrace this unified programming model for hybrid systems.

Ready-to-Use Quantum Tools

You don’t have to wait for hybrid quantum systems. Any developer can start world-class quantum research today using accelerated computing and our tools.

NVIDIA cuQuantum is now in general release. It runs complex quantum circuit simulations with libraries for tensor networks and state vectors.

And our cuQuantum DGX Appliance, a container with all the components needed to run cuQuantum jobs optimized for NVIDIA DGX A100 systems, is available in beta release.

Researchers are already using these products to tackle real-world challenges.

For example, QC Ware is running quantum chemistry and quantum machine learning algorithms using cuQuantum on the Perlmutter supercomputer at the Lawrence Berkeley National Laboratory. The work aims to advance drug discovery and climate science.

An Expanding Quantum Ecosystem

Our quantum products are supported by an expanding ecosystem of companies.

For example, Xanadu has integrated cuQuantum into PennyLane, an open-source framework for quantum machine learning and quantum chemistry. The Oak Ridge National Lab is using cuQuantum in TNQVM, a framework for tensor network quantum circuit simulations.

In addition, other companies now support cuQuantum in their commercially available quantum simulators and frameworks, such as the Classiq Quantum Algorithm Design platform from Classiq, and Orquestra from Zapata Computing.

They join existing collaborators including Google Quantum AI, IBM, IonQ and Pasqal, that announced support for our software in November.

Article link: https://blogs.nvidia.com/blog/2022/03/22/hybrid-quantum-computing-ecosystem/?

Learn More at GTC

Register free for this week’s GTC, to hear QC Ware discuss its research on quantum chemistry.

It’s among at least ten sessions on quantum computing at GTC. And to get the big picture, watch NVIDIA CEO Jensen Huang’s GTC keynote here.

OFFICE OF THE SPOKESPERSON

APRIL 4, 2022

The Department is pleased to announce that the Bureau of Cyberspace and Digital Policy (CDP)began operations today. A key piece of Secretary Blinken’s modernization agenda, the CDP bureau will address the national security challenges, economic opportunities, and implications for U.S. values associated with cyberspace, digital technologies, and digital policy.

The CDP bureau includes three policy units: International Cyberspace Security, International Information and Communications Policy, and Digital Freedom. Ultimately, the bureau will be led by a Senate-confirmed Ambassador-at-Large. Starting today, Jennifer Bachus, a career member of the Senior Foreign Service, is serving as Principal Deputy Assistant Secretary for the CDP bureau. PDAS Bachus will serve as Senior Bureau Official until an Ambassador-at-Large is confirmed. Michele Markoff is serving as Acting Deputy Assistant Secretary for International Cyberspace Security, Stephen Anderson is serving as Acting Deputy Assistant Secretary for International Information and Communications Policy, and Blake Peterson is serving as Acting Digital Freedom Coordinator.

The Department appreciates the service and collaboration of all who will work with and within the CDP bureau in the coming months and years to empower it to achieve its vital mission.

Article link: https://www.state.gov/establishment-of-the-bureau-of-cyberspace-and-digital-policy/

By ALEXANDRA KELLEYAPRIL 1, 2022

Officials from several different government offices say their modernization efforts prioritize data integration for improved internal and external sharing.

Data integration is a top priority for the National Institutes of Health’s modernization efforts, with an emphasis on interoperability. 

Susan Gregurick, the associate director for Data Science and Director of the Office of Data Science Strategy at the NIH, discussed her office’s initiatives on creating a solid infrastructure to share public health data. 

“We need to think more in terms of data as an infrastructure and ways that we can provide the agnostic functionality and tools to mainly improve interoperability of data and those products,” she said during a virtual conference.

Gregurick discussed the various collaborations and advanced in data science and technology prompted by COVID-19, and how the latest NIH initiatives have run on extracting and scaling data to share between offices and sites, including information on medical histories, demographics, COVID-19 cases and immunization records. 

She added that the very large volumes of data and data sets make scalability between offices a critical part of business operations within the NIH.

“The overall goal is to provide a modernized, integrated biomedical data ecosystem, and that sounds super easy, but actually, it’s really not,” Gregurick said. “It’s quite challenging because of the diversity of science across NIH and the diversity of needs and capabilities. An overall one size fits all strategy is very, very challenging.”

Other public officials spoke to public health agencies’ prioritization of interoperability, particularly in regards to the electronic health care records deployment. 

Mary Greene, the director of Office of Burden Reduction & Health Informatics at the Centers for Medicare and Medicaid Services, said that automation is her agency’s plan to help seamlessly shuffle data from one user interface to another. 

“The smarter EHRs are, the more tools that they have within the EHR, to pre-populate whatever that data needs to be sent––whether that data is in the clinical systems or the administrative systems of that particular provider,” Greene said. “That is a huge, huge part of the potential reduction in burden for clinicians.”

Gregurick noted that the NIH has spent “an enormous amount of time and energy” creating datasets that are more ready to be integrated into systems bolstered by artificial intelligence. She added that scalability is still challenging, partially due to the current data governance in place regulating sharing and aggregation. 

“It’s more of a challenge to the policy side,” she said. “Policies are just not set up for this way of thinking about data and infrastructure and data aggregation, so we’re working and much more work will need to be done to update in and think about data policies and governance in a world where data is the key factor.”

Article link: https://www.nextgov.com/analytics-data/2022/04/public-health-agencies-seek-more-data-interoperability/363896/

March 10, 2022

Contributor: Jordan Turner

Prompted by Russia’s invasion of Ukraine, business leaders need to prepare for heightened risk.

In short:

• As Russia’s invasion of Ukrainecontinues, the threat of attacks to critical infrastructure and businesses grows.
• Although security and risk leaders bear the brunt of cyberthreat planning and management, all business leaders must prepare for the heightened risk and increase their organization’s cybersecurity readiness.
• These 10 articles outline many of the key issues. 

Given the current climate, it’s vital that executives understand the range of cybersecurity issues — and the magnitude of chaos these attacks can create. Cyberattacks already cost organizations billions of dollars in ransom and lost income every year, not to mention the risk to human lives if critical infrastructure fails. 

Download now: 3 Must-Haves in Your Cybersecurity Incident Response Plan

How organizations think about cybersecurity plays a vital role in business and productivity. This roundup of Gartner articles on the topic offers guidance on ransomware, building a robust security and risk program, and insight into questions from the board. 

Whose Job Is It to Manage Cybersecurity? Hint: Stop Pointing at the CIO

Cybersecurity is a business risk, not just an IT problem. And yet many organizations have yet to change their culture of accountability. The CIO or CISO still carry primary responsibility for cybersecurity in 85% of organizations that responded to the Gartner View From the Board of Directors Survey 2022. Take a look at these five questions to get an initial sense of how prepared your business is to share responsibility for cybersecurity with IT. Read the article.

8 Ways You Could Be Inviting a Cybersecurity Attack

There are often systemic and cultural issues between IT and non-IT executives that leave organizations exposed to cybersecurity attacks. All business leaders must prioritize cybersecurity to stay out of the headlines. You can reduce the risk of cyberattacks by addressing these leading causes of failure within your organization. Read the article.

5 Security Questions Your Board Will Inevitably Ask 

“But how did this happen?” is just one of a million questions CISOs and security leaders will hear after informing the board of a breach or attack. Boards are increasingly savvy about cybersecurity risks, and directors recognize how important security and risk strategy is to ensuring that the business functions properly. As billion-dollar ransomware stories pile up in the news, these conversations become even more important. CISOs need to be prepared for questions they will inevitably have to answer. Read the article.

6 Ways to Defend Against a Ransomware Attack

Many organizations end up paying massive amounts of money to their attackers, often through cyberinsurance protection, but the long-term effect is likely to be more ransomware attacks. Instead of building ransomware payments into the budget, organizations should focus on preparation and early mitigation. Chief information security officers (CISOs) and other cybersecurity leaders can focus on six actions to prepare for ransomware attacks before they happen — from conducting initial ransomware assessments to enforcing governance and educating users on ransomware response actions. Read the article. 

Download now: The IT Roadmap for Cybersecurity

Develop a Security Strategy for Cyber-Physical Systems 

Cyber-physical systems (CPS) process more than information; they manage and optimize physical outcomes, from individual processes to entire ecosystems. Protecting against attacks on these systems requires a different approach to risk and security. In a recent Gartner survey, security and risk leaders ranked the Internet of Things(IoT) and cyber-physical systems as their top concerns for the next three to five years. Although attacks on cyber-physical systems are not a new idea, attackers can now use ransomware to halt logistics operations and disrupt physical production. In this world, technologies like drones, smart grids and autonomous vehicles become dangerous targets. Read an article.

3 Planning Assumptions for Securing Cyber-Physical Systems of Critical Infrastructure

Concerns for the security of CPS in critical infrastructure are growing. The risks are significant and real. Attacks can be catastrophic, but may go unnoticed for years as attackers wait to strike. Governments worldwide are mandating more security controls for mission-critical cyber-physical systems. Security and risk management leaders can lean on Gartner predictions to plan ahead for potential risks. Read the article.

Why Critical Infrastructure Attacks Are Everyone’s Problem — Especially Now

Every executive and every business in every country relies on critical infrastructure throughout daily life — like energy, water, healthcare, food and agriculture. Not only are each of these sectors critical to the appropriate functioning of modern societies, but they are also interdependent, and an attack on one can have a direct impact on others. Learn why every business is a target and what CISOs should do to establish resilient business operations in a high-risk environment. Read the article.

4 Metrics That Prove Your Cybersecurity Program Works

When an organization suffers a data breach or other cybersecurity incident, it is not judged by whether it had a low number of vulnerabilities or if it spent enough on security tools. The question is whether it did the right thing based on its budget, size and needs. The following are types of security metrics to include in a dashboard to help prove to key stakeholders, such as regulators, customers and shareholders, that you met the duty of care. Read the article.

3 Actions Help You Train More Cybersecurity Savvy Employees

How many employees completed your last cybersecurity awareness training? How many clicked on your test phishing bait? Employees must be controls that detect and resist social engineering attacks, and it’s up to security leaders to provide them with the information and know-how to better defend against these attacks. Take these 3 actions to bolster the effectiveness of security awareness programs. Read the article.

The Top 8 Cybersecurity Predictions for 2021-2022

“How do we make sure our consumers aren’t physically harmed by rogue agents?” That’s the kind of question security and risk leaders need to predict and plan for in the future. The number and sophistication of security breaches is rising, putting security at the forefront of business decisions. Build these strategic planning assumptions into your roadmap for the year ahead. Read the article.

Article link: https://www.linkedin.com/posts/gartner_gartnersec-cybersecurity-activity-6916042330697297920-KMcf?

SECURITYMAR 30, 2022 4:00 PM

Lapsus$ and the group behind the SolarWinds hack have utilized prompt bombing to defeat weaker MFA protections in recent months.

MULTIFACTOR AUTHENTICATION (MFA)is a core defense that is among the most effective at preventing account takeovers. In addition to requiring that users provide a username and password, MFA ensures they must also use an additional factor—be it a fingerprint, physical security key, or one-time password—before they can access an account. Nothing in this article should be construed as saying MFA isn’t anything other than essential.

Ars Technica

This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED’s parent company, Condé Nast.

That said, some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors(like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection.

Enter MFA Prompt Bombing

The strongest forms of MFA are based on a framework called FIDO2, which was developed by a consortium of companies to balance security and simplicity of use. It gives users the option of using fingerprint readers or cameras built into their devices or dedicated security keys to confirm that they are authorized to access an account. FIDO2 forms of MFA are relatively new, so many services for both consumers and large organizations have yet to adopt them.

That’s where older, weaker forms of MFA come in. They include one-time passwords sent through SMS or generated by mobile apps like Google Authenticator or push prompts sent to a mobile device. When someone is logging in with a valid password, they also must either enter the one-time password into a field on the sign-in screen or push a button displayed on the screen of their phone.

It’s this last form of authentication that recent reports say is being bypassed. One group using this technique, according to security firm Mandiant, is Cozy Bear, a band of elite hackers working for Russia’s Foreign Intelligence Service. The group also goes under the names Nobelium, APT29, and the Dukes.

“Many MFA providers allow for users to accept a phone app push notification or to receive a phone call and press a key as a second factor,” Mandiant researchers wrote. “The [Nobelium] threat actor took advantage of this and issued multiple MFA requests to the end user’s legitimate device until the user accepted the authentication, allowing the threat actor to eventually gain access to the account.”

Lapsus$, a hacking gang that has breached Microsoft, Okta, and Nvidia in recent months, has also used the technique

“No limit is placed on the amount of calls that can be made,” a member of Lapsus$ wrote on the group’s official Telegram channel. “Call the employee 100 times at 1 am while he is trying to sleep, and he will more than likely accept it. Once the employee accepts the initial call, you can access the MFA enrollment portal and enroll another device.”

The Lapsus$ member claimed that the MFA prompt-bombing technique was effective against Microsoft, which earlier this week said the hacking group was able to access the laptop of one of its employees.

“Even Microsoft!” the person wrote. “Able to login to an employee’s Microsoft VPN from Germany and USA at the same time and they didn’t even seem to notice. Also was able to re-enroll MFA twice.”

Mike Grover, a seller of red-team hacking tools for security professionals and a red-team consultant who goes by the Twitter handle _MG_, told Ars the technique is “fundamentally a single method that takes many forms: tricking the user to acknowledge an MFA request. ‘MFA Bombing’ has quickly become a descriptor, but this misses the more stealthy methods.”

Methods include:

• Sending a bunch of MFA requests and hoping the target finally accepts one to make the noise stop.
• Sending one or two prompts per day. This method often attracts less attention, but “there is still a good chance the target will accept the MFA request.”
• Calling the target, pretending to be part of the company, and telling the target they need to send an MFA request as part of a company process.

“Those are just a few examples,” Grover said, but it’s important to know that mass bombing is NOT the only form this takes.”

In a Twitter thread, he wrote, “Red teams have been playing with variants on this for years. It’s helped companies fortunate enough to have a red team. But real world attackers are advancing on this faster than the collective posture of most companies has been improving.”

Other researchers were quick to point out that the MFA prompt technique is not new.

“Lapsus$ did not invent ‘MFA prompt bombing,’” Greg Linares, a red-team professional, tweeted. “Please stop crediting them … as creating it. This attack vector has been a thing used in real world attacks 2 years before lapsus was a thing.”

Good Boy, FIDO

As noted earlier, FIDO2 forms of MFA aren’t susceptible to the technique, as they’re tied to the physical machine someone is using when logging in to a site. In other words, the authentication must be performed on the device that is logging in. It can’t happen on one device to give access to a different device.

But that doesn’t mean organizations that use FIDO2-compliant MFA can’t be susceptible to prompt bombing. It’s inevitable that a certain percentage of people enrolled in these forms of MFA will lose their key, drop their iPhone in the toilet, or break the fingerprint reader on their laptop.

Organizations must have contingencies in place to deal with these unavoidable events. Many will fall back on more vulnerable forms of MFA in the event that an employee loses the key or device required to send the additional factor. In other cases, the hacker can trick an IT administrator into resetting the MFA and enrolling a new device. In still other cases, FIDO2-compliant MFA is merely one option, but less secure forms are still permitted.

“Reset/backup mechanisms are always very juicy for attackers,” Grover said.

In other cases, companies that use FIDO2-compliant MFA rely on third parties to manage their network or perform other essential functions. If the third-party employees can access the company’s network with weaker forms of MFA, that largely defeats the benefit of the stronger forms.

Even when companies use FIDO2-based MFA everywhere, Nobelium has been able to defeat the protection. That bypass, however, was possible only after the hackers completely compromised a target’s Active Directory, the heavily fortified database tool that network admins use to create, delete, or modify user accounts and assign them privileges to access authorized resources. That bypass is beyond the scope of this post because once an AD is hacked, it’s pretty much game over.

Again, any form of MFA is better than no use of MFA. If SMS-delivered one-time passwords are all that’s available—as fallible and distasteful as they may be—the system is still infinitely better than having noMFA. Nothing in this post is intended to say that MFA isn’t worth the hassle.

But it’s clear that MFA on its own is not enough, and it hardly constitutes a box that organizations can check and be done with it. When Cozy Bear found these loopholes, no one was especially surprised, given the group’s infinite resources and top-notch tradecraft. Now that teenagers are using the same techniques to breach companies as powerful as Nvidia, Okta, and Microsoft, people are beginning to recognize the importance of using MFA correctly.

“While it may be tempting to dismiss LAPSUS$ as an immature and fame-seeking group,” reporter Brian Krebs of KrebsOnSecurity wrote last week, “their tactics should make anyone in charge of corporate security sit up and take notice.”

MFA prompt bombing may not be new, but it’s no longer something that companies can ignore.

Article link:https://www.wired.com/story/multifactor-authentication-prompt-bombing-on-the-rise/

This story originally appeared onArs Technica.

Clara Holoscan MGX Medical-Grade Platform With NVIDIA Orin and NVIDIA AI Software Stack Powers Systems Built by Embedded-Computing Leaders

GTC—NVIDIA today introduced Clara Holoscan MGX™, a platform for the medical device industry to develop and deploy real-time AI applications at the edge, specifically designed to meet required regulatory standards.

Clara Holoscan MGX expands the Clara Holoscan platform to provide an all-in-one, medical-grade reference architecture, as well as long-term software support, to accelerate innovation in the medical device industry. It brings a new level of sensor innovation to edge computing by processing high-throughput data streams for real-time insights. From robotic surgery to studying new approaches to biology, surgeons and scientists need medical devices to evolve into continuous sensing systems to research and treat disease.

“Deploying real-time AI in healthcare and life sciences is critical to enable the next frontiers in surgery, diagnostics and drug discovery,” said Kimberly Powell, vice president of healthcare at NVIDIA. “Clara Holoscan MGX, with its unique combination of AI, accelerated computing and advanced visualization, accelerates the productization of AI and provides software-as-a-service business models for the medical device industry.”

As part of Clara Holoscan MGX, NVIDIA provides hardware reference design with long-life NVIDIA components and 10-year long-term software support, including IEC62304 documentation for software and IEC60601 attestation reports from embedded computing partners.

Advantech, Dedicated Computing, Kontron, Leadtek, MBX Systems, Onyx Healthcare, Portwell, Prodrive Technologies, RYOYO Electroand Yuan High-Tech will be the first embedded-computing manufacturers to build products based on the Clara Holoscan MGX reference design to serve the needs of the global medical device industry.

Some of the largest medical devices makers and dozens of robotic surgery and medical imaging startups are already developing on the Clara Holoscan platform.

Product Specifications
Clara Holoscan MGX brings together the high-performance NVIDIA Jetson AGX Orin™ Industrial module, NVIDIA RTX™ A6000 GPU and NVIDIA ConnectX-7^®SmartNIC network adapter into a scalable AI platform providing up to 254-619 trillion operations per second of AI performance.

For high-throughput instruments, ConnectX-7 provides up to 200 GbE bandwidth and a GPUDirect^® RDMA path to GPU processing, which helps enable faster processing. It also integrates the latest in embedded security with a safety and security module, consisting of controllers to monitor critical operations, provide remote software updates and system recovery, and hardware root of trust to provide state-of-the-art embedded security.

Medical device makers can directly embed Clara Holoscan MGX or connect to the existing install base of medical devices, which allows developers to accelerate AI deployment and regulatory clearance.

The Clara Holoscan SDK is specifically designed for high-performance streaming applications to build the next generation of software-defined instruments. It brings together pretrained models, as well as a framework for scalable microservices, to allow applications to be managed and deployed both on device and on the edge data center, ushering in the software-as-a-service business model for the industry.

Clara Holoscan extends from medical devices to NVIDIA edge servers to NVIDIA DGX™ systems in the cloud or the data center.

Clara Holoscan developer kits are available today. Join the interest list for Clara Holoscan MGX to get notified about availability.

To learn more about Clara Holoscan MGX, watch the GTC 2022 keynote from NVIDIA CEO Jensen Huang. Register for GTC for free to attend sessions with NVIDIA and industry leaders.

Article link: https://nvidianews.nvidia.com/news/nvidia-launches-ai-computing-platform-for-medical-devices-and-computational-sensing-systems/?

By Colin Demarest

Mar 29, 04:51 PM

WASHINGTON — A hefty workload and other procurement factors have delayed awards for the Pentagon’s latest enterprise cloud effort, known as the Joint Warfighting Cloud Capability.

Contracts for the follow-up to the Defense Department’s infamous JEDI venture are now expected at the end of the year, not April as originally advertised, according to Chief Information Officer John Sherman.

“As we’ve gotten into this and leaned into it with four vendors, we recognized that our schedule was maybe a little too ahead of what we thought, and that now we’re going to wrap up in the fall. And we’re aiming to award in December,” Sherman said during a March 29 briefing.

Sherman also revealed that JWCC could be worth up to $9 billion.

“This was not a guess. This was based on actual workflows and anticipated workloads to the cloud,” Sherman explained. “But that’s why we came up with this $9 billion ceiling. And that’s not a guaranteed amount by any stretch. It is just that, a ceiling.”

Proposals are under review. The Defense Department approached Amazon, Google, Microsoft and Oracle last year. Officials said talks between government and vendors have been substantial and positive. Sherman would not say if he expected fewer than four deals to be made, citing procurement sensitivities.

The decision to push things back was made in recent weeks, as the scope of what still had to be accomplished came into focus.

“It’s just going to take us a little bit longer than we thought,” said Sherman, who emphasized that things were going well. “And, from my CIO seat, I’ve told the team we’re going to make sure we do this right, take the time that they need, so we can stick the landing on this, given the imperative of what JWCC is for the Department of Defense.”

The Joint Warfighting Cloud Capability is meant to plug a hole in the Pentagon’s cloud powers, spanning unclassified, secret and top-secret classifications and stretching to the military’s farthest edge.

“Nothing in the department meets this requirement at the current time, what I just described to you,” Sherman said.

Initial JWCC contracts will comprise a three-year base with one-year options, according to the chief information officer. A “full and open” competition for a future multi-cloud environmentwill follow, he added.

The Defense Department axed JWCC’s predecessor, JEDI, or Joint Enterprise Defense Infrastructure, in 2021 after years of delays. The potential $10 billion program was plagued by legal challenges and allegations of political interference.

“JEDI, conceived with noble intent and a baseline now several years old, was developed at a time when the department’s needs were different and our cloud conversancy less mature,” Sherman said in a statementat the time. “The JWCC’s multi-cloud environment will serve our future in a way that JEDI’s single award, single cloud structure simply cannot do.”

Article link: https://www.c4isrnet.com/battlefield-tech/it-networks/2022/03/29/pentagon-slows-9-billion-cloud-competition-citing-more-work-to-be-done/

About Colin Demarest

Colin Demarest is a reporter at C4ISRNET, where he covers networks and IT. Colin previously covered the Department of Energy and its National Nuclear Security Administration — namely nuclear weapons development and Cold War cleanup — for a daily newspaper in South Carolina.

Most government digital service projects don’t need to scale to 100 million users per hour – but some do.

Kessel Run’s Bowcaster team recently provided Chaos Engineering services to GSA in order to help their Technology Transformation Services (TTS) cloud.gov ( Technology team scale its capacity from 50,000 to 100 million users an hour.

Press Release

BOSTON (30 March 2022) – Today, Kessel Run and the U.S. General Services Administration’s Technology Transformation Services (TTS) unveiled a collaboration that developed a capability able to host 100 million digital users an hour.

The successful partnership is a proof of concept for future website development. The government-wide approach demonstrates how federal agencies can come together to improve customer experience and enhance digital capabilities for the benefit of the public.

“This is a great example of an interagency collaboration yielding concrete, scalable results and governmentwide benefits,” said Dave Zvenyach, TTS Director. “The capability developed as a result of this partnership is another milestone in our efforts to improve digital service delivery and ensure an effective, equitable, and secure digital infrastructure for the public.”

TTS’ cloud.gov team built and maintains a shared platform that can support large spikes in usage, and offers an easy and efficient way for agencies to manage their digital solutions. Kessel Run’s Bowcaster team provided “Chaos Engineering” services to help cloud.gov scale its capacity to 100 million post requests an hour. Bowcaster provided load testing, penetration testing, and other services that helped ensure the cloud.gov platform could meet availability and resiliency requirements needed to highly trafficked applications as it was scaled up.

“Although typically government websites host thousands to tens of thousands of users an hour, cloud.gov is built to scale, allowing for increased seasonal demand or emergency needs,” said Lindsay Young, Acting Director of Cloud.gov. “This means any government agency can be ready for a surge or need that would amount to up to 100 million users/hour.”

“From a reliability and resilience perspective, we wanted to push the system to the limit, so we tossed everything including the kitchen sink at it,” said Omar Marrero, the Chaos and Performance Tech Lead, and Deputy Test Chief with Kessel Run. “Based on those steps they were able to re-architect their deployment to handle a surge, until we got to the point where we were able to blast it with the 100 million users without any issues.”

The collaboration took place over the course of 10 days, with all participants working remotely. This highlights both the speed and versatility agencies can achieve by working together.

“We can collaborate together and deliver these sorts of capabilities from anywhere,” said Marrero. “We proved that over the course of ten days helping cloud.gov develop this capability.” 

TTS applies modern methodologies and technologies to improve the lives of the public and public servants. This includes use of cloud.gov—an easy to use cloud hosting platform—as a service for hosting mission critical agency applications. Air Force Life Cycle Management Center, Detachment 12, also known as Kessel Run, has a proven track record in enhancing efficiency, saving cost, and modernizing the way the Air Force operates with its agile software development. With its user-centered approach to development, Kessel Run’s mission is to rapidly deliver combat capabilities to warfighters and revolutionize the Air Force software acquisition process.

“We can build the high-quality government services the American People deserve,” said Col. Brian Beachkofski, the Commander of Kessel Run. “By working together, the government can deliver high-quality services at the speed of need.”Air Force Life Cycle Management Center
Detachment 12, Kessel Run
Media and Communications Engagement

Article link: https://kesselrun.af.mil/news/Bowcaster-and-GSA.html