Federal Bureau of Investigation

Image of the seal of the US Department of Justice - click it to go to the  main US DOJ website

US Attorney's
Office - PA / Eastern

Managed and Produced by:

The Hollis 
Group, Inc.



Wednesday, 26 May 2004


Session I: IEEE-Based Verification, Validation, and Qualification of an Automated Clinical
                  Supply Facility

          Instructor: Barbara L. Meserve, VP, Quality Services, AccuLogix, LLP

Session II: Security Technology and Protocol: An Executive Briefing
          Instructor: Thomas Quinn, CISSP, AAA, President, The Hollis Group, Inc.


Thursday, 27 May 2004 

7:30 Continental Breakfast, Registration

9:00 Welcome

Keynote Address (Plenary)

Information Protection: An Executive Obligation

Life Sciences Committee Chair Peter Villax, VP, Pharma Division, Hovione SA
Hovione is one of the most successful and well-managed high-technology companies in Europe. Because of this, Hovione's corporate culture is widely studied and emulated. Hovione is also regarded as the "best in class" international supplier of many vital pharmaceutical compounds, including active ingredients and finished pharmaceuticals. Because of this widespread respect and admiration for its science and technology, Hovione's senior managers treat their stewardship of the company's information assets very seriously. Mr. Villax will describe how he has worked to create a company-wide commitment to assure the accuracy and continuity of life-safety-critical information. He will outline Hovione's continuous efforts to secure and protect the infrastructure that stores and delivers this information. Mr. Villax will also emphasize how a company’s philosophy of engineering excellence is a cost-effective business strategy.  

10:00 Refreshment Break

10:30 Special Session Tracks, Session 1

Session T1 - Threats and Solutions
Physical Security, the Last Line of Defense

Physical Threat Vectors: A Victim's Case Study
Brian Hausner, General Manager, Micron Technologies, Inc. is one of several people presenting a victim's case study. Micron Technologies is one of the world's foremost nexuses in active pharmaceutical ingredient (API) micronization theory and practice. Micron Technologies was the victim of armed robbery of its computer systems, including the data center hard disk storage arrays. Mr. Hausner will present a brief overview of the crime and discuss the follow-on disaster recovery and Micron's security upgrades to prevent future occurrences.

Travel and Physical Security in a Threat-Rich Environment
Pierre DeHail
, is the Chief Security Officer of MedAire, Inc., the international remote site medical provisioning and emergency medical extraction / treatment firm. Mr. DeHail is a former security section chief for the French Government. Mr. DeHail will discuss the physical security of Life Sciences/ Healthcare facilities.

Protecting Data in a World of Risk and Regulation
Michael J. Emmi
, Chairman and Chief Executive Officer, IPR International,
LLC,  Mr. Emmi will address various means of establishing adn maintaining off-site capabilities for disaster recovery.

Session M1 - Risk and Resource Management
Reducing Validation and Qualification Costs in Life Sciences IT

Linda Forstedt, Validation Manager, Amgen BV

Peter Villax, VP, Pharma Division, Hovione SA

This session will explore how validation has become one of the most significant cost drivers for in major IT projects (SAP, Documentum, JD Edwards, Labware, etc.) in the Life Sciences industries. These IT project veterans from pharmaceutical, biotech, and medical device industries will describe successful strategies for:

  • Risk assessment, considering companies' compliance reputation

  • Pragmatic verification, validation, and qualification scoping

  • Asset management for software and its underpinnings

  • Patches, upgrades, re-validation, support, training, etc.

  • Hidden benefits of early-phase QA involvement

  • Coping with contingencies and re-setting timelines realistically

  • Leveraging knowledge transfer to build down consulting costs

Session L2 - Legal and Regulatory
Legal Obligations of Records Providers

The Intersection of HIPAA and INFOSEC Technology
Russell M. Opland,
Chief Privacy Officer, University of Pennsylvania Health System, will discuss dealing with regulatory requirements and reality.

Current Legal Environment and Novel Risk Management
Eric Begun, Esq. will speak about the current state of legal thinking regarding data and computer security, and he will provide a novel perspective on the sources of regulations and legal requirements in the area and the potentially overwhelming task of managing the myriad of associated legal risks presented by these regulations and requirements.

Leveraging Law Enforcement Resources for Risk Reduction
James McIntosh, Senior Special Agent, FBI, (retired)
  Based upon this extensive law enforcement experience, Mr. McIntosh will focus on the benefits to business of being "law enforcement friendly." He will discuss the advantages of involving law enforcement early in any investigation, describe the Federal, State, and Local resources available to help businesses in security planning, and offer some sage advice on how to avoid becoming a information crime victim.

12:00 Buffet Luncheon

1:00 Special Session Tracks, Session 2

Session T2 - Threats and Solutions
Logical Security, the First Line of Defense

Logical Threat Vectors: A Victim's Case Study
Andrew Milligan
, PhD, President and Chief Executive Officer, Bionix Development Corp., will present a victim's case study. Bionix, a specialty medical device manufacturer, employs the principal investigator on a project funded by an NCI grant, to develop novel electro-mechanical cancer treatment devices. Concerned for the security of this proprietary and confidential research, the P.I. reported irregularities in her corporate e-mail accounts. Investigation revealed the culprit to be an electronics repair technician, working in another company department, who had masqueraded as a company official, convinced the ISP to supply passwords, and became an "e-mail snoop" and an Internet pornography fan. Dr. Milligan will discuss the real-life problems that this scenario caused, including how it jeopardized a landmark research program, resulted in serious sexual harassment liability, and consumed vast amounts of senior management time.

Human Threat Psychological Risk Evaluation
Dale Yeager
, President, SERAPH, Inc., is an internationally acclaimed expert in criminal profiling, forensic psychology, sex crime investigation, and crime scene forensics/procedures and terrorism analysis. He is the creator of and lead instructor for a dramatically effective program of "Human Threat Psychological Evaluation," that allows hiring managers to screen for behaviors that indicate trouble ahead. Mr. Yeager will describe techniques that working managers can use to avoid Dr. Milligan's situation.

Defending Against Skilled, Dedicated Insiders
Phil Grasso
, VP, Vormetric, Inc., is a seasoned veteran in the application of advanced technology to defending information infrastructures. In this lecture, Mr. Grasso will describe a security architecture that includes cryptographic defenses of data and program code within the enterprise. He will emphasize the capability of such an architecture to defend against an attack by a talented and determined insider.

Session M2 - Risk and Management
Balancing the Utility and the Security of Electronic Healthcare Records

Automated Healthcare Records: Current and Future States
Mark R. Anderson
, CPHIMS, FHIMSS, Healthcare IT Futurist and CEO, AC Group, Inc., is one of the nation's premier IT research futurists dedicated to health care. He has spent the last 30 years focusing on Healthcare – not just technology questions, but strategic, policy, and organizational considerations.  He tracks industry trends, conducts member surveys and case studies, assesses best practices, and performs benchmarking studies.

The Healthcare CIO's View of Information Assurance
George M. Brenckle,
CIO, University of Pennsylvania Health System

The Healthcare Administrator's View of Information Assurance
James E. Quinn
, MBA, Senior Business Administrator, Department of Dermatology, University of Pennsylvania Health System.

Session L2 - Legal and Regulatory
Regulatory Compliance Innovation

Integrating Security, Surveillance & IT in a Controlled Substance Facility
Barbara Meserv
e, VP / Quality Services, AccuLogix
AccuLogix, LLC takes a highly innovative, “sponsor integrated” approach to clinical systems logistics. Their state of the art clinical supplies facility in Bristol, PA includes project and product management, manufacturing, materials handling, quality assurance, and drug accountability in an integrated Logistics system. This system incorporates automated security and surveillance records into batch records. The system has been inspected and approved by the DEA as suitable for use with Schedule II substances. Ms. Meserve will discuss the novel approaches developed by AccuLogix to integrate computer automated environmental, security, surveillance, barcode, RFID, and electronic signature data into their custom-built logistics system.

Assuring 'National Security Grade' Healthcare Information Assets
Anthony Fiorito,
VP, Engineering, The Hollis Group, Inc. Mr. Fiorito is currently on full-time assignment as the VMS Systems Architect for Quest Diagnostic Services, the largest healthcare laboratory services company in the world. Mr. Fiorito will discuss the challenges of securing the infrastructure underlying such a massive and vital system against multiple threats. He will also describe the advantages that a “non-Windows” infrastructure provides to infrastructure engineers and architects, particularly in being able to provide “fault-resilient” systems.

Information Technology Geriatrics
L. Bruce McCulley, CISSP,
Managing Director, Cybernet Security, LLC, will discuss defenses against the only security threat that has a 100% probability of occurrence and a 100% scope of effect: Obsolescence. A member of Digital Equipment Corporation’s original PDP-11 / RSX-11 operating system design team, Mr. McCulley has an unparalleled expertise in regulated industry legacy system rescue and remediation. Based on his recent, successful PDP-11 relocation, upgrade, and re-validation for sterile operations, Mr. McCulley will describe options available to organizations still operating “venerable but useful” systems. He will also share his unique expertise in systems security for these “low sophistication” systems.

2:30 Refreshment Break

3:00 Plenary Sessions

Balancing e-Records Privacy, Security, and Utility in an
Environment of Threats, Liabilities, and Regulations


Richard Goldberg, Assistant US Attorney, Eastern District of Pennsylvania

Victim's Privacy Protection

Assistant US Attorney Richard Goldberg, one of the US Attorney's Office cybercrime experts will present a fascinating lecture on the substantial effort his office expends to protect the privacy of individual and corporate victims of cybercrime. He will discuss the extensive legal obligations for victim's privacy protection and the US Attorney's Office's policy that the "victim's welfare comes first." He will dispel a common misconception and reassure everyone that reporting a computer crime will NOT result in your company's name as tomorrow's headline.

Moderator: Kathleen McDermott, Esq.
Panelists: Rich Goldberg, Mark Anderson, Linda Forstedt, John Narvaez

Panel Discussion: This will be a professionally moderated expert and audience discussion focusing on real-world incidents that have jeopardized companies, individuals and public health. The session will be conducted in a "town hall meeting" format, and address federal criminal and regulatory statutes that impact corporate strategies for compliance and protecting critical information from falling into the wrong hands. 

5:00 Day One Sessions Conclude

Friday, 28 May 2004

    7:30 Continental Breakfast, Registration

    8:30 Plenary Session

The Probability, Scope, and Mitigation of the Bio-Weapons Threat 
to Life Sciences and Healthcare Information Infrastructure

Probability Estimation
George Robertson, PhD
., VP Science and Technology, PDA. Dr. Robertson has considerable experience in the biodefense industry, including service as a member of the United Nations' biological weapons inspection team in Iraq (1995) and as a participant in the U.S. Department of Defense teams searching for biological weapons in the former Soviet Union. He served on the Defense Intelligence Agency Advisory Committee of Experts, evaluating future chemical and biological weapon threats. Dr. Robertson will address the probabilities of realized WMD threats against high value targets in the US Life Sciences and Healthcare sectors.

Scope of the Effects
Col. David Ruff, CM, USAR
will discuss the physical, financial, and societal impacts of cleaning up after a chemical or biological attack. His comments will include labor, equipment, supplies, and schedule requirements for such an undertaking. With this knowledge, attendees will be able to include accurate WMD risk estimates in threat enumeration and evaluation sections of their disaster contingency plans.

Facility / Force Protection 
Col. Thomas P. Collins Army G-3 (HQ) will discuss the physical, financial, and societal impacts of cleaning up after a chemical or biological attack. His comments will include specific labor, equipment, supplies, and schedule requirements for such an undertaking. With this knowledge, attendees will be able to include accurate WMD remediation estimates in their disaster contingency plans.

NOTE: The Program Committee has had several consultations with leading experts in the field of WMD remediation. For national security reasons, all of these experts have been recalled to active duty. These officers and their commanders are dedicated to disseminating their critically-needed infrastructure assurance knowledge and are committed to supplying a lecturer. The Program Committee will let attendees know as soon as feasible if deployment schedules affect any US Army lecturer's attendance at the conference.

   10:00 Refreshment Break

   10:30 Special Session Tracks, Session A

Note: Special Sessions repeat, to afford participants
the opportunity to attend two tracks

Threats and Solutions
Physical Security, the Last Line of Defense

Risk and Resource Management
Reducing Validation and Qualification Costs in Life Sciences IT

Legal and Regulatory
Legal Obligations of Records Providers

   12:00 Buffet Luncheon

   1:00 Special Session Tracks, Session B

Threats and Solutions
Logical Security, the First Line of Defense

Risk and Management
Balancing the Utility and the Security of
Electronic Healthcare Records

Legal and Regulatory
Regulatory Compliance Innovation

   2:30 Refreshment Break

   3:00 Plenary Sessions

Personal Privacy for Clinical Study Participants

Panel discussion
George M. Brenckle,
CIO, University of Pennsylvania Health System, will discuss the challenges of providing confidentiality and reliability assurance in a heavily regulated IT environment.

Russell M. Opland, Chief Privacy Officer, University of Pennsylvania Health System will focus on the balance of privacy and accessibility of information, particularly when dealing with safety systems.

Keynote Address: 
Senator Arlen Specter, US Congress

The Program Committee has invited Senator Arlen Specter, Chairman of the Labor, Health and Human Services Subcommittee of the Senate Appropriations Committee, and a Member of the Terrorism, Technology and Homeland Security Subcommittee of the Judiciary Committee to speak at the conference. We have requested Senator Specter to synopsize his recent work in the areas of 'Identity Theft and Its Impact on Healthcare Systems' and 'Healthcare and Life Sciences Critical Infrastructure Protection.'

Based upon Senator Specter's availability, we will also invite other Members of Congress, and representatives from the Department of Homeland Security, local and federal law enforcement, and various regulatory agencies to discuss the critical issues of records security, personal privacy, and the cost burden to business, especially to small business. The Committee anticipates extensive government participation.

The Program Committee has invited Congressman Jim Gerlach, Member, House Committee on Transportation and Infrastructure, and Member, House committee on Small Business, to address the Conference. Rep. Gerlach is the author and sponsor of H.R. 3296, Prevent Identity Theft From Affecting Lives and Livelihoods Act (PITFALL). We have requested that Rep. Gerlach update the Conference on the progress of this important legislation.

   5:00 Day Two Sessions Conclude


Home   Register   Schedule   Faculty   Tutorials

Conference Contact: 610.296.9110   

Visit Our Technical Partner Links: