Reducing the Blast Radius: A Cybersecurity Summit Boston Recap

Healthcare cybersecurity teams operate inside a structural problem that does not get easier with budget. As we covered in our HIMSS analysis, 60 percent of health systems say they cannot adequately protect the unpatchable, agentless medical devices already on their networks, and 52 percent report they have no continuous monitoring for lateral movement or segmentation failures. The economics confirm the picture. The IBM Cost of a Data Breach Report 2025 put the global average breach cost at 4.44 million dollars, with healthcare again leading every other sector at 7.42 million dollars per incident.

The shared signal across both reports is the same. Attackers are not breaking down the front door. They are using stolen identities, jumping to legacy assets that cannot be patched, and moving laterally until they reach something valuable. The architectural answer is to reduce the blast radius through identity-based microsegmentation.

That was the through-line on May 6, 2026 at the 11th edition of the Official Cybersecurity Summit: Boston, part of the national series hosted by CyberRisk Alliance at the Westin Copley Place. Elisity attended on the sponsor floor, but this post is not a recap of the booth. It is a recap of an idea. Across three sessions, a former NIST Fellow, a senior architect at one of the largest hospital systems in the country, and a panel of women leaders working at the intersection of identity and AI all converged on the same architectural conversation.

The day's organizing idea: reducing the blast radius

If you were looking for one phrase to carry away from the day, it was reducing the blast radius. Stephen Craig used it directly from the NY-Presbyterian stage. Dr. Ron Ross arrived at the same idea in different vocabulary in the opening fireside, framing it as one of the three dimensions of a complete cyber defense. The afternoon's Women in Cyber panel extended the conversation into non-human identity, where the blast radius now has to account for AI agents, service accounts, and third-party connections.

The operational expression is the same in all three. You assume an adversary will get inside. You build the environment so that being inside does not equal being everywhere. Microsegmentation enforces that. Identity scopes the policy. Legacy devices are where the architecture earns its keep.

Opening fireside: Dr. Ron Ross on the three dimensions of cyber defense

The opening session paired Parham Eftekhari, EVP for CISO Communities at CyberRisk Alliance, with Dr. Ron Ross, the former NIST Fellow whose name appears on the Risk Management Framework, the systems security engineering guidelines in NIST SP 800-160 Vol. 2 Rev. 1, and a long list of other publications that organizations across critical infrastructure use as their starting point for control selection.

Ross described cyber defense as a three-dimensional discipline rather than a single posture. The first dimension, penetration resistance, is the perimeter and hygiene work organizations have always done. He was clear it still matters, and equally clear it is not enough on its own, because the determined adversaries who matter most will get past it.

The second dimension is where the day's central idea entered. Ross called it damage limitation, and he named the techniques explicitly. Domain separation, segmentation, and microsegmentation. Virtualization and micro-virtualization. Isolation that increases the adversary's work factor once they are inside. He used a house analogy. The lock on the front door is the perimeter. The vault inside every room is microsegmentation. If the front door fails, you do not lose the whole house.

The third dimension was cyber resilience. Ross framed this as the ability to take a punch and continue to support the mission, even in a degraded state. For critical infrastructure (water systems, power generation, healthcare delivery), the difference between damage and catastrophe usually lives in this dimension.

To make damage limitation concrete, Ross described his work with NASA's Jet Propulsion Laboratory on a digital twin experiment with the Sunrise satellite system. The same engineers who built the system rebuilt a parallel digital twin, this time engineering security principles in from the start. An intern with an AI tool was then asked to find vulnerabilities. In the original twin, the intern surfaced a handful of critical vulnerabilities in roughly a week. In the redesigned twin, almost all were closed by design.

Ross closed with the essential partnership theme. Government, industry, and academia working together, with security leaders speaking the language of the business they serve. The recurring failure mode he described is technical fluency without business translation. Damage limitation, in his framing, is a business decision because it determines what survives a breach, not just what gets prevented.

Stephen Craig at NY-Presbyterian: segmentation as the only practical answer to legacy

Stephen Craig, Senior Authentication Services Architect at New York-Presbyterian Hospital, opened with a story that anyone in healthcare security has either lived through or will. Three weeks before the summit, he was asked to help connect a Windows Server 2008 box and two Windows XP workstations into the network. The purpose was to manage the alarms for a fire alarm system. The vendor's position was that the equipment had been current when it was installed in 2010 and that replacement was not on the table.

Craig used the example to set up his core argument. Healthcare runs on equipment that cannot be replaced on a CISO's calendar. Oncology pumps, EKGs, MRIs, building management systems, and clinical workstations sit on the same network as everything else. Many of them carry FDA approval, which historically meant patches could not be applied without re-validation. Local accounts, default passwords, weak credential hygiene, and shared remote access are common. Most do not log meaningfully. Most do not support multi-factor authentication.

Craig pointed to a recent Shodan scan that he summarized in one sentence: "1.2 million devices accessible through the internet." He then recalled a New York Times report from around 2021 listing "400 hospitals" that a nation-state had targeted during the COVID period. The attack surface is enormous, the legacy share of it is structural, and the people running these environments do not get to escape it through procurement.

Craig walked through the operational answer NY-Presbyterian has been building. Identity at the entry point, with privileged access management and jump boxes for administrative work. No direct RDP from outside. Vendor access through a controlled gateway that the vendor does not get to negotiate around, regardless of the brand on the badge. Removal of local administrative rights, a multi-year program he characterized as having gone from roughly 2000 admin accounts down toward 200, with a target in single digits. Dedicated VLANs, explicit allow-lists, no internet access by default, and continuous logging.

The phrase he used to organize all of it was the same one Ross had reached from a different angle. Craig put it directly: "Look at reducing the blast radius. Assume something's going to get nailed when they do." He described segmentation not as a wall but as a series of speed bumps. Each one slows the attacker, narrows their options, and increases the chance that detection catches the activity before the impact compounds. That is the operational expression of damage limitation. It is what Ross's second dimension looks like when a hospital's authentication architect builds it.

Craig closed with a single line: "This is not an IT issue. This is a business issue." Patient safety, regulatory exposure, fines, and reputational damage are all tied to whether a single compromised legacy device becomes the start of an enterprise-wide event. The shift in framing is what gets segmentation funded.

If you are a healthcare CISO, the playbook Craig described maps directly onto the medical device microsegmentation work several large health systems have published. Our team has covered that pattern in the golden age of microsegmentation in healthcare and the Main Line Health case study.

Women in Cyber panel: identity, agentic AI, and what comes after passwords

The afternoon Women in Cyber panel was moderated by Deidre Diamond, founder and CEO of CyberSN. The panelists were Dr. Kelley Misata, founder of Sightline Security and president of the Open Information Security Foundation (the project behind Suricata); Praveen Sharma, a product security and AI governance executive whose career spans Cubic, Insulet, BD, Xerox, Philips, and MIT Lincoln Laboratory; and Janine Comstock, a long-time financial-services CISO now operating as an independent advisor.

Diamond framed the panel around AI, identity, and third-party risk, with post-quantum readiness as the closing thread. Identity has expanded. That was the connecting argument across all four panelists.

Comstock made the argument most directly. She characterized identity as no longer just human. Service accounts, AI agents, machine workloads, and the API boundaries that connect to third parties are all identities now, and they all need the same discipline. Inventory, lifecycle, authorization, and monitoring. Her point landed squarely on the same architectural conversation Ross and Craig had been having from different angles. If identity is what scopes the policy, then identity has to include the agents and accounts that increasingly do the work.

Sharma inverted the standard pattern on third-party risk. Vendor security assessments typically gate vendor onboarding. She described using the same mechanism in the other direction. When her organization's customers run penetration tests against the products her teams ship, the surfaced findings drive product quality improvements that internal cycles had missed. The vendor assessment process, in her framing, is a forcing function for product security maturity, not just a procurement checkbox.

Sharma also made the case for AI as a defensive accelerant. She pointed to GitHub Copilot as one example of a tool that, with the right guardrails, can produce code with fewer security findings out of the gate, reducing the friction between product teams pushing toward release and security teams holding the line on controls.

Misata's open-source perspective grounded the AI conversation. She described her junior developers at OISF asking, on a recent team gathering, whether AI was going to replace them. Her answer was that AI shifts the work, not the need for human security judgment. When AI agents start contributing pull requests against an open-source project like Suricata, the discipline behind code review, contribution provenance, and license compliance becomes more important, not less. AI accelerates throughput. The judgment about what to merge and what to reject is still human.

Comstock closed the panel on post-quantum readiness, framing it as a Y2K-scale program rather than a Y2K-scale panic. Y2K worked, she argued, because it was treated as a multi-year discipline. Inventory every algorithm and every key in use. That includes the keys a developer wrote into a system ten or fifteen years ago, that nobody on the current team knows about, that are running one of the most critical applications in the legacy estate today. Those keys will not show up in a modern asset inventory. The discovery work has to start now, not after the standards finalize.

The panel's identity-separation argument echoed the one our team heard at RSAC the same week from a different vocabulary. Andy Ellis, in our RSAC interview on preventing lateral movement among AI agents, made the same case for treating each AI agent as its own identity with its own segmentation policy. Different room, different speaker, same architecture.

What this means for security leaders in 2026

Across the Cybersecurity Summit Boston 2026 program, the same picture appeared in each session. Damage limitation is no longer a slide in a NIST framework deck. It is the operating model. Microsegmentation is how damage limitation gets enforced inside the network. Identity, human and non-human, is how the policy gets scoped. Legacy devices, the ones you cannot patch and cannot replace on a security team's timeline, are where the architecture earns its keep.

The argument extends beyond healthcare. Manufacturing floors, energy grids, and water utilities carry the same legacy device problem NY-Presbyterian deals with on the clinical side. Ross named the 16 critical infrastructure sectors as the population that needs damage limitation built into the architecture. Programmable logic controllers, building management systems, and industrial control endpoints share the attributes that drove Craig's segmentation strategy. They cannot be patched on a normal cadence, they speak protocols that predate modern authentication, and lateral movement to a safety-critical asset turns a breach into an incident with physical consequences. The architectural answer is the same: reduce the blast radius with identity-based microsegmentation, applied through the existing infrastructure.

Three implications follow for security leaders heading into the second half of 2026.

Treat segmentation as a business decision, not an infrastructure project. Repeat Craig's closing line to executive audiences. Patient safety, regulatory exposure, and reputational damage are all blast-radius questions, and they get smaller when the architecture limits where a compromised identity can reach. The CISA Zero Trust Maturity Model v2.0 and NIST CSF 2.0 point toward the same operating model.

Expand the identity inventory before you build the policy. Comstock's point about non-human identities is the operational answer to the question agentic AI raises. Service accounts, AI agents, and API boundaries all need the same lifecycle discipline as employees and contractors. Agentic AI has moved from an emerging concept on a 2024 conference slide into an operational reality showing up in production environments today. The identity inventory work that was optional six months ago is now load-bearing.

Stop waiting for legacy to age out. It is not aging out. The Windows 2008 box that arrived in Craig's environment three weeks before the summit is the rule, not the exception. The architecture has to assume them.

Elisity exists to help security teams enforce that architecture without rebuilding the network. Identity-based microsegmentation, applied through existing switches and access points, is one practical way to operationalize what the day's speakers were collectively describing. If you want the longer explanation, our team has written it up in what is microsegmentation.

Frequently Asked Questions About Reducing the Blast Radius

What are the three dimensions of cyber defense?

In the framing Dr. Ron Ross described at Cybersecurity Summit Boston 2026, cyber defense has three dimensions. Penetration resistance covers the perimeter and hygiene work that keeps adversaries out in the first place. Damage limitation, the second dimension, assumes adversaries will get in and uses microsegmentation, virtualization, and isolation to contain what they can reach. Cyber resilience, the third dimension, is the ability to continue supporting the mission even when components are compromised or degraded. The three are complementary, not alternatives.

How does microsegmentation reduce the blast radius?

Microsegmentation reduces the blast radius by limiting which identities and assets can communicate, even after an adversary has gained an initial foothold. Instead of allowing free lateral movement, microsegmentation enforces granular policies that scope every connection to what the identity legitimately needs. If a credential or device is compromised, the attacker's reachable territory is constrained, which slows them down, narrows their options, and gives detection tools a chance to catch the activity before it spreads.

How do hospitals secure legacy medical devices that cannot be patched?

Hospitals secure legacy medical devices by combining identity-based access controls, network segmentation, and operational controls that compensate for the inability to patch. The pattern Stephen Craig described at NY-Presbyterian centers on dedicated VLANs, explicit allow-lists, no default internet access, vendor access through a controlled privileged-access gateway, removal of local administrative rights, and continuous logging. Microsegmentation policies scoped by device identity contain a compromised legacy asset without disrupting the clinical workflow that depends on it.

How does identity-based security apply to agentic AI?

Agentic AI is a new identity class. AI agents authenticate, hold permissions, call APIs, and act on data the same way human users and service accounts do, but at machine speed and at much larger scale. Identity-based security applies to agentic AI by treating each agent as its own identity in the inventory, scoping permissions to the smallest workable set, and enforcing those permissions through microsegmentation policies that apply to the agent's traffic. The result is that a compromised AI agent reaches less, just like a compromised user account does.

What is identity-based microsegmentation?

Identity-based microsegmentation is a network security approach that enforces communication policies based on the identity of the asset rather than its IP address, VLAN, or physical location. Each device, user, service account, or AI agent is classified with attributes that describe what it is and what it should be allowed to talk to, and the network enforces those policies dynamically as the asset moves or changes. The model works across IT, OT, and IoT environments because the policy follows the identity, which makes it well suited to the legacy device, agentic AI, and operational technology problems described throughout this post.

Further reading

• The Golden Age of Microsegmentation in Healthcare Medical Device Security
• Healthcare IT and Microsegmentation: A Case Study With Main Line Health
• Understanding and Preventing Lateral Movement: A Guide for Enterprise Security Leaders
• Andy Ellis on Preventing Lateral Movement Among AI Agents
• AI Agent Network Security and Microsegmentation in 2026