Vigilant Ops Wins Cybersecurity Challenge

Author: vigilantops

Why 2021 is Shaping Up to be the Year of the SBOM

The software bill of materials (SBOM) is on its way to being recognized as a key security document and the primary enabler of software transparency across all industries. In healthcare, FDA (US Food and Drug Administration) included the SBOM in the first draft of their Premarket Guidance in 2018, but they referred to it as a CBOM (Cybersecurity Bill of Materials). Today, SBOM, which is a detailed list of software components found in a product or system, has become the more accepted terminology. As...

Continue reading

White House Considers Software Bill of Materials (SBOM) Critical

The recent SolarWinds attack report, which we summarized in a recent post, hinted at possible executive action as a response to the massive assault. That possibility has been realized, and a Biden administration executive order, requiring enhanced cybersecurity measures including the Software Bill of Materials (SBOM), is expected any day now.  A National Security Council spokeswoman was recently quoted as saying that the SolarWinds attack showed that the “federal government needs to be able...

Continue reading

Software Bill of Materials Help to Defend Against Cyberattacks

On February 17, 2021, a remarkable White House press briefing addressed possible executive action in the wake of the SolarWinds attack, the most systematic hack of the U.S. government in history. In mid-February, the United States White House held a press briefing and announced possible executive action in response to a recent attack against some critical US agencies, including the US Department of Commerce and the US Department of Justice. The recent hack, referred to as the SolarWinds...

Continue reading

Two Key Device Security Documents Hospitals Need Now

When it comes to medical device security risk, hospitals are largely in the dark. By deploying medical devices without a Software Bill of Materials (SBOM) and/or an MDS2, they have no good way to know their actual vulnerability to cyberattacks, at least not without a lot of manual effort. When it comes to medical device security risk, hospitals are largely in the dark. By deploying medical devices without a Software Bill of Materials (SBOM) and/or an MDS2, they have no good way to know their...

Continue reading

Massive Ransomware Assault on Healthcare

CISA (Cybersecurity & Infrastructure Security Agency), the Department of Health and Human Services (HHS) and the Federal Bureau of Investigation (FBI) jointly released a cybersecurity advisory on October 28, 2020 warning of an imminent cybercrime threat to healthcare providers. Since the original release, the warning has been revised to include additional information. The advisory, Alert (AA20-302A) can be found here.  Authorities have claimed this to be one of the most significant...

Continue reading

U.S. Treasury Department Warns of Possible Violations

Paying ransomware hackers could run afoul of anti-money laundering regulations. The Financial Crimes Enforcement Network (FinCEN) issued an advisory that, depending on the circumstances, facilitating ransomware payments to cyber-criminals could constitute money transmission, thus violating anti-money laundering regulations. In addition, the Office of Foreign Assets Control (OFAC) issued an advisory that engaging in transactions, such as ransomware payments, with individuals or entities on their...

Continue reading