The recent SolarWinds attack report, which we summarized in a recent post, hinted at possible executive action as a response to the massive assault. That possibility has been realized, and a Biden administration executive order, requiring enhanced cybersecurity measures including the Software Bill of Materials (SBOM), is expected any day now. A National Security Council spokeswoman was recently quoted as saying that the SolarWinds attack showed that the “federal government needs to be able to investigate and remediate threats to the services it provides the American people early and quickly. Simply put, you can’t fix what you don’t know about.”
The executive order will adopt cybersecurity measures recommended by security experts, including multi-factor authentication, data encryption, and a detailed list of the exact software components utilized, in other words, a Software Bill of Materials (SBOM).
The draft order also contains details around the creation of a cybersecurity incident response board. It is proposed that the board would be populated with representatives from federal agencies as well as cybersecurity companies. The purpose of the board is to collect breach information from victims of cyber-attacks in order to inform others of possible imminent threats and share critical information that could help organizations prepare. It’s not clear how victims would be incentivized to share information, nor is it clear how the information would be aggregated and shared with others.
Today, the Healthcare industry is a prime target for hackers, and the SBOM is a much-needed security document. Providing this transparency into deployed medical devices will enable faster responses from all stakeholders, ultimately resulting in improved patient safety.
Founded in 2019, Vigilant Ops is an innovator in the medical device cybersecurity industry. Led by seasoned medical device cybersecurity experts with more than forty years of combined experience, Vigilant Ops provides medical device manufacturers and hospitals with unprecedented insight into device risk profiles, enabling proactive management of threats before they impact the quality of patient care.