Tag: critical infrastructure

FDA Issues Guidance on Security of Medical Devices

The U.S. Food and Drug Administration (FDA) issued final guidance on Wednesday that are designed to strengthen the safety of medical devices. The FDA called on medical device manufacturers to consider cyber security risks as part of the design and development of devices. The document, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” asks device makers to submit documentation to the FDA about any “risks identified and controls in place to mitigate those risks” in medical devices. The guidance also recommends that manufacturers submit documentation of plans for patching and updating the operating systems and medical software that devices run. The document, which will be released on Thursday, does not contain specific requirements. Rather, it describes the kinds of things that medical device manufacturers should consider when preparing pre-market submissions for medical devices in areas such as information confidentiality, integrity, and availability, the FDA said. The release of the document follows the […]

Continue Reading

MITRE Gets $29m For First Cybersecurity Center of Excellence

MITRE Corporation has been awarded $29 million from the U.S. Commerce Department for the nation’s first federally funded National Cybersecurity Center of Excellence (NCCoE), according to a statement by the Commerce Department’s National Institute of Standards and Technology (or NIST). The contract charges MITRE with the job of operating the federally funded research and development center (FFRDC) in the areas of research, development, engineering and technical support; operations management; and facilities management. This is the first FFRDC dedicated to enhancing the security of the nation’s information systems, NIST said.  The NCCoE was established in 2012 in partnership with NIST, the state of Maryland and Montgomery County, Md.  It brings together experts from industry, government and academia to develop  integrated cyber security solutions using existing, commercially available technology. “As the principal champion of the digital economy in the federal government, the Commerce Department is committed to defending our nation’s digital infrastructure from cyberattacks and helping American companies strengthen […]

Continue Reading

FDA Seeks Collaboration on Medical Device Security

The U.S. Food and Drug Administration (FDA) on Tuesday put out a call for ideas and input on how best to secure medical devices and the healthcare system from cyber attack. In a federal notice, the FDA announced that it will hold an October workshop entitled “Collaborative Approaches for Medical Device and Healthcare Cybersecurity.” It also solicited input from stakeholders within the government and from the public health sector on medical device and healthcare cyber security. The workshop is scheduled for October 21 and 22 and will run from 9:00 AM to 5:00PM at the National Intellectual Property Rights Coordination Center Auditorium in Arlington, Virginia. [Read more Security Ledger coverage of connected medical devices here.] The Department of Health and Human Services (HHS) is looking for ideas about how best to implement aspects of both Executive Order 13636 for“Improving Critical Infrastructure” and follow-on guidance like the National Institute of Standards and Technology’s (NIST’s) “Framework for Improving […]

Continue Reading

With Cars Connected to the Internet, What about Privacy? | Computerworld

Lucas Mearian has a long and quite thorough article over at Computerworld weighing the possible security and privacy risks posed by connected vehicles. Among other things, Mearian weighs the recent past and likely future of connected vehicles, noting that, “once mobile devices are connected to car infotainment systems and cars are connected to the Internet, vehicles will become a rich source of data for manufacturers, marketers, insurance providers and the government.” They’ll also be a target for hackers. The problem is that, unlike mobile phones, cars have useful lives that are measured in decades, not years – or even months. That makes it difficult for manufacturers, who want to make their vehicles state of the art, but also must deal with the reality of much longer development cycles and complex interactions between non-critical and critical on board systems. [Read more Security Ledger coverage of connected vehicles here.]   A couple issues worth noting: […]

Continue Reading

Senate Report Warns of Attacks on Military Transport Contractors

A Senate Armed Services Committee investigation has found evidence that hackers associated with the Chinese government compromised the computer systems of U.S. Transportation Command contractors at least 20 times in a single year. The attacks pose a serious risk to the system that moves military troops and equipment. The Committee released the report on Wednesday. (PDF copy here.) It presented the results of a year-long investigation of U.S. Transportation Command, or “TRANSCOM,” found a serious gap in awareness and reporting requirements. TRANSCOM was only aware of two of the 20 intrusions, while U.S. Transportation Command remained mostly unaware of the computer compromises of contractors during and after the attacks. “These peacetime intrusions into the networks of key defense contractors are more evidence of China’s aggressive actions in cyberspace,” said Sen. Carl Levin, D-Mich., the committee’s chairman in a published statement. “Our findings are a warning that we must do much more to protect strategically significant […]

Continue Reading
1 73 74 75 76 77 97