Podcasts about patch act

Milton Yarberry is Director of Project Management at Integrated Computer Solutions. Milton has developed or managed software development for Motorola, Lucent, Cognex, Inktomi, and FEI, before moving into the medical software sector in 2006 with Foliage, Ivenix and now ICS. In this episode he shares about the Protecting and Transforming Cyber Health Care, or Patch Act, which FDA implemented in October 2023, including what software is impacted, the key take-aways from this regulation, if this effects legacy devices, and how medical device companies will be impacted.Links from this episode:Milton Yarberry LinkedIn https://www.linkedin.com/in/milton-yarberry-06a2311/Integrated Computer Solutions  https://www.ics.comSupport the showConnect with Mastering Medical Device: Website: https://www.masteringmedicaldevice.com LinkedIn: https://www.linkedin.com/company/mastering-medical-device Patrick Kothe LinkedIn: https://www.linkedin.com/in/patrick-kothe Patrick Kothe Twitter: https://twitter.com/patrickkothe Support the show for as little as $3/month: https://www.buzzsprout.com/1286645/support Thanks for listening!

Podcast: Unsolicited Response (LS 33 · TOP 5% what is this?)Episode: Dale Peterson On The Sunspace Alliance WebinarPub date: 2023-09-20Dale Peterson was recently interviewed by Jay Johnson of Sandia and Tom Tansy of the Sunspec Alliance as part of their distributed energy resources (DER) Sunspec webinar series. We covered a lot of issues and Dale was not shy in throwing out some analysis and opinions. After 5 minutes discussing the S4x24 ticket process, the topics discussed:   How DER will deal with the complex, large number of users and stakeholders PKI environment. The Sunspec device security specification and the benefits of a limited, key set of security controls. What is the role of government regulation to solve DER security issues? The potential power of the utility companies to levy requirements and be a choke point for access. The Patch Act, FDA and DER. shift left and product liability due to security flaws and more The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Dale Peterson was recently interviewed by Jay Johnson of Sandia and Tom Tansy of the Sunspec Alliance as part of their distributed energy resources (DER) Sunspec webinar series. We covered a lot of issues and Dale was not shy in throwing out some analysis and opinions. After 5 minutes discussing the S4x24 ticket process, the topics discussed:   How DER will deal with the complex, large number of users and stakeholders PKI environment. The Sunspec device security specification and the benefits of a limited, key set of security controls. What is the role of government regulation to solve DER security issues? The potential power of the utility companies to levy requirements and be a choke point for access. The Patch Act, FDA and DER. shift left and product liability due to security flaws and more

Podcast: Unsolicited Response (LS 33 · TOP 5% what is this?)Episode: Josh Corman - Healthcare Security, SBOMs & MorePub date: 2023-06-28Josh Corman is the VP of Cyber Safety Strategy at Claroty, was the Chief Strategist of the CISA COVID Task Force, and founder of I Am The Cavalry. Josh and I dive into Healthcare Security, SBOMs and other topics.  Can OT in healthcare be treated in a similar way as the factory, power plant, water treatment plant, ... ?  The first fatality due to a cyber attack on a hospital. Should we be focusing our efforts on reducing the impact if ransomware hits a healthcare facility? What is the equivalent to a steel reinforced cockpit door? The PATCH Act (included in the Omnibus bill passed in Dec 2022) requiring medical device manufactures to provide a SBOM and a patching program. What is it? What will be the impact of this? (BTW, Josh changed my mind on this as a start to a long term impact) Will the PATCH Act provisions delay approval of medical devices? How accurate and complete are vendor generated SBOMs today? How will this be solved? What will be the impact of SBOM mandates? Differing views on the importance to society of attacks and outages in the agriculture / food industry I Am The Cavalry turns 10. We will need to have Josh back for a Part 2.  The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Josh Corman is the VP of Cyber Safety Strategy at Claroty, was the Chief Strategist of the CISA COVID Task Force, and founder of I Am The Cavalry. Josh and I dive into Healthcare Security, SBOMs and other topics.  Can OT in healthcare be treated in a similar way as the factory, power plant, water treatment plant, ... ?  The first fatality due to a cyber attack on a hospital. Should we be focusing our efforts on reducing the impact if ransomware hits a healthcare facility? What is the equivalent to a steel reinforced cockpit door? The PATCH Act (included in the Omnibus bill passed in Dec 2022) requiring medical device manufactures to provide a SBOM and a patching program. What is it? What will be the impact of this? (BTW, Josh changed my mind on this as a start to a long term impact) Will the PATCH Act provisions delay approval of medical devices? How accurate and complete are vendor generated SBOMs today? How will this be solved? What will be the impact of SBOM mandates? Differing views on the importance to society of attacks and outages in the agriculture / food industry I Am The Cavalry turns 10. We will need to have Josh back for a Part 2.  

The "Consolidated Appropriations Act of 2023" (more commonly referred to as the Omnibus Act) was passed and signed into law on December 29th, 2022. This amendment to the Food and Drug Cosmetic Act has expanded the scope of the FDA beyond just "safety and efficacy" to include the cybersecurity of medical devices. This amendment resembles a watered-down version of the PATCH Act, which failed to pass in late 2022.As a result, on March 29, 2023, the FDA gained the legal authority to define and enforce medical device cybersecurity. So for today's episode, we got THE leading minds in MedTech cybersecurity together to discuss what we need to do next. Chris Gates, Director of Product Security at Velentium, Chris Reed, Vice President of Product Security at Medtronic, and Ken Hoyme, CEO of Dark Star Consulting, join the podcast today to discuss the new guidelines, what the FDA can and can't say about it, and what kinds of deficiencies you'll be seeing in the future because of the new legislation.Some of the highlights of this episode include:How the FDA tried to clear a path for routine patches and updatesThe minimum that the omnibus bill is talking aboutNo longer needing to make the link between cybersecurity and safety and effectivenessWhen they have the legal authority to enforce cybersecurityWhy the document took so long to go throughSecurity architecture analysisWhy you should be referencing the April 2022 draftUnpatched vulnerabilities at the time of submissionThe effort needed to understand the FDA's intentionsMemorable quotes from this episode:“Literally, if you're not aware of this already, you're already behind the 8-ball right now and there's things you've got to do.”“Basically, if you think it might be a cyber device, it is a cyber device.”“Don't sit there and try to be pedantic about this and say “I don't need to do this because there's a comma here.” It ain't gonna work for you.”“A synonym for threat modeling really is security architecture analysis.”Links:Christopher GatesChris ReedKen HoymeVelentiumMedtronicDarkStar ConsultingMedical Device Cybersecurity in 2023 and Beyond SlidesEtienne Nichols LinkedInGreenlight Guru

Josh Corman, VP of Cyber Safety Strategy at Claroty, is a hacker who knows U.S. public policy well. Ten years ago he created a volunteer organization, I Am The Cavalry, to help educate sitting legislators on active cybersecurity issues. In this episode of Error Code, Josh talks about the recently passed PATCH ACT and how it addresses some of the issues around patching medical devices over the lifetime of the device rather than just at the time of FDA certification. He also talks about his experience working for CISA during COVID-19 and how that helped inform issues within the PATCH ACT.

FDA has issued new draft guidance on cybersecurity for software as a medical device (SaMD). If the FDA releases that draft guidance ‘as is,' it will massively and negatively impact the SaMD industry and it's imperative that manufacturers understand how to prepare. In this episode of the Global Medical Device Podcast, Etienne Nichols talks to Chris Gates, director of product security at Velentium, about the shifting sands of medical device cybersecurity regulations for SaMD. Some of the highlights of this episode include:Chris views the FDA's recent activity around cybersecurity requirements, regulations, and laws for SaMD as a necessity because manufacturers cannot seem to self-regulate. The Protecting and Transforming Cyber Health Care Act (PATCH) will give the FDA a direct mandate to manage the cybersecurity of medical devices.However, a clause in the PATCH Act allows for cybersecurity to extend to all existing legacy medical devices—not just new devices entering the market.As medical device manufacturers (MDMs) become aware of the clause, it'll have a huge impact. MDMs will likely end support for device lines due to high costs. The biggest issue with the new guidance consensus vs. regulatory standards is alignment with software bill of materials (SBOM) tools.The most effort-intensive part of the new draft guidance is ongoing testing of anomalies to determine if they can be turned into vulnerabilities. The industry will be unable to keep up with additional testing because of resources and demand.All this added burden will be placed on MDMs at the cost of marginal improvements in cybersecurity. So, there's no real benefit to the manufacturer.Structure a standard by not creating something brand new that is ill/undefined but align best practices to create secure medical devices.Memorable quotes from Chris Gates:“Legally-backed cybersecurity requirements by a regulatory agency are necessary to ensure secure devices are entering the marketplace and hopefully replacing the insecure legacy devices.”“This clause is going to have a huge impact on medical device manufacturers (MDMs) and I find it amazing how many MDMs are completely unaware of this.”“An SBOM is a software bill of materials. It's an ingredients list for your application.”“This isn't just one-and-done testing in your life cycle.”“You're going to have a lot of extra work coming your way.”Links:Medical Device Cybersecurity for Engineers and ManufacturersRegulations (Submit comments to the FDA)Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket SubmissionsPATCH ActInternational Electrotechnical Commission (IEC)ISO (International Organization for Standardization)International Medical Device Regulators Forum (IMDRF)Chris Gates on LinkedInChris Gates EmailGreenlight Guru YouTube ChannelMedTech True Quality Stories PodcastGreenlight Guru AcademyGreenlight Guru CommunityGreenlight Guru

In this episode, we discuss the status of the PATCH Act for healthcare device security and the threats that it aims to address. We also explore how AI can be used to track and secure large networks of IoT devices that are impossible to manage with traditional security approaches.  Our guest today is Greg Murphy, CEO of Ordr. Ordr is a device security platform that enables companies to see, know, and secure every connected device in their IoT, IT and OT infrastructure.  IoT ONE is an IoT focused research and advisory firm. We provide research to enable you to grow in the digital age. Our services include market research, competitor information, customer research, market entry, partner scouting, and innovation programs. For more information, please visit iotone.com

On this episode of the Fandom Hybrid Podcast, we discuss the penultimate episode (sad face!) of The Falcon and the Winter Soldier. As John Walker faces the consequences of his actions, Sam does some soul-searching to figure out what he wants his narrative to be - both at home and as a superhero. Bucky rights a wrong and closes one chapter in his life, and when he makes a delivery to Sam, we see some healing and an understanding form between the two formerly reluctant allies. Sharon puts an asset into play that makes us question her motives, and Karli and the Flag Smashers put their plan into motion to stop the GRC from passing the Patch Act. Only one more episode to conclude the series! --- Send in a voice message: https://anchor.fm/fandomhybridpodcast/message Support this podcast: https://anchor.fm/fandomhybridpodcast/support

Joshua Gilliland and Mark Zaid review The Falcon and the Winter Soldier, episode 5, "Truth." Why was John Walker not given a court martial? What are the legal ramifications for the "Patch Act"? Could the Global Repatriation Council forcibly remove people from their homes? Tune in as Josh and Mark dive into these complex legal issues.  Support the show (https://www.patreon.com/thelegalgeeks)

The black letter law discussed in this episode is: Cybersecurity Executive Order https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/ Cyber Readiness Index 2.0 https://www.belfercenter.org/publication/cyber-readiness-index-20 Comprehensive National Cybersecurity Initiative (CNCI) https://obamawhitehouse.archives.gov/node/233086 Vulnerabilities Equities Process https://www.whitehouse.gov/sites/whitehouse.gov/files/images/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF Wannacry Ransomware https://www.cnet.com/news/wannacry-wannacrypt-uiwix-ransomware-everything-you-need-to-know/ Conficker Worm https://www.welivesecurity.com/2016/11/21/odd-8-year-legacy-conficker-worm/ Section Nine of Executive Order 13636 https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity PATCH Act of 2017 https://www.congress.gov/115/bills/hr2481/BILLS-115hr2481ih.pdf Eternal Blue Exploit http://www.wired.co.uk/article/what-is-eternal-blue-exploit-vulnerability-patch Melissa Hathaway is president of Hathaway Global Strategies https://www.hks.harvard.edu/faculty/melissa-hathaway

It seems like every week there are more headlines about cyber attacks. Should you be worried about the next Petya or WannaCry? What can we do to protect ourselves from getting hacked? With an endless stream of alarming incidents — Sony, HBO, North Korea, and federal agencies — are we at risk of falling into a “cyber fatigue?” Evan is joined by Heather West, Senior Policy Manager for the Americas at Mozilla, and Austin Carson, Executive Director of TechFreedom. They discuss the latest in cyber news and what Internet users, and their governments, can do to sort through the mess. For more, see TechFreedom’s primer on the PATCH Act and Mozilla’s policy blog.

Have you been hacked, or been the victim of malware or ransomware? Humans make the internet vibrant, but we're also the weakest link — we're predictable and often easily fooled. This episode of IRL focuses on our internet insecurity. Meet the unsung heroes fighting to keep us safe. IRL is an original podcast from Mozilla. For more on the series go to irlpodcast.org. Stay safe online! Here's more on how to not be a ransomware victim. And, if you'd like to learn a bit more about the PATCH Act mentioned in our episode, go here.

Yosef Getachew (@getachew2) is a Policy Fellow at Public Knowledge where he works on a variety of technology and communications issues. Prior to joining Public Knowledge, Yosef worked as a law clerk for several technology and communications organizations including the Federal Communications Commission, Comcast, Facebook, and the White House Office of Science and Technology Policy. Yosef has also served as a Project Coordinator and Research Assistant for the Joint Center for Political and Economic Studies. Yosef received his J.D. from the George Washington University Law School. In law school, he was an Articles Editor for the Federal Communications Law Journal. Yosef was born and raised in Washington D.C. In his spare time, he enjoys reading, watching basketball, and spending time with friends. In this episode, we discussed: what 5G is and what it will mean for consumers. the potential of 5G for job creation, particularly for communities with disproportionately high unemployment rates. how to ensure underserved communities have access to 5G technology when it is deployed. Resources Public Knowledge Federal Trade Commission Privacy Law & Policy by Chris Jay Hoofnagle NEWS ROUNDUP The Republican-controlled FCC -- which is, by the way, still sitting with only 3 of its 5 Commission seats filled -- moved to roll back the Obama-era net neutrality rules last week. The new NPRM released Thursday is ostensibly designed to solicit comments it will actually be considering. But policy experts see this as just an administrative formality FCC Chair Ajit Pai needs to adhere to before doing what he has already made clear he is going to do anyway: eviscerate the net neutrality rules. FCC Commissioner Mignon Clyburn, a Democrat, called the NPRM a "political rush job". Mariam Baksh has additional coverage in Morning Consult.  The Supreme Court on Monday ruled that plaintiffs can no longer "forum shop" -- a practice by which plaintiffs look to pursue their case in a venue that will be most favorable to them -- which, for patent trolls, is a jurisdiction like the Eastern District of Texas which often rules in favor of patent trolls. In TC Heartland v. Kraft, the decision the Supreme Court reversed on Monday, the lower court had ruled that plaintiffs could bring a lawsuit anywhere the companies conduct business. Now, as a result of the Supreme Court's reversal of the lower court's decision, the standard will now limit plaintiffs to bringing suit where the company is incorporated. The outcome of this case has significant implications for so-called patent trolls that bring often frivolous lawsuits against companies for violating patents they hold but don't use to produce anything--they just profit from suing companies that violate them. Ali Breland covers this for the Hill. Tennessee Republican Representative Marsha Blackburn introduced a bill Friday that would require both broadband providers as well as internet companies to obtain consent from consumers before selling their internet data. In a set of FCC privacy rules President Trump nullified last month, only broadband providers were required to obtain such consent. Ali Breland has this story as well in the Hill. Last week, Democratic members of the House Science committee wrote a letter to president Trump urging him to appoint a Director of the Office of Science and Technology Policy (OSTP). The lawmakers weighted in after Politico published an article revealing the fact that Trump's staffers occasionally pass fake science news to the president to sway him on certain issues -- it's all part of these little games they like to play jockeying for position within the White House. "We are concerned about the process by which you receive information," the letter begins. "Disseminating stories from dubious sources has been a recurring issue with your administration ... Until the OSTP is adequately staffed and the director position filled by a qualified, objective scientist who understands the difference between alternative news peddled on alt-right websites and legitimate well-vetted scientific facts, we fear that you will continue to be vulnerable to misinformation and fake news." Next.gov has the full story. Congress has responded to the recent ransomware attack that affected computers around the world with a new bill that would require the federal government to report security flaws much sooner so that companies like Microsoft will have a chance to fix them before they are exploited.  Jeremy Kirk outlines the the bipartisan PATCH Act at Bankinfosecurity.com. Finally, The European Union has slapped Facebook with a $122 million fine over the social media company's purchase of WhatsApp. Back in 2014, Facebook indicated  in its filing that it wouldn't be able to reliably link WhatsApp and Facebook accounts--and then last year it did just that. So the European Commission cried foul. Ali Breland reports in the Hill.

After WannaCry, US lawmakers introduced the Protecting Our Ability to Counter Hacking Act of 2017, or PATCH Act. If the bill gets passed, it would create a Vulnerabilities Equities Process Review Board where they would decide if a vulnerability, known by the government, would be disclosed to a non-government entity. It won’t be an easy law to iron out as they’ll need to find the right balance between vulnerability disclosure and national security. Meanwhile Shadow Brokers, the hacking group that leaked the SMBv1 exploit that led to WannaCry, announced that they would create a subscription-based business that would give paying members a monthly data dump of zero-days and exploits. Grounded in our post WannaCry world, the Inside Out Security Show panelists – Cindy Ng, Mike Thompson and Kilian Englert – mulled over a popular philosophical keynote by Cory Doctorow, The Coming War on General Purpose Computing. We closed out the show by discussing another potentially deadly attack, Adylkuzz and whether not they’d prefer an attack like ransomware that notifies them or a cryptocurrency miner that consumes resources from their system and they wouldn’t even know it.

Wannacry fallout continues; Who to blame?; Microsoft? David Omand, the former head of British intelligence agency GCHQ, said Microsoft should have maintained support for its Windows XP system to protect public services from hacks; North Korea?; NSA? PATCH Act; Companies who don’t patch? SEC Warns Firms To Beef Up Security After Cyberattacks; What does it say about relative nations’ security?; The Oliver-Pai debate on net neutrality; This week in cyberproliferation; Vietnam joins the ranks of cyberespionage enthusiasts; Russia as cyberweapons proliferator; EU Fines Facebook $122M Over “Lies” During WhatsApp Deal