최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기npj digital medicine, v.4 no.1, 2021년, pp.34 -
Carmody, Seth (MedCrypt, San Diego, CA USA) , Coravos, Andrea (Elektra Labs, Inc, San Francisco, CA USA) , Fahs, Ginny (Aspen Institute Tech Policy Hub, San Francisco, CA USA) , Hatch, Audra (I Am The Cavalry, Washington, DC USA) , Medina, Janine (Biohacking Village, Las Vegas, NV USA) , Woods, Beau (Biohacking Village, Las Vegas, NV USA) , Corman, Joshua (Pennsylvania State University Policy Innovation Lab of Tomorrow (PILOT), State College, PA USA)
An exploited vulnerability in a single software component of healthcare technology can affect patient care. The risk of including third-party software components in healthcare technologies can be managed, in part, by leveraging a software bill of materials (SBOM). Analogous to an ingredients list on...
1. Cyber Security & Infrastructure Security Agency. Critical infrastructure sectors. https://www.dhs.gov/cisa/critical-infrastructure-sectors (2015).
2. U.S. Department of Health and Human Services. HITECH Act Enforcement Interim Final Rule. https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html (2009).
3. Slotwiner D HRS Expert Consensus Statement on remote interrogation and monitoring for cardiovascular implantable electronic devices Heart Rhythm 2015 12 e69 e100 10.1016/j.hrthm.2015.05.008 25981148
4. National Telecommunications and Information Administration (NTIA) use cases and state of practice working group. Roles and Benefits for SBOM Across the Supply Chain. https://www.ntia.gov/files/ntia/publications/ntia_sbom_use_cases_roles_benefits-nov2019.pdf (2019).
5. National Audit Office. Investigation: WannaCry Cyber Attack and the NHS. https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.pdf (2017).
6. Woods, B. & Bochman, A. Supply Chain in the Software Era . https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/supply-chain-in-the-software-era/ (2018).
7. Merck & Co, Inc. Merck announces second-quarter 2017 financial results. https://www.merck.com/news/merck-announces-second-quarter-2017-financial-results/ (2017).
8. Greenber, A. The untold story of NotPetya, the most devastating cyberattack in history. Wired . https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ (2018).
9. A. P. Møller–Mærsk A/S. 2017 Annual Report . http://investor.maersk.com/static-files/250c3398-7850-4c00-8afe-4dbd874e2a85 (2018).
10. Arhippainen, L., for the VTT Technical Research Centre of Finland. Use and Integration of Third-Party Components in Software Development . VTT Publications 489. http://www.vtt.fi/inf/pdf/publications/2003/P489.pdf (2003).
11. Synopsis. 2018 Open Source Security and Risk Analysis (OSSRA) Report . https://www.blackducksoftware.com/open-source-security-risk-analysis-2018 (2018).
12. Software Assurance Forum for Excellence in Code (SAFECode). Managing Security Risks Inherent in the Use of Third-Party Components . https://safecode.org/wp-content/uploads/2017/05/SAFECode_TPC_Whitepaper.pdf (2017).
13. Reuters. Cyber attack hits 200,000 in at least 150 countries: Europol. https://www.reuters.com/article/us-cyber-attack-europol/cyber-attack-hits-200000-in-at-least-150-countries-europol-idUSKCN18A0FX (2017).
14. Microsoft. Microsoft Security Bulletin MS17-010–Critical . https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010 (2017).
15. Abdollah, T. Hackers broke into hospitals despite software flaw warnings. https://apnews.com/86401c5c2f7e43b79d7decb04a0022b4 (2016).
16. Cyber Security & Infrastructure Security Agency. ICS Advisory (ICSMA-18-088-01): Philips iSite/IntelliSpace PACS Vulnerabilities (Update A) . https://www.us-cert.gov/ics/advisories/ICSMA-18-088-01 (2018).
17. Cyber Security & Infrastructure Security Agency. ICS Advisory (ICSMA-16-089-01): CareFusion Pyxis SupplyStation System Vulnerabilities . https://www.us-cert.gov/ics/advisories/ICSMA-16-089-01 (2017).
18. Rios, B. & Butts, J. Security Evaluation of the Implantable Cardiac Device Ecosystem Architecture and Implementation Interdependencies . https://a51.nl/sites/default/files/pdf/Pacemaker Ecosystem Evaluation.pdf (2017).
19. Leitner PM Japan’s post-war economic success: deming, quality, and contextual realities J. Manag. Hist. 1999 5 489 505
20. Womack JP Jones DT How to root out waste and pursue perfection Harv. Bus. Rev. 1996 74 140 172
21. Stern G Preparing for the next cyber storm: are you ready? Biomed. Instrum. Technol. 2019 53 412 419 10.2345/0899-8205-53.6.412 31765579
22. Leblang, D. B. & Levine, P. H. Software Configuration Management (eds Estublier, J.) (Springer-Verlag, 1993).
23. Schmidt, R. & Duffy, T. Non-interfering software distribution. In Proceedings of the DASIA 97 Meeting on Data Systems in Aerospace, Seville, Spain, 26-29 May, 1997 . (ed. Guyenne, T.-D.) ESA SP-409, 351–358 (European Space Agency, Paris, 1997).
24. Fangman, P. M., Gerhardstein, L. H. & Homer, B. J. Federal Emergency Management Information System (FEMIS): Bill of Materials (BOM) for FEMIS, version 1.4.5 . No. PNL-10689-Ver. 1.4.5. (Pacific Northwest National Laboratory, Richland, WA, 1998).
25. Nordquist P Petersen A Todorova A License tracing in free, open, and proprietary software J. Comput. Sci. Coll. 2003 19 101 112
26. Martin, R. A. Visibility & control: addressing supply chain challenges to trustworthy software-enabled things. 2020 IEEE Systems Security Symposium (SSS), Crystal City, VA, USA, 1–4. https://ieeexplore.ieee.org/document/9174365 (2020).
27. Martin, R. A. Assurance for cyberphysical systems: addressing supply chain challenges to trustworthy software-enabled things. 2020 IEEE Systems Security Symposium (SSS), Crystal City, VA, USA, 1–5 https://ieeexplore.ieee.org/document/9174201 (2020).
28. Sparrell, D. Cyber-safety in healthcare IOT. 2019 ITU Kaleidoscope: ICT for Health: Networks, Standards and Innovation (ITU K), Atlanta, GA, USA, 10.23919/ITUK48006.2019.8996148 (2019).
29. Geer D Corman J Almost too big to fail Login 2014 39 66 68
30. Financial Services Information Sharing and Analysis Center (FS-ISAC) Third-Party Software Security Working Group. Appropriate Software Security Control Types for Third Party Service and Product Providers . https://drive.google.com/file/d/1vm3JwEtAJqjpRPXoSgY99ijWIBcSSaSz/view (undated).
31. FS-ISAC Third Party Software Security Working Group. Appropriate Software Security Control Types for Third-Party Service and Product Providers . Version 2.3. https://www.fsisac.com/hubfs/Resources/FSISAC-ThirdPartySecurityControlTypes-Whitepaper_2015.pdf (2015).
32. NTIA. Transcript, Multistakeholder Meeting on Software Component Transparency, Part 1. https://www.ntia.doc.gov/files/ntia/publications/july_19_ntia_-_part_1_transcript.pdf (2018).
33. NTIA. Multistakeholder Meeting on Software Component Transparency, Webcast Archive. Part 1. https://www.ntia.doc.gov/other-publication/2018/webcast-archive-071918-meeting-promoting-software-component-transparency (2018).
34. Energy Sector Control Systems Working Group (ESCSWG). Cybersecurity Procurement Language for Energy Delivery Systems . https://www.energy.gov/sites/prod/files/2014/04/f15/CybersecProcurementLanguage-EnergyDeliverySystems_040714_fin.pdf (2014).
35. Mayo Clinic. Medical and research device risk assessment vendor packet instructions. https://www.mayoclinic.org/documents/medical-device-vendor-instructions/doc-20389647 (2020).
36. Open Web Application Security Project (OWASP). Security by design principles. https://www.owasp.org/index.php/Security_by_Design_Principles (2016).
37. CycloneDX.org. CycloneDX implementations. https://cyclonedx.org/#implementations (2020).
38. GitHub.com. Exploring the dependencies of a repository. https://help.github.com/en/github/visualizing-repository-data-with-graphs/listing-the-packages-that-a-repository-depends-on (2019).
39. GitHub.com. About security alerts for vulnerable dependencies. https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies (2019).
40. GitHub.com. Configuring Dependabot security updates. https://help.github.com/en/github/managing-security-vulnerabilities/configuring-automated-security-updates (2019).
41. OWASP. OWASP Dependency-Check. https://owasp.org/www-project-dependency-check/ (2019).
42. Promenade Software. Automated vulnerability alerts for embedded Linux. https://promenadesoftware.com/blog/automated-vulnerability-alerts-embedded-linux (2016).
43. National Electrical Manufacturers Association (NEMA). American National Standard: Manufacturer Disclosure Statement for Medical Device Security. ANSI/NEMA HN 1-2019 . https://www.nema.org/Standards/view/Manufacturer-Disclosure-Statement-for-Medical-Device-Security (2019).
44. NTIA. NTIA software component transparency. https://www.ntia.doc.gov/SoftwareTransparency (2020).
45. Stockhausen, H. B. & Rose, M. W. Continuous security patch delivery and risk management for medical devices. 2020 IEEE International Conference on Software Architecture Companion (ICSA-C), Salvador, Brazil. 10.1109/ICSA-C50368.2020.00043 (2020).
46. Koninklijke Philips N. V. Position Paper: Committed to Proactively Addressing Our Customers’ Security and Privacy Concerns . https://images.philips.com/is/content/PhilipsConsumer/Campaigns/HC20140401_DG/Documents/Philips_Cybersecurity_Position_Paper_20180306.pdf (2018).
47. Siemens Medical Solutions USA, Inc. Cybersecurity: Protecting healthcare institutions against cyberthreats. https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity (2020).
48. Health Care Industry Cybersecurity Task Force. Report on Improving Cybersecurity in the Health Care Industry . https://www.phe.gov/preparedness/planning/cybertf/documents/report2017.pdf (2017).
49. Walden, G. & Pallone, F. Jr. Letter from the House Committee on Energy and Commerce to Acting Secretary, US Department of Health and Human Services. https://republicans-energycommerce.house.gov/wp-content/uploads/2017/11/20171116HHS.pdf (2017).
50. Madara, J. L. Letter from the American Medical Association to the House Committee on Energy and Commerce on cybersecurity and the use of legacy technologies in health care. https://searchlf.ama-assn.org/undefined/documentDownload?uri=/unstructured/binary/letter/LETTERS/2018-5-24-Letter-to-Walden-Pallone-re-Draft-Cybersecurity-Response-to-EC-RFI.pdf (2018).
51. US Food and Drug Administration (FDA). Medical Device Safety Action Plan: Protecting Patients, Promoting Public Health . https://www.fda.gov/media/112497/download (2019).
52. FDA. Content of Premarket Submissions for Management of Cybersecurity in Medical Devices: Guidance for Industry and Food and Drug Administration Staff . https://www.fda.gov/media/86174/download (2014).
53. FDA. Content of Premarket Submissions for Management of Cybersecurity in Medical Devices: Draft Guidance for Industry and Food and Drug Administration Staff . https://www.fda.gov/media/119933/download (2018).
54. US Code of Federal Regulations, Title 21, CFR 820.50. Purchasing controls. https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfCFR/CFRSearch.cfm?fr=820.50 (2019).
55. FDA. Cybersecurity for Networked Medical Devices Containing Off the-Shelf (OTS) Software . https://www.fda.gov/media/72154/download (2005).
56. FDA. Postmarket Management of Cybersecurity in Medical Devices: Guidance for Industry and Food and Drug Administration Staff . https://www.fda.gov/media/95862/download (2016).
57. FDA. FDA Fact Sheet: The FDA’s Role in Medical Device Cybersecurity . https://www.fda.gov/media/123052/download (2017).
58. FDA. Deciding When to Submit a 510 (k) for a Software Change to an Existing Device: Guidance for Industry and Food and Drug Administration Staff . https://www.fda.gov/media/99785/download (2017).
59. FDA. Distinguishing Medical Device Recalls from Medical Device Enhancements: Guidance for Industry and Food and Drug Administration Staff . https://www.fda.gov/media/89909/download (2014).
60. NTIA. Software Component Transparency: Healthcare Proof of Concept Report . https://www.ntia.gov/files/ntia/publications/ntia_sbom_healthcare_poc_report_2019_1001.pdf (2019).
61. Ross, R., McEvilley, M., & Oren, J. C. Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems , vol. 1. NIST Special Publication 800-160, 10.6028/NIST.SP.800-160v1 (2018).
62. International Medical Device Regulators Forum, Medical Device Cybersecurity Working Group. Principles and Practices for Medical Device Cybersecurity . http://imdrf.org/docs/imdrf/final/technical/imdrf-tech-200318-pp-mdc-n60.pdf (2020).
63. Health Canada. Guidance Document: Pre‐market Requirements for Medical Device Cybersecurity . https://www.canada.ca/content/dam/hc-sc/documents/services/drugs-health-products/medical-devices/application-information/guidance-documents/cybersecurity-guidance.pdf (2019).
64. Medical Device Coordination Group. MDCG 2019-16 Guidance on Cyber Security for Medical Devices . https://ec.europa.eu/health/sites/health/files/md_sector/docs/md_cybersecurity_en.pdf (2019).
*원문 PDF 파일 및 링크정보가 존재하지 않을 경우 KISTI DDS 시스템에서 제공하는 원문복사서비스를 사용할 수 있습니다.
오픈액세스 학술지에 출판된 논문
※ AI-Helper는 부적절한 답변을 할 수 있습니다.