Cybersecurity: Strategy versus Reality

Abstract

We need to realize that a security strategy based on SBoM disclosure, vulnerability sharing, and patching is not sufficient to meet the security and (especially) response needs of the healthcare industry. Will we ever be able to patch quickly and completely enough to become secure enough? I think the honest answer is "No." Again this is not saying that vulnerability sharing and patching are not important - they are - but we need to be aware of the practical and resource limitations. To minimize the number of reactive events we need to manage, we need a complementary and proactive security technology straregy. Clearly, we (and that is the collective "we" - the healthcare industry or, in fact, the entire country) need to spep up our cyberse curity efforts. Although many important steps have been taken, several more are needed and much work remains. And, as "Ohio lawmakers vote to set up a cyber reserve to flight, prevent attacks," being a resident of the Boston area, I am wondering if it is time to bring in the cyber minutemen.