11-20, 12:00–12:50 (Canada/Eastern), Hackfest - Track 1
Language: English
This talk will provide an inside peak from the U.S.' efforts to secure the research, development, and distribution of the COVID-19 vaccines, including the tools & methodologies used to rapidly secure the end-to-end vaccine creation, as well as the current state of security of the vaccine supply chain.
Ready...Set...Secure all the COVID vaccines! That’s what Daniel was told in May 2020, two months after starting a new job. In this talk, he’ll share the inside experience of how a small team of (mostly government!) infosec folks worked to secure the entire vaccine development, distribution, and supply chain, and the key takeaways for the larger infosec community from this crazy (and surprisingly successful) experience.
This talk will cover a few key topics. First, Daniel will share the overall story of our operation, some of the (nation state) attacks we saw, including a mass ransomware threat on U.S. hospitals, and how we were able to help harden literally dozens of companies in a matter of months. He’ll cover the critical role that the infosec/hacker community played, between collaboration with CTI League and industry partners, as well as an effective use of bug bounties to rapidly secure a plethora of questionable apps developed by contractors. He’lll explain some of the problems and promises that industry faces when collaborating with government, from what role each agency plays to some of the barriers that were overcome. And he’ll dive into the vaccine supply chain and its vulnerabilities, and how badly we need the larger infosec community to help harden this rapidly ‘tech-ifying’ space before the next bio-catastrophe hits.
Daniel Bardenstein is just trying to help make the world be even just a little more secure. He is currently as Tech Policy Fellow at the Aspen Institute, focusing on policies to improve cybersecurity across the energy sector and medical devices. At the Defense Digital Service within the Department of Defense, Daniel led efforts including cybersecurity for the COVID-19 vaccines, the Hack the Pentagon bug bounty program, and research into OT/ICS/SCADA security. Before government, he worked in the private sector, where he built tools to make security teams’ lives easier. Daniel also holds certifications as a GCFA (Windows Memory Forensics) and, begrudgingly, a CISSP, as well as a patent on network anomaly detection. When not learning about some new security issue, Daniel tries to unwind by playing drums, hiking with his dog (Bowie), and baking banana bread.