2021-11-20, 12:00–12:50, Hackfest - Track 1
This talk will provide an inside peak from the U.S.' efforts to secure the research, development, and distribution of the COVID-19 vaccines, including the tools & methodologies used to rapidly secure the end-to-end vaccine creation, as well as the current state of security of the vaccine supply chain.
Ready...Set...Secure all the COVID vaccines! That’s what Daniel was told in May 2020, two months after starting a new job. In this talk, he’ll share the inside experience of how a small team of (mostly government!) infosec folks worked to secure the entire vaccine development, distribution, and supply chain, and the key takeaways for the larger infosec community from this crazy (and surprisingly successful) experience.
This talk will cover a few key topics. First, Daniel will share the overall story of our operation, some of the (nation state) attacks we saw, including a mass ransomware threat on U.S. hospitals, and how we were able to help harden literally dozens of companies in a matter of months. He’ll cover the critical role that the infosec/hacker community played, between collaboration with CTI League and industry partners, as well as an effective use of bug bounties to rapidly secure a plethora of questionable apps developed by contractors. He’lll explain some of the problems and promises that industry faces when collaborating with government, from what role each agency plays to some of the barriers that were overcome. And he’ll dive into the vaccine supply chain and its vulnerabilities, and how badly we need the larger infosec community to help harden this rapidly ‘tech-ifying’ space before the next bio-catastrophe hits.