At a glance.
- EU to investigate potential antitrust issues linked to Broadcom’s purchase of VMware.
- FDA urges Congress to focus on cybersecurity of medical devices.
- CISA to receive funding increase for the new year.
EU to investigate potential antitrust issues linked to Broadcom’s purchase of VMware.
The European Commission on Tuesday announced it’s launching an investigation into semiconductor maker Broadcom Inc.’s proposed $61 billion acquisition of American cloud computing firm VMware Inc. The antitrust watchdog is concerned the merger could give Broadcom the ability to kill competition in the chip-manufacturing market, and the UK Competition and Markets Authority and the US Federal Trade Commission have voiced similar worries. The EU says a preliminary examination of the acquisition raised questions about network interface cards, storage adapters, and other hardware components, and there are worries that Broadcom could configure VMware’s software to make it more difficult to interoperate with competitors’ hardware. “This, in turn, could lead to higher prices, lower quality and less innovation for business customers, and ultimately consumers,” the commission stated.
A Broadcom spokesperson said, “The combination of Broadcom and VMware is about enabling enterprises to accelerate innovation and expand choice. We are confident that regulators will see this when they conclude their review.” Similarly, VMware has said the acquisition will give the companies’ combined customer base more product and service options. The Wall Street Journal says the European Commission will have until May to make a decision on the acquisition.
FDA urges Congress to focus on cybersecurity of medical devices.
The US Food and Drug Administration (FDA) is calling for Congress to put more support and funding into cybersecurity protections for medical devices, the Record by Recorded Future reports. As healthcare facilities have increased their dependence on electronic devices like infusion pumps and autonomous robots, inevitably there has been an increase in the number of vulnerabilities discovered. In September the Federal Bureau of Investigation warned that these bugs increase the risk of cyberattacks on medical facilities, which have already become attractive targets for cybercriminals, and exploitation of vulnerabilities could lead to equipment malfunctions that would endanger patients. The alert read, “Cyber threat actors exploiting medical device vulnerabilities adversely impact healthcare facilities’ operational functions, patient safety, data confidentiality, and data integrity.”
Despite these concerns, in September Congress passed a short-term continuing resolution through December 16 that, to the dismay of cybersecurity experts, did not include previously introduced measures requiring medical device developers to adhere to heightened security standards. Though it’s unclear why the measures were left on the cutting room floor, CEO of device cybersecurity firm NetRise Thomas Pace suggested there may have been pressure from device manufacturers concerned the requirements would be too expensive or cumbersome to implement. “The main risk here is a lack of even a baseline of protection that can be validated in any way,” Pace stated. “This is unacceptable for prescription drugs the FDA approves, so why not the devices that are also healing patients as well?” An FDA spokesperson noted that the short-term continuing resolution did reauthorize medical product user fee authorities, which allow s the FDA to “increase the efficiency of regulatory processes with a goal of reducing the time it takes to bring safe and effective medical devices to the US market.” The spokesperson added, “We hope that Congress is able to reach agreement on the other important policy riders as part of the final year-end package.”
CISA to receive funding increase for the new year.
The US House and Senate Appropriations Committees yesterday released a Fiscal Year 2023 legislative package that gives the Cybersecurity and Infrastructure Security Agency (CISA) a 12% ($313.5 million) funding increase. Legislators say the increased funding will be used to boost CISA’s ability to fight cyberattacks and protect critical infrastructure. It’s worth nothing that while it’s a substantial spending hike, it’s lower than the $396.4 million requested by President Joe Biden. Meritalk explains that the $2.9 billion total will be allocated to various CISA programs including threat hunting, vulnerability management, and a cyber defense education and training program. $332 million will go to the Continuous Diagnostics and Mitigation program in compliance with the Biden administration’s 2021 cybersecurity executive order. The committee also said the legislation would require CISA to regularly engage with industry leaders for “meaningful discussions about cybersecurity capabilities, challenges, and technologies, as well as future business opportunities,” and to share their findings with congressional committees within 90 days of the bill’s passage.