- Understanding the dimensions of potential cyber threats and providing better clarification on what equates a significant cyber incident are two suggestions the Healthcare Information Management Systems Society (HIMSS) provided to the Department of Homeland Security (DHS) on its recent cybersecurity response plan.
DHS published the National Cyber Incident Response Plan (NCIRP) on September 30, 2016, and was meant to establish “the strategic framework and doctrine for a whole community approach to mitigating, responding to, and recovering from a cyber incident.”
HIMSS explained in its letter that it supports the basic NCIRP principle, which is that “education and readiness are shared responsibilities to ensure greater public awareness against cyber-attacks.” However, there are a few ways for the cybersecurity response plan to be even stronger.
First, all dimensions of potential cybersecurity threats should be considered. IT infrastructure and assets can exist in terrestrial, sea, air, and space, HIMSS wrote. The NCIRP must address all dimensions so a flexible response plan can be created.
“The complexity of threat and asset response may be significantly compounded, especially when multiple dimensions are in play— including in the private and public sectors (e.g., underwater data centers, undersea Internet cables, satellite communications, and over-the-air communications),” the letter noted.
HIMSS also maintained that there needs to be a better definition of what qualifies as a significant cyber incident. The NCIRP currently states that significant cyber incidents are “cyber incidents that have implications for national security or public health and safety.” Large cyber threats that could potentially impact public health and safety are a top concern for HIMSS, which is why it is already working to ensure that the healthcare industry understands how to properly prepare for such threats.
“As the federal government’s decision to fund two grants for the NH-ISAC indicated, coordination across the healthcare community is becoming increasingly important in the fight against cyberattacks,” the letter said. “Collaboration with the NH-ISAC and other stakeholders, particularly on threat identification and incident mitigation, will have a significant impact on public health and safety.”
Finally, HIMSS suggested that artificial intelligence (AI) could potentially be used for cybersecurity defense. For example, AI technology could fix zero-day threats in minutes, rather than days or months. Furthermore, evolving AI could affect machine-to-machine communications (M2M).
HIMSS argued that the the AI and M2M roles should be acknowledged in the NCIRP to better shape cybersecurity and cyber incident responses.
Specifically, HIMSS said the following areas should be adjusted to clarify how AI and M2M could potentially be used:
- Screening, Search, and Detection—Critical Tasks: Locate persons, machines, and networks associated with cyber threats or acts.
- Threat Response Core Capabilities—Critical Tasks: Interdict persons, machines, and networks associated with a potential cyber threat or act.
- Threats and Hazards Identification-Critical Tasks: Ensure that the right people, machines, and networks receive the right data at the right time.
HIMSS recently called for a more holistic approach to combatting cybersecurity threats, underlining the importance of information sharing and hiring more qualified cybersecurity workers.
In a position statement, HIMSS explained that a universal healthcare information privacy and security framework should be implemented and a cybersecurity leadership role at the Department of Health and Human Services (HHS) must be created.
“A proactive approach to security must be the norm, not the exception, to enable trust in, and facilitate collaboration and cooperation amongst, organizations,” HIMSS said in its statement. “By becoming more difficult to infiltrate, the health sector will become less of a target by cyber criminals.”