Easterly Reaffirms CISA’s Focus On Healthcare Cybersecurity at mWISE

October 20, 2022 - Water, K-12 education, and healthcare cybersecurity are upcoming focus areas for the Cybersecurity and Infrastructure Security Agency (CISA), Director Jen Easterly said at Mandiant’s mWISE conference in Washington, DC.

Specifically, Easterly said the agency would narrow in on “target-rich, resource-poor entities” such as nonprofit hospitals, small water facilities, and K-12 school districts.

“All of those things are part of critical infrastructure, but they don't have large security teams,” Easterly stated.

“They're not investing millions and billions of dollars like some in finance and energy are. And so, we have to figure out how to connect all of these entities together in a way that we can get information out that is useful to them, that is tailored to their ability to understand it and absorb it, and then to drive down risks to all of our national critical functions.”

In addition to an increased focus on these three sectors, Easterly noted that the agency plans to finalize and release cybersecurity performance goals for critical infrastructure as early as next week.

President Biden’s May 2021 executive order (EO 14028) required key federal agencies to work with the National Institute of Standards and Technology (NIST) to develop cybersecurity performance goals and baseline security practices for critical infrastructure owners and operators.

The guidance will outline the most high-impact security controls “to materially measure the reduction of risk across the most critical areas,” Easterly noted. The performance goals will ideally provide critical infrastructure organizations, especially ones with limited resources, with guidelines so they can better prioritize risk management.

Easterly stressed the importance of close government partnerships and collaboration across the public and private sectors to secure critical infrastructure.

At a recent Washington Post event, Anne Neuberger, deputy national security advisor for cyber and emerging technology in the Biden Administration, said that healthcare cybersecurity standards and guidance from the White House are on the horizon.

Specifically, Neuberger pointed to the healthcare, water, and communications sectors as the next three cybersecurity focus areas for the White House, furthering the administration’s emphasis on critical infrastructure security.

Both Easterly and Neuberger’s comments suggest that the government is paying extra attention to healthcare cybersecurity amid increasing cyber threats, and more guidance and resources for healthcare organizations could be on the way.