The Department of Health and Human Services (HHS) is distilling cyber threat intelligence for a health care audience, according to HHS CISO Chris Wlaschin, who spoke at an Institute for Critical Infrastructure Technology Briefing on Sept. 26.
“The Healthcare Cybersecurity Communications and Integration Center, or HealthCCIC as we’re calling it, is a 24/7 operation of cybersecurity situational awareness, incident response, and management to act as a nexus of cyber and communications integration for not only HHS but for the health care and public health sector,” said Wlaschin.
He said its intent “is not to replace current capabilities or functionality or services provided by” the Department of Homeland Security’s National Cybersecurity Communications and Integration Center (NCCIC). “The HCCIC is designed to fuse data, share information, and draw conclusions that support cyber preparedness, awareness, and resiliency for the health care sector. Working in close partnership with the NCCIC and other Federal government agencies, the HCCIC intends to do this.”
Members of Congress have criticized HCCIC for duplicating DHS’s NCCIC efforts, and Wlaschin said that some of their initial conversations with DHS were contentious.
“It wasn’t immediately clear what the HCCIC was trying to do,” said Wlaschin. “Were we stepping on DHS’s toes, were we trying to steal mission or funding or clout? The answer to that was a resounding ‘no.’ We are not trying to duplicate what DHS is doing with the NCCIC. We’re trying to complement it and focus those resources that are widely available down into the health care and public health sector.”
According to Wlaschin, what HCCIC does is geared toward smaller organizations without the dedicated IT staff that understands the details of cyber intelligence reports.
“There’s a ton of cyber threat intelligence out there. How much of it is focused on health care?” said Wlaschin. “They’re incredibly technical, they often lack context, they indicate that there’s a cyber threat out there, but they give no indication or direction as to who it’s targeted at and what the preventative measures might be.”
“Information without context is really ignorance; information with context is intel,” said Michael Seguinot, director of Federal at Exabeam, adding that he sees threat intelligence evolving to work like a weather channel, with localized and easily accessible updates in an online feed.
“There’s still a lot of maturity that needs to happen in the official sharing spaces,” said Travis Farral, director of security strategy at Anomali. “The best sharing that’s happening is sort of the real-time sharing over the nonofficial mediums like Twitter, backchannel discussions amongst peers, and before you start seeing any finished intelligence or any official details coming across through the official sharing stuff, it’s usually bubbling up from the collaboration that happens in these other mediums.”
According to Wlaschin, the goal of the HCCIC is to address cybersecurity needs outlined in Section 405 of the Cybersecurity Act of 2015, which directs DHS to coordinate with stakeholders in establishing a resource for reducing cybersecurity risk in the health care industry.