Proactive work by Federal agencies on cybersecurity – with a particular focus on workforce, innovation, and data management – is a key factor in agency success in protecting patient data from security threats, Federal officials said on Jan. 16.
Speaking at the AFCEA Bethesda Health IT Summit, leaders from the National Institutes of Health (NIH), Food and Drug Administration (FDA), and Departments of Veterans Affairs (VA) and Health and Human Services (HHS), discussed some of the lessons learned in putting IT professionals on the cybersecurity offensive.
Central to establishing strong cybersecurity is through recruitment and building out a strong workforce. Leah Buckley, Director for Counterintelligence and Insider Threat at FDA, said her agency is heavily focused on workforce development and retention.
“In an era when the U.S. government is struggling with the volume of employees that are retirement eligible, we actually have 49 percent of our cybersecurity employees [with] less than five years in the government,” Buckley said.
The VA understands the importance of building up its cyber workforce as well. The department is currently in the pilot stages of a cyber training academy program to develop baseline skills and achieve consistency across the board, said Stephanie Keith, Director of Cyber Workforce Management at VA.
On the innovation front, Jothi Dugar, CISO for the Center for Information Technology at NIH, made the argument for taking a holistic approach by changing the mindset around cybersecurity, and better understanding tools that come into the Health IT picture.
“So which parts of which tools are we actually using? Can we consolidate some of these tools together? How do they interact with each other?” Dugar asked. “What is the kind of framework we want to build with these tools? It’s not just getting the next shiny object out there on the block just as a habit and only using 10% of that tool,” she said.
Lastly, data management and continuous diagnostics and mitigation (CDM) has allowed agencies to communicate and share information much more quickly and effectively. Sharing information, VA CISO Paul Cunningham says, shows him evidence of where other agencies are succeeding in particular areas.