HPH SCC CYBERSECURITY WORKING GROUP

Similar documents
DHS Cybersecurity: Services for State and Local Officials. February 2017

The NIST Cybersecurity Framework

ISAO SO Product Outline

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne

Medical Device Cybersecurity: FDA Perspective

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS

National Policy and Guiding Principles

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

MDISS Webinar. Medical Device Vulnerability Intelligence Program for Evaluation and Response (MD-VIPER)

FDA & Medical Device Cybersecurity

Implementing Executive Order and Presidential Policy Directive 21

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

Critical Infrastructure Partnership

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

Member of the County or municipal emergency management organization

Cyber Security Strategy

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

DOE s Roles and Responsibilities for Energy Sector Cybersecurity

Appendix A: Imperatives, Recommendations, and Action Items

The Office of Infrastructure Protection

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Cyber Risks in the Boardroom Conference

Overview of the Federal Interagency Operational Plans

Critical Infrastructure Protection Committee Strategic Plan

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

The Next Frontier in Medical Device Security

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Department of Homeland Security Updates

Industry role moving forward

Critical Infrastructure Protection Committee Strategic Plan

National Cyber Incident Response - Architectural Concepts

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

Framework for Improving Critical Infrastructure Cybersecurity

Suzanne B. Schwartz, MD, MBA Director Emergency Preparedness/Operations & Medical Countermeasures (EMCM Program) CDRH/FDA

CALIFORNIA CYBERSECURITY TASK FORCE

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

Critical Infrastructure Sectors and DHS ICS CERT Overview

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Promoting Global Cybersecurity

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Bradford J. Willke. 19 September 2007

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

PIPELINE SECURITY An Overview of TSA Programs

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

Updates to the NIST Cybersecurity Framework

Legal and Regulatory Developments for Privacy and Security

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

Framework for Improving Critical Infrastructure Cybersecurity

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

Why you should adopt the NIST Cybersecurity Framework

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014

April 21, Division of Dockets Management (HFA-305) Food and Drug Administration 5630 Fishers Lane, Room 1061 Rockville, Maryland 20852

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Resolution: Advancing the National Preparedness for Cyber Security

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

G7 Bar Associations and Councils

Statement for the Record

SOC for cybersecurity

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

DHS Emergency Services Sector Presents Tools and Resources for First Responders. June 1, pm ET

Global Resilience Federation Trust. Collaboration. Community. Cindy Donaldson President, Global Resilience Federation October 2017

Comprehensive Cyber Security Risk Management: Know, Assess, Fix

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Health Care Industry Cybersecurity Task Force Report Recommends Urgent Improvement

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

DOD Medical Device Cybersecurity Considerations

Cybersecurity Risk Management Guide for Voluntary Use of the NIST Cybersecurity Framework

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

NERC Staff Organization Chart Budget 2019

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

Cyber Security Program

Cybersecurity. Securely enabling transformation and change

What It Takes to be a CISO in 2017

TEL2813/IS2621 Security Management

Election Infrastructure Security: The How and Why of It

Transatlantic Cybersecurity: The Need for Regulatory Coordination

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

NATIONAL ELECTRIC GRID SECURITY AND RESILIENCE ACTION PLAN

NERC Staff Organization Chart Budget 2019

Transcription:

HPH SCC A PRIMER 1 What Is It? The cross sector coordinating body representing one of 16 critical infrastructure sectors identified in Presidential Executive Order (PPD 21) A trust community partnership convening companies, non profits and industry associations across six subsectors with HHS, DHS, law enforcement, and intelligence community Mission: to identify cyber and physical risks to the security and resiliency of the sector, and develop planning guidance in a 3 year Sector Specific Plan and implementing task groups for mitigating those risks In meeting with government, it is the Healthcare & Public Health SCC (HPH SCC ) Focused on longer term critical infrastructure policy and strategy, complementing the operational National Health Information Sharing and Analysis Center, which serves as the sector s tactical watch, warning, incident response, forensics, and best practices hub for intra sector and government information sharing 2 1

How Does It Operate? Serves as a coordinating body the big table for industry associations and their members to unify effort toward policy and strategic solutions to shared security and resiliency challenges Does not supplant association work but coordinates their visibility, prioritization, and deconfliction Organized along functional and policy working groups with specific deliverables Regular meetings and conference calls and ongoing interaction with HHS as the principal sector specific agency (SSA) Forges joint work products separately and with the government that can be implemented across the sector to improve security and resiliency Strives to address cross cutting issues affecting two or more subsectors, requiring industry associations and members to use their governing structures to enable accurate representation of their positions and agree to joint initiatives and outcomes 3 Who Is In It? The HSCC is composed of major stakeholders from the six HHS identified subsectors industry associations and their member organizations & individuals: Direct Patient Care Health Information and Medical Technology Health Plans and Payers Laboratories, Blood and Pharmaceuticals Mass Fatality Management Services Medical Materials Security vendors, consultants and service providers not specifically identified as critical healthcare infrastructure, or otherwise not uniquely essential to the support of healthcare service delivery, may contribute in an advisory capacity as requested by the membership, but not as voting members 4 2

How is the HSCC Different from a Trade Association? The HSCC is an association of associations and their members, with one unified focus: coordinated critical infrastructure protection (CIP) both cyber and physical, working toward the common good As a recognized partner with the government under presidential executive orders (PPD 21 as amended), the HSCC HHS ongoing partnership is given special protection from Freedom of Information Act exposure, per below To encourage and protect exchange of sensitive CIP information and planning, all SCC s not individual trade associations when collaborating with government are designated as CIPACs Critical Infrastructure Protection Advisory Committees In order to maintain its CIPAC status, an SCC cannot directly lobby the way an association or company can The SCC does not / cannot charge dues in order to retain its FOIA exempt status when collaborating with government (dues are considered exclusionary) 5 Why Participate in the HSCC? Collectively develop and implement policy and operational improvements to the security & resiliency of individual enterprises and the sector Build relationships and engage regularly with senior government officials in a trusted environment outside of and protected from any regulatory, public disclosure or competitive risks Gain visibility into other associations initiatives and positions to deconflict and coordinate for efficient resource management and effectiveness Contribute to unity of effort as a counter balance against regulatory or legislative intervention Demonstrate thought leadership toward the common good Step up to your organization s responsibility for the nation s public health and safety 6 3

What is the HSCC Cybersecurity Working Group? One of the standing Working Groups under the HSCC umbrella Tasked with identifying major cybersecurity threats and vulnerabilities to the security and resiliency of the healthcare sector, and developing cross sector policy and strategic approaches to mitigating those risks 7 How is the HSCC Cybersecurity Working Group Currently Organized? Current structure: Two Co Chairs: Terence Rice, Merck; Bryan Cline, HITRUST Six task groups (at different stages of progress, to be reassessed): Future Gazing Information Sharing Risk Assessment Risk Management Communications and Marketing 405(d) Implementation (Section 405d of 2015 Cybersecurity Act, requiring HHS to work with industry on cyber security standards of practice) 8 4

How Will the HSCC Cybersecurity WG Organization Evolve? Proposed structure: Two Co Chairs Executive Committee comprising one from each of the six healthcare subsectors Task Groups focusing on specific deliverables to include: Current workstreams in progress as appropriate Prioritized implementation of Healthcare Cybersecurity Task Force recommendations Medical Device Health IT Joint Strategic Plan Others by consensus General membership of HSCC Cyber WG to include any and all association and organizational members with decision making authority, representing critical health subsectors, bringing technical, operational, management and public policy expertise to the table 9 2018 New Initiatives HEALTHCARE CYBERSECURITY & RISK MANAGEMENT GOVERNANCE: Develop voluntary best practices for cyber and data security risk management and governance MEDICAL DEVICE SECURITY AND MANAGEMENT (in process as Med.Device and HIT Cybersecurity Framework and Joint Strategic Plan INTELLECTUAL PROPERTY DATA PROTECTION SUPPLY CHAIN / THIRD PARTY CYBER RISK MANAGEMENT TELEMEDICINE: Standards of practice for secure provision of webbased or other connected medical services. REGULATION & POLICY: Seek regulatory harmonization and be on point for first drafts of public comments and other advisory positions WORKFORCE DEVELOPMENT Training best practices for technical and user workforce; develop marketing plan for attracting more cyber professional to healthcare cyber workforce CROSS SECTOR ENGAGEMENT Seek information sharing routines and best practices with other critical interdependent sectors like electricity, telecommunications, water, transportation INFORMATION SHARING Develop requirements for timely and relevant threat information to be shared within industry and with government MARKETING AND OUTREACH Standing group to help market SCC output and develop digital media, press outreach and other internal and public communications FUTURE GAZING: Develop an ongoing dialogue on how to incorporate new technology into healthcare and public health practice without compromising patient safety or access by individuals to their data as required by law. EXERCISES: Support exercises led by NH ISAC and ISAOs with strategic considerations arising from after action/lessons learned. 10 5

What Executive Roles are Required for Participation? The Cybersecurity Working Group is composed of senior executives with decision making authority from industry associations, healthcare enterprises and providers who have technical or managerial responsibility for: Cyber risk management Information and data management Information technology (IT) and operational technology (OT) Patient safety Product security Privacy and security compliance Policy, regulatory and legal affairs 11 What is Ahead for the HSCC Cybersecurity Working Group? Expand membership from all six subsectors and essential industry associations New focus on prioritizing and implementing Healthcare Industry Cyber Security Task Force recommendations compiled under 6 Imperatives: 1. Define and streamline leadership, governance, and expectations for healthcare industry cybersecurity. 2. Increase the security and resilience of medical devices and health IT 3. Develop the healthcare workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities 4. Increase healthcare industry readiness through improved cybersecurity awareness and education 5. Identify mechanisms to protect R&D efforts and intellectual property from attacks and exposure 6. Improve information sharing of industry threats, risks, and mitigations 12 6

Healthcare Sector Coordinating Council Cybersecurity Working Group Proposed Structure HSCC Leadership HHS Direct Care Cross Sector Cyber Leadership Group Provider/Company or Assn. HIT and MedTech Plans & Payers Pharm, Lab & Blood Mass Fatality Services Medical Materials Chair (Company) Co Chair (Association/Nonprofit) Cross Sector Working Groups on Prioritized Action Items from Healthcare Cyber Task Force WG1 WG2 WG3 WG4 WG5 WG6 WG7 13 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback