President Barack Obama's executive order to use information sharing and analysis organizations (ISAOs) to boost cybersecurity will raise awareness and help create better coordination between private entities and government, according to Deborah Kobza, executive director of the National Health Information Sharing and Analysis Center (NH-ISAC).
About a dozen longstanding ISACs serve specific sectors such as finance, healthcare and energy, and work with government on info-sharing, she explains in an interview with HealthcareInfoSecurity.
Meanwhile, many ISAOs already exist, she points out. They're more narrowly focused, and could be organized by industry, sub-sector, region or other factors. The Health Information Trust Alliance (HITRUST), for example, has said it is one of those ISAOs.
Kobza sees the ISAOs as feeding information into the ISACs to better identify threats and foster more coordinated response. There's a danger, however, of ISAOs becoming silos of information, she said. Especially if there's a physical disaster, such as a hurricane or earthquake, there's a cyber component to the threat and cross-sector data sharing is vital for effective response.
The health ISAC has implemented an automated information-sharing platform that presents structured threat information in eight areas, she said, including:
- Who is the actor?
- What is the construct?
- What is the observable?
- What's the countermeasure solution?
"So we're all speaking the same language and everybody understands what we're sharing. In the health sector, it's not about sharing any PHI or proprietary or confidential information," Kobza said. "It's about sharing those cyber threat indicators."
Participants in the White House Summit on Cybersecurity and Consumer Protection last week stressed that threat data-sharing doesn't have to endanger consumer information.
The president's plan calls for the ISAOs to serve as hubs for threat data sharing, to set voluntary standards and to streamline private-sector companies' ability to access classified cybersecurity threat information.
HITRUST is working with providers to test and improve their preparedness for attacks through its CyberRX 2.0 attack simulations. The need for organizations to be more open about attacks was one of the early lessons from that program.
To learn more:
- listen to the interview