DHS, Blockchain/Breach, Breach Barometer

TLP White:  We start with an announcement from the Department of Homeland Security about the formation of a National Risk Management Center.  We also address some amendments to Ohio law which have implications for Blockchain and data breaches.  We conclude with discussing a recent data breach and the role that employees play in those statistics.  Welcome back to Hacking Healthcare:

 

Hot Links –

  1. DHS Announces National Risk Management Center. From our “Where were you when…?” department, we look at the recent Department of Homeland Security (“DHS”) National Cybersecurity Summit. The summit brought together a few hundred people from government and industry to listen to leaders discuss the importance of cybersecurity to the nation and to their world.

 

The words “collaborate”, “coordinate”, “public/private”, and “partnership” were in full force during the day long summit. If you have spent any time working for or with the government, you may be forgiven for thinking that these words are code for “we don’t really know what we want to do, but working together is better than not. Right?” And in truth, while lots of smart people are committed to making a difference, details were a bit light. DHS did announce a new federal risk management initiative, created to help coordinate risk management efforts among government and industry.[1]  The fact sheet published by DHS explains that as part of the initiative, there will be a new National Risk Management Center (“Center”) housed within DHS.[2]

 

According to DHS, the Center “will create a cross-cutting risk management approach between the private sector and government to improve the defense of our nation’s critical infrastructure.”  DHS has identified three mission areas for the Center: (1) identify, assess, and prioritize risks to national critical functions; (2) collaborate on the development of risk management strategies and approaches to manage risks to national critical functions; and (3) coordinate integrated cross-sector risk management activities.  It is encouraging that there is activity in this space, and we are supportive of DHS and its mission to coordinate and facilitate risk management approaches between the public and private sector.

[1] https://www.dhs.gov/news/2018/08/01/dhs-hosts-successful-first-ever-national-cybersecurity-summit

[2] https://www.dhs.gov/sites/default/files/publications/18_0731_cyber-summit-national-risk-management-fact-sheet.pdf

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC. Read full blog below:
Hacking Healthcare 8.014.2018 TLP White