Don’t Poke the Bear and “Cyber Outbreak” TTX

As a reminder, this is the public version of the Hacking Healthcare newsletter. For additional in-depth analysis and opinion, become a member of H-ISAC.

Welcome back to Hacking Healthcare!

TLP White


Hot Links –

  1. Don’t poke the Bear: DHS has warned critical infrastructure operators that Russian hackers are targeting U.S. critical infrastructure firms and looking for access to systems. Their goal: gain access to ICS/SCADA systems. While healthcare organizations have not been named as targets, it would be surprising to learn that the sector wasn’t part of the Russian strategic plan. It is worth being vigilant to the attack TTPs out of caution, especially given other reporting on Russian targeting of cyber experts. The approach has been to access small vendors with poor security via spear-phishing and watering hole attacks and then leveraging trusted access to move across networks to core targets.
  2. A different model for private sector support: An interesting report from ITIF that challenges the status quo for counterintelligence. The report places domestic cybersecurity as a subset of counterintelligence and looks at historical efforts by government to support the private sector with information and assistance. This goes back to FBI programs to prevent strategic industries during World War 2. It doesn’t offer a panacea for how to fix the issue, but helpful to develop a dialogue in this space. The intelligence community has identified private sector engagement as a weak spot, but leadership has yet to articulate a model for addressing the problem. Public-private exercises, like the Cyber Outbreak series H-ISAC is launching at its fall summit may be one way to develop good ideas for pilots in this space.