‘The CyberPsychology of Cyber Security’ World Cyber Security Technology Research Summit 2014
Cyber security public_health_threats_barnett_june 2014
-
Upload
charles-ed-hill -
Category
Technology
-
view
77 -
download
1
Transcript of Cyber security public_health_threats_barnett_june 2014
![Page 1: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/1.jpg)
Cyber Security Threats to Public Health
Daniel J. Barnett, MD, MPHAssociate Professor
Department of Environmental Health SciencesJohns Hopkins Bloomberg School of Public Health
![Page 2: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/2.jpg)
The Problem
• “Everything gets hacked” – Bruce Schneier
• HITECH Rollout
– Increased electronic healthcare infrastructure
– Minimal coincident healthcare security
• Healthcare as a “tantalizing opportunity” for cyberterrorism (Harries & Yellowlees 2013)
![Page 3: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/3.jpg)
Blackouts…
![Page 4: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/4.jpg)
…Chemical Spills…
![Page 5: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/5.jpg)
…and Targeted Attacks?
![Page 6: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/6.jpg)
Attack Scenarios
• EMR Data -> Targeted blackmail/broad-scale mistrust in healthcare
• Public Infrastructure -> Large-scale crisis
• Medical Devices and Hospital Infrastructure -> Direct attacks on patients and providers
![Page 7: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/7.jpg)
Healthcare seems to “[lag] behind the other critical industries, mostly because of its diverse,
fragmented nature and a relative lack of regulation when compared with, say, the
energy industry.” (Colias, 2004)
![Page 8: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/8.jpg)
What can we leverage?
Barnett, Kirk, Lord, et al., 2013
![Page 9: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/9.jpg)
Health Care Delivery System
• Vulnerabilities
– Power/public utilities dependency (GAO, 2012b)
– Direct attacks/hacking (Kramer et al., 2012)
– Theft/loss of data
• Strengths
– Specialized skill sets
– Tested in stressful situations
– Used to coordinating complex workflows
![Page 10: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/10.jpg)
Homeland Security and Public Safety
• Vulnerabilities
– Communication disruption in EMS (Kun, 2002)
– Overload of a physical attack + cyber attack (Gellman, 2002)
– Coordination is a challenge (Lord & Sharp, 2011)
• Strengths
– Scale
– Training
– Unique portfolio of force use
![Page 11: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/11.jpg)
Employers and Businesses
• Vulnerabilities
– Ill-prepared for physical attacks
– Minimally-prepared for cyber attacks
– Part of medical supply chains (De Olivera et al., 2011)
• Strengths
– Diversity of industry
– Nexus for both production and centralizing citizenry
![Page 12: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/12.jpg)
The Media
• Vulnerabilities
– Communications/utilities dependent
• Strengths
– Scope of reach and role as “legitimator” of information (Wray et al., 2004)
– Social media coordination capcity (DHS, 2012)
![Page 13: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/13.jpg)
Communities
• Vulnerabilities
– Highly vulnerable to public health effects
– Lack backups and redundancies of other groups ( Clem et al., 2003)
– Social unrest possible (Choo, 2011)
• Strengths
– They’re our friends, neighbors and strongest allies when properly mobilized and informed
![Page 14: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/14.jpg)
Academia
• Vulnerabilities
– Limited capacity to respond during an attack (Wray et al., 2004)
• Strength
– Tremendous capacity to prepare for an attack (IOM, 2002)
![Page 15: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/15.jpg)
Governmental PH Infrastructure
• Vulnerabilities
– Subject to the same physical and cyber threats as other actors
• Strengths
– Can serve as a centralized actor and facilitator in public health emergencies
![Page 16: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/16.jpg)
How do we convene these disparate groups to proactively and creatively mitigate our respective vulnerabilities, and develop resilient systems that utilize our unique strengths?
![Page 17: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/17.jpg)
Our 2013 publication discusses a list of 10 recommendations for utilizing these resources...
…but we need more than publications on this topic…
…we need real, actionable solutions, and the means to implement them
![Page 18: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/18.jpg)
Next Step
• Creation of a Common Resource Core
– A Public Health Cybersecurity Partnership
• A method for convening the public sector, the private sector and academia
• A nexus for understanding the threat landscape and implementing solutions
![Page 19: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/19.jpg)
4 C’s
We need a resource that can:
- Convene all necessary parties
- Comprehend the threat
- Create the tools we need
- Collaborate on an ongoing basis
![Page 20: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/20.jpg)
What Comprises the PHCP?
• Risk Analysis Resources Core
• New Tool R&D Group
• Evidence-Informed Training
• Inter-Institutional Exchanges
![Page 21: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/21.jpg)
Step One – Haddon Matrix
![Page 22: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/22.jpg)
22
The Haddon Matrix
![Page 23: Cyber security public_health_threats_barnett_june 2014](https://reader034.fdocuments.net/reader034/viewer/2022042817/55a2bf3d1a28abf43e8b461e/html5/thumbnails/23.jpg)
Reference & Special Acknowledgements
• Barnett DJ, Sell TK, Lord RK, Jenkins CJ, Terbush JW, Burke TA. Cyber security threats to public health. World Medical & Health Policy 2013; 5(1): 37-46.
• Robert K. Lord, Johns Hopkins University School of Medicine
• Capt James Terbush, MD, MPH, USN (Ret.), Martin, Blanck & Associates