TLP:WHITE Three circles to improve health care cyber security This

TLP:WHITE Three circles to improve health care cyber security This is how we do it in Finland Perttu Halonen, NCSC-FI #FIRSTCON19 Three circles to improve health care cyber security 21 June, 2019

Some facts about Finland By Rob984 - Derived from File:Germany on the globe (Germany centered).svg, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid 70142692 By ThisisFINLAND.fi Three circles to improve health care cyber security 21 June, 2019

Sauna By Tiia Monto By Visit Lakeland Three circles to improve health care cyber security By skysauna.fi 21 June, 2019

Three circles of health care cyber security Trusted circle of experts Circle of devoted organisations Circle of common guidelines Three circles to improve health care cyber security 21 June, 2019

Some fundamental cyber security challenges on health care sector S.O.S. Three circles to improve health care cyber security 21 June, 2019

NCSC-FI's relation to health care sector Ministry Ministry of of Economic Economic Affairs Affairs and and Employment Employment Ministry Ministry of of Transport Transport and and Communications Communications NESA NESA Health Health Care Care Cyber Cyber Range Range CyberCyberHealth Health project project Hospital Hospital district district Hospital Hospital district district NCSC-FI NCSC-FI Health Health ISAC ISAC Health Health CERTs CERTs Ministry Ministry of of Social Social Affairs Affairs and and Health Health ICT ICT service service provider provider Three circles to improve health care cyber security 21 June, 2019

Trusted circle of experts Circle of devoted organisations Circle of common guidelines Health sector information sharing and analysis centre Three circles to improve health care cyber security 21 June, 2019

Finnish Health ISAC 10 organisations 7 Autonomous Voluntarybased @ Sec@ Collab Rules: Membership TLP, CHR Some discussed topics: Incidents (permanent topic) Facsimiles O365 SOC, SIEM Three circles to improve health care cyber security 21 June, 2019

On establishing an ISAC 1. Find one or a few champions and prepare facts about value of information sharing 2. Recruit a small number of trusted individuals for practical preparations 3. Agree upon ISAC's mission and rules and have them signed-off by senior management 4. Appoint operating members and organise regular meetings See for example ENISA: Network Security Information Exchanges - Good Practice Guide NIST SP 800-150 Guide to Cyber Threat Information Sharing Three circles to improve health care cyber security 21 June, 2019

On relations of people and organisations Definition Networking Coordinating Cooperating Collaborating Characteristics Exchanging information for mutual benefit. Initial level of trust. Limited time availability. Networking altering activities for mutual benefit and to achieve common purpose. Coordinating sharing resources. High level of trust. Substantial investment of time. Cooperating enhancing the capacity of another. Shared risks, responsibilities and rewards. Very high trust. Resources No need or willingness for sharing resources. Little need for sharing resources. Significant sharing of resources. Full sharing of resources. After Arthur T. Himmelman: Collaboration for a change Three circles to improve health care cyber security 21 June, 2019

On growing the maturity of an ISAC Level Fundaments Information sharing Analysis and situation awareness Projects Operation and value 3 Autonomous, broad international cooperation. Fully automated. Information provided by the ISAC essential in improvement of society's cyber security. Dedicated resources for large cross-sectoral development projects. Society relies much upon the ISAC. 2 Dedicated budget, action plan spans over 5 years, possibly international cooperation. Continuous, based on automated processes. Proactive. Information provided by the ISAC important feed to national cyber situation awareness. Significant impact on society's cyber security. Promotes and executes cross-sectoral projects. Significant value to society and sector. ISAC's expertise is widely recognised. 1 3-5 year action plan, active participation, strong mandate from senior management. Active and open information sharing also between meetings, common sharing methods. Solution centric analysis of incidents, common validation of reports prior publication. Promotes projects important for society's cyber security. Common cyber security exercises. Value recognised outside the ISAC. Annual report shared to sector organisations. 0 Initial terms of reference and action plan. Chairperson nominated from sector. Mutual trust, ad hoc information sharing between meetings. Incidents experienced by the members are discussed within the ISAC. Ad hoc commitment to projects. Value for members, reactive operations, annual report shared to members. Three circles to improve health care cyber security 21 June, 2019

Current maturity target of the Health ISAC Level Fundaments Information sharing Analysis and situation awareness Projects Operation and value 1 Active and open information sharing also between meetings, common sharing methods. Solution centric analysis of incidents, common validation of reports prior publication. Promotes projects important for society's cyber security. Common cyber security exercises. Value recognised outside the ISAC. Annual report shared to sector organisations. 3-5 year action plan, active participation, strong mandate from senior management. Three circles to improve health care cyber security 21 June, 2019

Trusted circle of experts Circle of devoted organisations Circle of common guidelines Coordinated cyber security projects Three circles to improve health care cyber security 21 June, 2019

Cyber-Health project NESA funded Runs 2018–2019 Cyber security competence development for health care professionals About the same members as in Health ISAC Cyber security requirements for suppliers Tools and practices for health care SOCs System criticality classification Three circles to improve health care cyber security 21 June, 2019

Health Care Cyber Range — project topics EU funded Runs 2019–2021 Builds on top of Realistic Global Cyber Environment platform Wide range of partners Development of exercise activity in hospitals Need-based development of skills and processes Cooperation networks Implementation of HCCR Three circles to improve health care cyber security 21 June, 2019

On joint cyber security development projects Circle of devoted organisations Agree on scope, background, foreground Spread the word about the project Degree of Project characteristics collaboration Funding Low Small project Everyone bears their own costs Medium Needs a manager Public funding helps a lot High Intertwined with business Public funding often not applicable Three circles to improve health care cyber security 21 June, 2019

Trusted circle of experts Circle of devoted organisations Circle of common guidelines National cyber preparedness guidelines Three circles to improve health care cyber security 21 June, 2019

National social welfare and health care preparedness guidelines Ministry of Social Affairs and Health official guidelines for care providers and authorities, updated in 2018 For the first time, a cyber security specific section was included Cooperative effort by national level stakeholders Review comments by Health ISAC members and Cyber-Health project partners improved the quality Three circles to improve health care cyber security 21 June, 2019

Main topics of the guidelines Everyday preparedness Binding cyber risk management to generic risk management Resilience of organisation to disturbances in cyber environment A model for incident response and escalation References for best cyber security practices Three circles to improve health care cyber security 21 June, 2019

What's next?

Grow, deepen Share results Innovate Reinforce connections Trusted circle of experts Circle of devoted organisations Circle of common guidelines Three circles to improve health care cyber security Reiterate New best practice guidelines 21 June, 2019

Summary - Mutual trust creates continuity - Maturity model of ISACs - Devoted organisations as champions - Start with tangible project goals - Guidelines improved by feedback from the field Three circles to improve health care cyber security 21 June, 2019

Thank You! [email protected]