DHS has sent hundreds of vulnerability notifications to medical sector during coronavirus pandemic

The Department of Homeland Security has sent hundreds of tailored notifications of potential vulnerabilities to the medical sector since the coronavirus pandemic began, according to an official who spoke Wednesday at a webinar hosted by cybersecurity company CrowdStrike.

The notifications are not evidence of breaches, but they provide a snapshot of just how many potential targets hackers have in the medical industry as the pandemic spreads.

Bryan Ware, assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, said the U.S. government has a secret working list of coronavirus research institutions that it can give prioritized cybersecurity protections.

The list of organizations, referred to within CISA as “Tier 1” institutions, is a short collection of under 100 universities and pharmaceutical companies working to create and distribute vaccines or other coronavirus treatments and are natural targets for elite hackers.

nn ren cyberattacks us vaccines 200513 1589411683390.focal

“At the onset of the COVID-19 pandemic, we recognized just how vital the healthcare sector was to the response,” Ware said in an email.

The new details show how the government has responded to cybersecurity threats during the pandemic, which have included efforts from sophisticated, state-backed hackers.

In May, CISA and the FBI issued a technical advisory warning that China was engaged in a robust campaign to hack institutions involved in coronavirus research, consistent with a longstanding campaign to steal intellectual property. Separately, researchers have identified a similar campaign from Iran, although it is unclear how successful those efforts have been.

The Tier 1 list is part of a CISA mission initially referred to internally as “Project Taken” after a memo agency Director Chris Krebs circulated in March. The name is a reference to the Liam Neeson movie in which the protagonist “sends a clear message to the bad guys that he will use his ‘very particular set of skills’ to protect what’s important to him,” Ware said. The agency considers it part of what President Donald Trump calls “Operation Warp Speed,” a broad effort to speed coronavirus vaccine research.

The list is curated with the FBI and the Department of Health and Human Services. CISA collects information about potential cyberthreats from a number of organizations, from the National Security Agency to civilian Slack groups of cybersecurity workers lending their free time.

“We have placed special focus on Tier 1 entities, asking our partners to be on the lookout for them in particular,” Ware said. Organizations on the list that want it can have their internet-connected devices remotely scanned for vulnerabilities.

“We’ve seen increased detection of critical vulnerabilities, and more importantly, we’ve seen the sector respond by closing critical vulnerabilities faster than any other sector,” Ware said. “We’re not where we need to be just yet, but we’re demonstrably better.”

Source link

Recent articles

Who Is Duchess Goldblatt? – The New York Times

BECOMING DUCHESS GOLDBLATTBy AnonymousFull disclosure: I know the author of this memoir. I know Duchess Goldblatt the way I know Omar Little and...

All cross-platform games (PS4, Xbox One, Nintendo Switch, and PC)

A growing number of games support play between competing platforms. Here's our list of games with cross-play. Source link

Let’s Defund the Pentagon, Too

Toward the end of his life, Martin Luther King, Jr., after agonizing about the Vietnam War in private, began denouncing it in public....

News! We Now Know That These Locations Will Reopen at Disney’s Pop Century Resort!

Disney’s Pop Century Resort will reopen to guests on...

Some Republicans Have Grown Wary of Protests, Poll Shows

Most Americans continue to support the nationwide protests against racial injustice, but with President Trump issuing an ever-more-combative barrage of attacks, new polling shows...

Leave a reply

Please enter your comment!
Please enter your name here