TLP:WHITE

Three circles to
improve health care
cyber security
This is how we do it in Finland
Perttu Halonen, NCSC-FI
#FIRSTCON19

Three circles to improve health care cyber security 21 June, 2019

Some facts about Finland

By Rob984 - Derived from File:Germany on the globe (Germany

centered).svg, CC BY-SA 4.0, By ThisisFINLAND.fi
https://commons.wikimedia.org/w/index.php?curid=70142692

Three circles to improve health care cyber security 21 June, 2019

 Sauna

By Tiia Monto By skysauna.fi

By Visit Lakeland
Three circles to improve health care cyber security 21 June, 2019
Three circles of
health care cyber
security
Trusted circle of
experts

Circle of Circle of
devoted common
organisations guidelines

Three circles to improve health care cyber security 21 June, 2019

Some fundamental cyber security challenges on
health care sector

S.O.S.

Three circles to improve health care cyber security 21 June, 2019

NCSC-FI's relation to health care sector

Ministry of Ministry of Ministry of

Economic Affairs Transport and Health Social Affairs
and Employment Communications Care and Health
Cyber
Range

Cyber- Hospital Hospital

NESA district district
Health
project

NCSC-FI

ICT
Health
service
ISAC
provider
Health
CERTs
Three circles to improve health care cyber security 21 June, 2019
 Trusted circle of
experts

Health sector
Circle of
devoted
Circle of
common information
organisations guidelines sharing and
analysis centre
Three circles to improve health care cyber security 21 June, 2019
Finnish Health ISAC

Autonomous
10
Rules:

Voluntary- Membership
organisations
based
TLP, CHR

@ Some discussed topics:

7 Sec@ • Incidents (permanent topic)
• Facsimiles
Collab • O365
• SOC, SIEM

Three circles to improve health care cyber security 21 June, 2019

On establishing an ISAC

1. Find one or a few champions and prepare facts about value of

information sharing
2. Recruit a small number of trusted individuals for practical preparations
3. Agree upon ISAC's mission and rules and have them signed-off by
senior management
4. Appoint operating members and organise regular meetings

See for example

 ENISA: Network Security Information Exchanges - Good Practice Guide
 NIST SP 800-150 Guide to Cyber Threat Information Sharing

Three circles to improve health care cyber security 21 June, 2019

On relations of people and organisations

Definition Networking Coordinating Cooperating Collaborating

Characteristics Exchanging Networking + Coordinating + Cooperating +
information for altering sharing enhancing the
mutual benefit. activities for resources. capacity of
Initial level of mutual benefit High level of another.
trust. and to achieve trust. Shared risks,
Limited time common Substantial responsibilities
availability. purpose. investment of and rewards.
time. Very high trust.
Resources No need or Little need for Significant Full sharing of
willingness for sharing sharing of resources.
sharing resources. resources.
resources.
After Arthur T. Himmelman: Collaboration for a change

Three circles to improve health care cyber security 21 June, 2019

On growing the maturity of an ISAC
Level Fundaments Information Analysis and Projects Operation
sharing situation and value
awareness
3 Autonomous, broad Fully automated. Information provided by Dedicated resources for Society relies much upon
international cooperation. the ISAC essential in large cross-sectoral the ISAC.
improvement of society's development projects.
cyber security.
2 Dedicated budget, action Continuous, based on Proactive. Information Significant impact on Significant value to
plan spans over 5 years, automated processes. provided by the ISAC society's cyber security. society and sector. ISAC's
possibly international important feed to national Promotes and executes expertise is widely
cooperation. cyber situation cross-sectoral projects. recognised.
awareness.

1 3-5 year action Active and open Solution centric Promotes Value recognised
plan, active information analysis of projects outside the ISAC.
participation, sharing also incidents, important for Annual report
strong mandate between common society's cyber shared to sector
from senior meetings, validation of security. organisations.
management. common sharing reports prior Common cyber
methods. publication. security
exercises.
0 Initial terms of reference Mutual trust, ad hoc Incidents experienced by Ad hoc commitment to Value for members,
and action plan. information sharing the members are discussed projects. reactive operations, annual
Chairperson nominated between meetings. within the ISAC. report shared to members.
from sector.

Three circles to improve health care cyber security 21 June, 2019

Current maturity target of the Health ISAC

Level Fundaments Information Analysis and Projects Operation

sharing situation and value
awareness
1 3-5 year action Active and Solution Promotes Value
plan, active open centric analysis projects recognised
participation, information of incidents, important for outside the
strong sharing also common society's cyber ISAC. Annual
mandate from between validation of security. report shared
senior meetings, reports prior Common cyber to sector
management. common publication. security organisations.
sharing exercises.
methods.

Three circles to improve health care cyber security 21 June, 2019

 Trusted circle of
experts

Coordinated cyber
Circle of
devoted
Circle of
common security projects
organisations guidelines

Three circles to improve health care cyber security 21 June, 2019

Cyber-Health project

NESA funded Cyber security competence development

Runs 2018–2019 for health care professionals
About the same
members as in
Health ISAC Cyber security requirements for suppliers

Tools and practices for health care SOCs

System criticality classification

Three circles to improve health care cyber security 21 June, 2019

Health Care Cyber Range — project topics

EU funded Development of exercise activity in

Runs 2019–2021 hospitals
Builds on top of
Realistic Global Need-based development of skills and
Cyber Environment
platform processes
Wide range of
partners Cooperation networks

Implementation of HCCR

Three circles to improve health care cyber security 21 June, 2019

On joint cyber security development projects

Circle of devoted organisations

Agree on scope, background, foreground
Spread the word about the project

Degree of Project characteristics Funding

collaboration
Low Small project Everyone bears their own costs
Medium Needs a manager Public funding helps a lot
High Intertwined with business Public funding often not applicable

Three circles to improve health care cyber security 21 June, 2019

 Trusted circle of
experts

National cyber
Circle of
devoted
Circle of
common preparedness
organisations guidelines guidelines

Three circles to improve health care cyber security 21 June, 2019

National social welfare and health care preparedness
guidelines

Ministry of Social Affairs and Health official guidelines for care providers
and authorities, updated in 2018
For the first time, a cyber security specific section was included
 Cooperative effort by national level stakeholders
Review comments by Health ISAC members and Cyber-Health project
partners improved the quality

Three circles to improve health care cyber security 21 June, 2019

Main topics of the guidelines

Everyday preparedness
Binding cyber risk management to generic risk management
Resilience of organisation to disturbances in cyber environment
A model for incident response and escalation
References for best cyber security practices

Three circles to improve health care cyber security 21 June, 2019

What's next?
 Grow,
deepen

Trusted circle of
experts

• Share results • Reiterate

• Innovate • New best
• Reinforce practice
connections guidelines
Circle of Circle of
devoted common
organisations guidelines

Three circles to improve health care cyber security 21 June, 2019

Summary

- Mutual trust creates continuity

- Maturity model of ISACs

- Devoted organisations as champions

- Start with tangible project goals

- Guidelines improved by feedback

from the field

Three circles to improve health care cyber security 21 June, 2019

Thank You!
perttu.halonen@ncsc.fi