National Cyber Security

Source:  http://www.sfgate.com/news/article/SC-House-committee-crafting-cybersecurity-bill-4536300.php

If you are one of some 600,000 subscribers to the Financial Times, you may wish to change your account’s  password.

Earlier today, a few of the paper’s Twitter accounts and a blog were compromised by Bashar Assad’s thugs, bragging on their Twitter, ”Hacked by the Syrian Electronic Army.”  Earlier the FT reported that a member of the Syrian Electronic Army was interviewed by the paper’s reporters via email, and that the hacking was facilitated by phishing attacks on some of the FT’s email accounts. Yet no link was made between that correspondence, which exposed FT email accounts, to today’s hacking.

In what can best be described as English subtlety, the article describing the attack did not even made headlines on the FT’s home page. “We have now locked those accounts,” announced the FT official, who praised Twitter’s help. Nothing was said about the paper’s subscribers’ accounts. Clearly, the new two-step authentication that Twitter was supposed to establish, after the Associated Press account was hacked last month, failed.

Phishing, hacking emails, stealing passwords and compromising whatever and whoever is linked is not the only threat our cyber communications is facing today.

Discoveries that computers–used by governments, industries financial institutions and everything else–have been infected by malware, either imbedded in software or through the Internet, don’t make headlines anymore. The damages that are reported are huge, but most still go unreported and possibly have not yet been discovered and therefore the real cost is unfathomable.

While these discoveries demonstrate that security experts are catching up, it’s too little, too late. While protecting our cyber communication channels from stealth predators though the Internet is challenging, we could and should prevent the planting of malware in software by carefully vetting the designers.

However, software developers often seem more concerned with their bottom line and are cutting cost by employing cheap, unvetted labor. While their revenues may well increase, the cost to the economy and national security could be devastating.

Most public and private entities rely on and are dependent upon by the government for timely warning and for identifying the attackers after an attack. To better protect the critical infrastructure against cyberattack, DHS has contracted Northrop Grumman to begin the security accreditation process that’s required before approval to operate as a commercial services provider under the Department’s Enhanced Cybersecurity Services program.

Major private sector entities would like the government to allow them to take preventive offensive tactics against cyber attacks. Since the government prevents such measures, “Bank representatives on the Federal Advisory Council said at their last gathering on Feb. 8 in Washington that the Fed should collect and distribute threat information to lenders, law enforcement, securities exchanges and clearinghouses,” according to Bloomberg. A number of banks recently asked the Federal Reserve to take the lead in defending the financial services industry from cyberattacks by working with federal counterterrorism, intelligence, and law enforcement agencies.

The government, for its part, may have the expertise, but it’s stuck in the rut of only gathering and aggregating information on private sector cyber attacks.

In the absence of enabling legislation the FBI have been meeting with big bankers urging them to report about attacks. If the government is still at step one of cybersecurity–information sharing about attack–it appears that it cannot even manage that in a comprehensive way. On April 18, the House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA).  It was dead on arrival in the Democratic Senate, due to White House opposition.

CBS News suggested the Administration opposed it “because language in its current draft suggests that companies like Facebook, Google and Twitter, share information with the federal government without a warrant.” Huffington Post argued that the House bill doesn’t “sufficiently protect privacy and civil liberties, ensure that a civilian department–not an intelligence agency–is the primary point of entry for cybersecurity information sharing, and provide narrowly tailored liability protections that would allow the private sector to respond to threats.” And The Hill offered that “the final version of the bill did not satisfy the White House’s key principles because it would allow companies to share cyber threat information directly with the military, including the National Security Agency (NSA), without being required to remove personal information from that data first.” The Hill also said the current bill doesn’t require companies to remove information on the identity of a specific person before sharing the threat information: “CISPA requires the government to strip that personal information from the cyber threat data it receives from companies instead.”

New bipartisan legislation [PDF], “The Deter Cyber Theft Act, S. 884″ that was introduced on May 7^th, by Sens. Carl Levin, D-Mich.; John McCain, R-Ariz.; Jay Rockefeller, D-W.Va.; and Tom Coburn, R-Okla.

Levin said we should hit those who commit cyberespionage in their wallets, “by blocking imports of products or from companies that benefit from this theft.”  The law would require an annual report listing the countries involved in cyberespionage and detail the kind of data the perpetrators were stealing.  These lists could result in the president blocking imports of certain products from those countries.

This would be a welcome step in the right direction.   The trouble is one cannot be sure how the White House would react. All of its actions regarding the Chinese cyberthreat have been “let’s talk.” While the administration has more than acknowledged China’s depredations, no other steps seem to be taken. The Chairman of the Joint Chiefs of Staff, Gen. Martin Dempsey, recently visited with Chinese general Fang Fenghui, and talked about setting up a cybersecurity “mechanism.” What does that mean?  This seems to indicate that the administration is less interested in getting China to stop cyberattacks than it is in finding a compromise where no compromise ought to be seen as an outcome favorable to the United States. Remember: The Chinese want to regulate the Internet.

The May 6th Pentagon report openly blamed Chinese cyber attacks directly on its government and military.  The report also said that Chinese espionage “was designed to benefit its defense and technology industry into U.S. policy makers’ think about China.”  But there is nothing new in the report that we haven’t known about for years. In fact latest reports say the Chinese have increased their cyberattacks.

If the Defense Department is so concerned about Chinese penetration of U.S. defense systems, as the report suggests, then how does it explain its recent $10.6 million contract with the Chinese for a year’s use of their Apstar-7 satellite for data communications purposes?

On March 20, NASA administrator Charles Bolden told Congress that the agency “had closed down its technical reports database and imposed tighter restrictions on remote access to its computer systems” as a consequence of suspected espionage by an employee who happened to be a Chinese national. Bolden also said he had ordered to prevent access of “foreign nationals from designated countries — including China, Iran and North Korea — are given to NASA facilities and a moratorium on providing new access to citizens of those countries.”

Why do China, Iran, and North Korean nationals have access to NASA facilities, let alone serve as NASA contractors?   The Syrian Electronic Army’s hacking of the AP Twitter account, and falsely reporting on explosions at the White House, instantly wiped $136 billion off the DOW. The DOW came back. But what happened to those who lost the money?   A new venue for hacking into our financial system, the SEC trade-tracking computer system, has been recently introduced.  It is  purportedly designed to insulate the market from flash crashes caused by High Frequency Trading and other glitches.

SEC Commissioner Mary Shapiro broke a 2-2 commission deadlock in favor of next-day reporting on hacking, instead of an immediate reporting ostensibly because the real-time version would be too costly.   Constantine von Hoffman has said, the market is now protected thus: “1) See horse in barn; 2) see horse leave barn; and 3) go close gate.” Unfortunately, the same applies to the general state of U.S. cybersecurity.

Source:  http://www.algemeiner.com/2013/05/19/cybersecurity-still-lagging-behind/

New Delhi: Threats from terror groups like LeT and al-Qaeda, illicit financing and transnational crimes will be top on the agenda of the four-day India-US Homeland Security dialogue between Home Minister Sushil Kumar Shinde and his American counterpart beginning in Washington on Monday.

Shinde, who left early this morning for the US, will hold talks with US Secretary of Homeland Security Janet Napolitano on challenges like cyber security, counterfeit currency, illicit financing and cooperation between the two nations to tackle the crimes at the plenary session of the dialogue.

The Home Minister is leading a delegation comprising over a dozen senior officials, including Home Secretary RK Singh and Home Secretary-designate Anil Goswami, official sources said.

During the stay, Shinde will also visit the ground zero in Boston where a bomb attack took place during a marathon recently killing three persons. Both the sides are expected to take stock of the existing mechanisms such as the Joint Working Group on Counter- terrorism and the Counter-terrorism Cooperation Initiative in advancing Indo-US cooperation.

Shinde and Napolitano will also discuss how to further strengthen agency-to-agency engagement, including in the areas of intelligence exchange, information sharing, forensics and investigation, access and sharing of data relating to terrorism, security of infrastructure and transportation and trade.

The two leaders are expected to share ideas and experiences on the ongoing transformation of their countries’ security-related organisational structures and systems as well as regulatory framework in a democratic and federal environment, the sources said. The Home Minister will also have meetings with FBI Director Robert Mueller and US Attorney General Eric Holder.

Source:  http://ibnlive.in.com/news/counterterrorism-to-top-indous-security-dialogue-agenda/392632-2.html

Five dozen teenagers hunched over computers in a hotel conference room near Washington, decrypting codes, cleaning malware and fending off network intrusions to score points in the finals of a national cybersecurity contest.

Just hours later, the high-school students got a glimpse of the labor market’s appetite for their skills as sponsors such as network equipment maker Cisco Systems Inc. described career opportunities. Internships start as young as 16 atNorthrop Grumman Corp (NOC)., which reserves 20 spots for participants in the Air Force Association’s contest.

“We’re the largest provider of cybersecurity solutions to the federal government, so we know that we’ve got to help build that talent pipeline,” said Diane Miller, Northrop’s program director for the CyberPatriot contest, on the sidelines of the March event. “We just have a shortage of people applying” for the 700 positions currently open.

Security breaches experienced by institutions ranging from Facebook Inc. to the Federal Reserve are spurring spending on cybersecurity. President Barack Obama describes the threat as one of the nation’s most serious perils, while theDepartment of Defense has said the Chinese military has targeted government computers. With few specialists trained to respond to evolving attacks and most universities still adjusting to requirements, demand is overwhelming supply.

“I cannot hire enough cybersecurity professionals, I can’t find them, they’re not qualified,” said Ryan Walters, who founded mobile data security company TerraWi Inc. in 2009. The company, based in McLean, Virginia, employs 12 people and plans to expand to 20.

CyberPatriot Contest

Walters, who says he has 22 years of experience in the field, helped prepare 48 students from Marshall Academy in Falls Church, Virginia, who competed in the CyberPatriot contest this year. Twelve made it to the finals. He says he’s gotten calls from companies and government agencies to interview his protégés.

“I love the activity, it’s like a passion,” said Ramon Martinez-Diaz, a 16-year-old sophomore coached by Walters. “But it’s also great that there are so many job openings.”

Listings for cybersecurity positions rose 73 percent in the five years through 2012, 3.5 times faster than postings for computer jobs as a whole, according to Boston-based Burning Glass, a labor market analytics firm that collects data from more than 22,000 online jobs sites.

Offers Reposted

“You have to scratch your head and ask whether the supply could possibly keep up with that,” Burning Glass Chief Executive Officer Matt Sigelman said in a phone interview. Data show “employers literally just posting and reposting” their offers, he said.

There were 64,383 jobs related to cybersecurity listed for the twelve months through April, about 3 percent of all information technology positions, according to the company.

Rob Waaser found his skills in high demand. Just more than a month after graduating in December from Carnegie Mellon University in Pittsburgh with a master’s degree in information security technology and management, he started working at defense contractor Raytheon Co. Waaser chose to pursue a master’s because he said the industry is technical enough to justify the extra training.

“Cybersecurity is a good field these days to get into — there are a lot of people out there looking for talent,” said the 24-year-old, who got offers from all six of the potential employers he interviewed with. “I really didn’t have a problem finding job openings.”

Preparing Specialists

To prepare the next generation of specialists, the federal government’s National Security Agency is working to strengthen college-level education through its National Centers of Academic Excellence in Cyber Operations program, which gives a designation to universities that meet curriculum and other criteria.

Companies and government agencies are finding many candidates exiting college programs inadequately prepared for high-skill jobs crucial to cybersecurity, said Frank Reeder, co-founder of the Center for Internet Security in East Greenbush, New York, and former senior official at the U.S. Office of Management and Budget responsible for information policy.

“In the cybersecurity world, it’s still a little bit of the Wild West,” he said. For today’s gap, part of the solution is to train existing workers, he said.

Alan Paller, whose Bethesda, Maryland-based company SANS Institute provides such instruction, said many job candidates lack the hundreds of hours of lab experience needed to develop the highly-specific skills required.

‘Fighter Pilots’

“We have a huge number of frequent flyers and a tiny number of fighter pilots,” Paller said. “In the next war, people will be the tanks and the planes. We’ve got to be ready.”

The threat of cyber attacks has for the first time become a greater concern than terrorism,James Clapper, the top U.S. intelligence official, told the House Intelligence Committee during an April hearing. A spate of recent disclosures by corporations about security breaches include social network Facebook, which said it was targeted in a “sophisticated attack” by hackers in January who installed malware on laptops used by company employees.

The Fed said in February that intruders breached a website used to stay in touch with banks during emergencies, though no critical operations were affected.

Companies and governments are boosting spending on cybersecurity. Obama’s 2014 budget recommends more than $13 billion for computer network security, about $1 billion more than current levels, including a 21 percent increase at the Pentagon.

Computer Security

U.S. companies and public sector organizations will raise outlays on computer security to an estimated $89.1 billion in the fiscal year ending October 2013, more than double the 2006 level, according to data collected by the Ponemon Institute LLC. and analyzed for Bloomberg. The Traverse City, Michigan-based company conducts research on data protection and information security.

Each year JPMorgan Chase & Co. “spends approximately $200 million to protect ourselves from cyberwarfare and to make sure our data are safe and secure,” with 600 people dedicated to it, Chief Executive Officer Jamie Dimon wrote last month in a letter to shareholders. “This number will grow dramatically over the next three years.”

Increased awareness of cyber risks means more business for Boston-based Rapid7 LLC, which sells security software to small and medium companies and has more than tripled in size since 2011, now with 350 employees.

‘Cultural Fit’

“The challenge for us is finding the balance of the skillset with the cultural fit,” Chief People Officer Christina Luconi said in a phone interview. “There’s a lot of really talented hackers or people with cybersecurity skills — it’s finding those folks who want to use their skills for good, not evil.”

As a result, workers the company goes after are often being courted by other employers as well, she says.

That shows up in pay: In a survey released February of more than 6,300 U.S. information security professionals, 62 percent had gotten a salary or benefits increase. Seven percent reported a raise of 10 percent or more, with the average worker earning $109,156. The data was collected in fourth quarter 2012 for ISC(2), a global not-for-profit organization headquartered in Clearwater, Florida, specializing in information security education and certifications.

Even those without college degrees are commanding good salaries. A participant in last year’s CyberPatriot contest earned certifications and went from high-school to a job paying $62,000, said Bernie Skoch, the commissioner for the competition at the Air Force Association, a nonprofit, independent group that supports the service through educational and promotional programs.

Shaping Choices

Skoch said the goal was to get teenagers interested in science, technology, engineering and math. “Every aspect of our economy is cyber-dependent,” he said. “If we’re not drawing enough people at a young age, where you can shape their choices into these technical fields, we won’t be able to feed this technical workforce.”

The contest, which started as a pilot program in 2009 with eight Florida high-schools, attracted 1,226 teams from high-schools or institutions this year. Now, it is expanding.

“We learned that high school is too late for many students,” Skoch said. “We need to excite them at middle school.”

Source:  http://www.bloomberg.com/news/2013-05-16/cybersecurity-starts-in-high-school-with-tomorrow-s-hires.html

Industrial cyber security concerns and tactics were woven throughout The Automation Conference 2013. A keynote session focused on the myth of air-gap protection, while members of the Ask the Experts Panel on Ethernet on the Plant Floor ended by answering questions about where to start with cyber security.By Renee R. Bassett, Deputy Editor

Northrop Grumman has signed a memorandum of agreement with the Homeland Security Department to expand cybersecurity protections for the nation’s critical infrastructure.

The company is currently starting the security accreditation process required before approval to operate as a commercial services provider under the DHS Enhanced Cybersecurity Services program.

The program is an information-sharing program to assist critical infrastructure owners and operators in enhancing the cybersecurity protections of their information systems from unauthorized access, exploitation and data exfiltration, Northrop Grumman said in a release.

The department will share classified cyber threat “indicators” with designated commercial service providers, and the commercial services providers will use the threat indicators to provide approved cybersecurity services to authorized critical infrastructure entities, the company said.

“The Enhanced Cybersecurity Services program is a smart way to extend cyber protections to assets, networks and systems that are vital to the security of our country,” said Jim Myers, vice president and general manager, Cyber Solutions division, Northrop Grumman Information Systems.

Source:  http://washingtontechnology.com/articles/2013/05/14/northrop-cyber-dhs.aspx

The FBI recently granted one-day clearances to security officers and executives at numerous banks so it could share classified intelligence on the Operation Ababil campaign that’s been disrupting U.S. financial websites for almost a year.

The videoconference briefings detailed “who was behind the keyboards” of the attacks, FBI executive assistant director Richard McFeely told the Reuters Cybersecurity Summit Monday, reported Reuters. McFeely is in charge of the bureau’s criminal and cyber investigations.

[ What's happening when bank sites go down? Read Bank Hacks: 7 Misunderstood Facts. ]

Banks targeted as part of Operation Ababil have been frustrated by the lack of arrests or apparent progress in the case, McFeely said. But he said that some indictments — currently under seal — have been issued for suspects’ arrest. Suggesting that the suspects are operating in countries that have no extradition treaty with the United States, he said that the hackers might be caught when they travel to other countries. “The first time we bring someone in from out of the country in handcuffs, that’s going to be a big deal,” he said.

McFeely said the bureau has been attempting to keep cybercrime victims up-to-date in the past, admitting that the FBI was “terrible” about doing so in the past. “That’s 180 degrees from where we are now,” he said.

The self-proclaimed Muslim hacktivist group Izz ad-Din al-Qassam Cyber Fighters has claimed credit for the banking website disruptions, which it said are retaliation for the posting to YouTube in July 2012 of a film that mocks the founder of Islam. U.S. government officials, however, have accused the group of being a front for Iran. Members of the group have responded by saying they’re apolitical and hail from multiple countries.

Despite the bank attacks having been previewed in advance and now more often than not simply occurring every week, banks — after spending millions of dollars on countermeasures – have been unable to fully block the DDoS campaign. In part, that’s because attackers have managed to exploit thousands of PHP websitesthat include known vulnerabilities and install attack toolkits, which they remotely control to queue up attacks against designated banks.

The sheer scale of the DDoS attacks and the number of compromised websites is astounding. The Department of Homeland Security and FBI have reportedly been liaising with cybersecurity officials in 129 other countries and shared details of a total of 130,000 IP addresses that have been used in the attacks.

The bureau’s classified bank executive briefing comes in the wake of President Obama’s “Improving Critical Infrastructure Cybersecurity” executive order, issued in February, which instructed the Department of Homeland Security to “expedite the processing of security clearances to appropriate personnel employed by critical infrastructure owners and operators.” Critical infrastructure, the vast majority of which is privately owned, refers to the energy, oil, water, telecom, finance and transportation industries.

Some members of Congress have been calling for new laws to indemnify businesses that share cyber-attack information with law enforcement agencies. But the FBI’s outreach effort suggests that public-private information sharing is already occurring.

McFeely did, however, report that the bureau has faced difficulty gathering information about online attacks from victims, for example from defense contractors wary of speaking to the FBI. Interestingly, recent news reports suggest that online attacks against defense contractors — attributed to China — have been much more successful than previously disclosed in public, and resulted in the compromise of data relating to the latest drone and robot technologies, and might have undermined the combat reliability of the Lockheed Martin F-22 Raptor.

Source:  http://www.informationweek.com/security/attacks/fbi-briefs-bank-executives-on-ddos-attac/240154858

DUBLIN — Research and Markets(http://www.researchandmarkets.com/research/lzbwmq/global_smart_grid) has announced the addition of the “Global Smart Grid Cybersecurity Systems Market Value (2012 – 2020)” report to their offering.

Led by strong U.S. support from the Whitehouse and the U.S. Department of Energy, smart grid cybersecurity is quickly becoming a top-priority for every utility in the U.S. This fact, along with an ever growing list of utilities that have been hacked, will push the market for smart grid cybersecurity systems to $7.25 billion by 2020. Utilities such as Potomac Electric Power Co/PEPCO Holdings Inc., the City of Roseville (Roseville Electric), Baltimore Gas & Electric, Idaho Power Company, Pedernales Electric Cooperative, Inc. and Energy Services, Inc have already experienced the effects of cyber-attacks (or suspected attacks). Companies such as IBM, ViaSat, Cisco, SAIC, Black and Veatch, Lockheed Martin, and Siemens are all vying for market leadership in this space. However, only time will tell which solution ultimately wins the approval among utilities across the globe.

This analysis-ready strategic dataset includes global cybersecurity system market forecasts from 2012 to 2020, regional forecasts, and country specific forecasts for fifteen countries. In 2012, North America accounted for 42% of the global cybersecurity market, while Europe and Asia-Pacific accounted for 30% and 17%, respectively. By 2020, Asia-Pacific will hold 35% of the global cybersecurity market, while North America and Europe will account for 28% and 23% of the market, respectively. In 2017, China will overtake the U.S. as the largest smart grid cybersecurity market. From 2012 to 2020, China, Japan, South Korea, and Russia are all projected to have annual growth rates over 40%.

The major application areas in 2012 were Enterprise/Operational Communication Networks and Distribution Automation. By 2020, Distribution Automation will be the largest application area. Smart grid cybersecurity protecting operations technology (OT) will account for 40% of the global market by 2020. Systems to protect information technology (IT) are projected to account for 60% of the market by 2020.

Zpryme has refined its forecasting models over dozens of reports, expert interviews, and global utility surveys to produce granular projections based on expected demand and our first-hand knowledge of the smart grid cybersecurity market. To make this a truly industry-first dataset for actionable planning, the combined expertise of Zpryme’s global research team and Smart Grid Advisory Board provide a concise set of strategic data to capitalize on the soon-to-be booming cybersecurity market.

Key Topics Covered:

Global Smart Grid Cybersecurity Systems Market Value by OT and IT, 2012 – 2020

Global Smart Grid Cybersecurity Systems Market Value by Application Area, 2012 – 2020

• Transmission and Substations/Systems
• Advanced Metering Infrastructure (AMI)
• Customer Systems
• Enterprise/Operational Communications Architecture
• Distribution Automation (DA)

Global Smart Grid Cybersecurity Systems Market Value by Region, 2012 – 2020

Smart Grid Cybersecurity Systems Market Value by Country, 2012 – 2020

Companies Featured:

• Potomac Electric Power Co/PEPCO Holdings Inc.
• The City of Roseville (Roseville Electric)
• Baltimore Gas & Electric
• Idaho Power Company
• Pedernales Electric Cooperative, Inc
• Entergy Services, Inc
• IBM
• ViaSat
• Cisco
• SAIC
• Black and Veatch
• Lockheed Martin
• Siemens

Source:  http://www.heraldonline.com/2013/05/14/4858588/research-and-markets-global-smart.html

While hospitals may be highly advanced when it comes to saving lives, many of them are not quite as astute when it comes to securing patient and protected health information. Nine out of 10 hospitals in the U.S. have suffered a data breach or intrusion in their networks over the past two years, according to the “Third Annual Benchmark Study on Patient Privacy and Data“  by the Ponemon Institute. That is far from acceptable in any industry, but especially horrendous in a field where highly sensitive medical and personal information is at risk.

Hospitals and other healthcare organizations need to ramp up their cyber security, and these 10 tips can help.

1. Implement basic cyber security tools. At the very least, hospital networks should require the basic fundamental protection tools that every network should have. These include next generation firewalls, intrusion prevention systems, virtual private networks and secure sockets layer VPNs. NGFWs serve as an advanced form of firewall protection to combat threats that have learned to wiggle through or around traditional firewalls. VPNs and SSL VPNs allow you to send sensitive information across the very public Internet, with SSL providing an additional layer of security. All these measures help maintain the continuous flow of valid traffic while blocking the unwanted.

2. Fortify authentication measures. When someone logs in to your network, whether it’s a hospital administrator or a patient, authentication is a vital tool that should go beyond a simple password. Multi-factor authentication beefs up login procedures by using more than one authentication method while still keeping it easy for the user. Authentication is particularly important when accessing cloud-based data and logging in from smartphones, laptops and other remote devices.

3. Use role-based administration access. Another way to control access is by assigning each administrator a role. Each role has a specific set of predetermined privileges assigned to it. Admins can have more than one role if they need additional access.

4. Centralize security management. Managing the security of your hospital network should be as easy as possible, with the most effective security systems featuring a single interface where you control all network functions in a central location. Centralized management allows you to detect and respond to threats, update and configure all your security devices, manage third-party devices and review everything that’s happening without having to access dozens of components.

5. Implement real-time monitoring. The most effective monitoring system features a continuous, real-time monitoring of any potential threats, insight on security devices and information on third-party devices accessing the system. It also allows you to check out traffic statistics, blacklisted traffic, VPN tunnels and any open connections at a glance.

6. Audit security policies and compliance. HIPAA may be your hospital’s main compliance concern when it comes to protecting information, but your security policies should also address others. Policies for accessing your network should also be regularly audited to ensure they’re being maintained. Existing compliance measures constantly change while new ones may be implemented. With so much sensitive patient information to protect, hospitals especially need to stay on top of the requirements while creating their own set of rules.

7. Reporting. Easy-to-read and easy-to-understand reports are an essential feature for security management, allowing you to perform your own audits. The most useful reports will be those you can customize to meet your specific needs by accessing specific information to note trends, troubleshoot and provide historical data to help analyze and recover from an attack.

8. Customize alert escalation and incident management. If an infiltration or attack does occur on your hospital network, you want to know about it immediately. You also want a security feature that provides detailed information on what happened so you can quickly and effectively correct it. The most effective alert and incident management systems will allow you to keep a log of your corrective actions and customize alert levels so that you instantly know how great a threat you’re dealing with.

9. Install a backup system to ensure high availability. You already know that any type of system failure in a hospital is unacceptable without a feasible backup plan, and the same holds true for your network. Go for a backup management system that is automatically synchronized and allows continuous access to your network if a breach does occur.

10. Keep an eye on the future. Staying current with your hospital cyber security needs is only the first part of the equation. Your cyber security should match your hospital’s current needs, but they should also be flexible, scalable and adaptable enough to grow with you into the future. Hospitals that lack the knowledge and resources to remain on the cutting-edge of cyber security may do well to consider outsourcing their needs to a trusted provider.

Many hospitals have slowly begun to embrace the digital age, with digital platforms, the use of remote devices and electronic healthcare records. Unless they more quickly embrace security technology, however, the advances could very well serve as open season for cyber thieves and other threats.

As senior vice president of Stonesoft North America, Richard Benigno leads sales, marketing and operations for Stonesoft. Through his leadership over the past two years, Mr. Benigno doubled revenues and customers through executive sales leadership and one-to-one marketing strategies. He earned his MBA in International Business & Information Technology from Schiller International University, Heidelberg, Germany; as well as a Bachelor of Science, Biology and Chemistry from Oklahoma City University.

Source:  http://www.beckershospitalreview.com/healthcare-information-technology/hospital-cyber-security-10-emergency-prevention-tips.html