Article
Critical Infrastructure
Management & Strategy
Medical
News
Reports

ENISA report assesses CSIRT capabilities in the healthcare sector

November 12, 2021
CSIRT capabilities

The European Union Agency for Cybersecurity (ENISA) released on Thursday its report that highlights the sectoral CSIRT capabilities within the health sector since the implementation of the NIS directive. The aim of the report is to offer insights on current incident response (IR) trends, in order to draw practical recommendations about the development of IR capabilities in the healthcare sector.

The report assesses the services developed and currently used by CSIRTs (computer security incident response teams) across member states, analyzes the trends in relation to sector-specific CSIRTs, and provides recommendations to strengthen the incident response capabilities (IRC) in the health sector. The meetings of the CSIRT Network and the CyCLONe taking place these days in Ljubljana and online, have set the stage for the publication of the new report on CSIRT capabilities for increased efficiency of incident response tools and processes of specific sectors.

CSIRTs can be created for nation-states or economies, governments, commercial organizations, educational institutions, and even non-profit entities. The goal of a CSIRT is to minimize and control the damage resulting from incidents, provide effective guidance for response and recovery activities, and work to prevent future incidents from happening. CyCLONe (Cyber Crises Liaison Organisation Network) is the European Union’s liaisons link at the technical level to the political one when a large-scale cross-border cyber crisis takes place.

ENISA has been supporting the cooperation between CSIRTs and the development of the CSIRT network for more than 10 years. ENISA started evaluating CSIRT capabilities of individual NIS sectors in 2020, initially focusing on air transport and energy sectors. The European security agency also supports the cooperation of CSIRTs with law enforcement, finance, SCADA systems, and energy communities.

As cyber threats are now increasingly visible to executive committees, boards, politicians, and citizens, it is now mandatory for companies, governments, and citizens to think about and act upon cybersecurity. To face such threats, member states, and public and private entities must strengthen their IR capabilities and coordinate to strengthen CSIRT capabilities.

As critical infrastructure and services, health care organizations, including hospitals and private clinics must be prepared to face such cyber-attacks, ENISA said in its report. “Disruption of their services would lead to fundamental impact on both governments and populations. Nevertheless, the number of highly technical-skilled cybersecurity experts is insufficient. To fill the gap between the demand and the human resources available, the public and the private sector have started to work together to create new training programmes and certifications for cybersecurity experts / IR experts,” it added.

The report found that although dedicated health sector CSIRTs capabilities are still the exception in the member states, sector-specific CSIRT cooperation is developing. The lack of sector-specific knowledge or capacity of national CSIRTs, lessons learned from past incidents, and the implementation of the NIS Directive appear to be the main drivers of the creation of sector-specific incident response capabilities in the health sector, it added.

The study reveals the lack of security culture among Operators of Essential Services (OES). Because the pace of updates quickly outruns the pace of IT technology evolution when healthcare equipment usually has a lifetime of 15 years on average, vulnerabilities tend to accumulate with the obsolescence of the IT layer through the lifecycle of hardware and digital devices, ENISA said. Another challenge the healthcare sector is faced with is the complexity of systems due to the increased number of connected devices leading to an extension of the potential attack surface.

The ENISA report disclosed that the key force driving the development of incident response capabilities of CSIRTs is the information related to security requirements and the responsibilities of organizations for each sector. Shared frameworks for incident classification and threat modeling, education activities, and a network allowing communication between incident response actors constitute the main resources and tools currently supporting the development of incident response capabilities. National health sectoral CSIRTs tend to provide services better suited to the sector, it added.

The sectoral health CSIRTs remain scarce in an environment where specialized support is needed to develop incident response activities, ENISA said.

Based on the findings, the agency has advised organizations to enhance and facilitate the creation of health sector CISRTs by allowing easy access to funding, promoting capacity-building activities, and similar actions. It also suggested capitalizing on the expertise of the health CSIRTs for helping Operators of Essential Services (OES) develop their incident response capabilities, and empower health CSIRTs to develop information-sharing activities using threat intelligence, exchange of good practices, and lessons learned.

Last month, ENISA released the ninth edition of its ENISA Threat Landscape (ETL) report that observed increased targeting of critical infrastructure by cybercrime hackers. Major critical infrastructure sectors impacted were the healthcare, transportation, and energy sectors. Ransomware attacks have disrupted the operations of public health agencies, hospitals, and emergency services.

Earlier this week, the World Economic Forum (WEF) notified the healthcare sector to strengthen cybersecurity, as ransomware attacks thrive. It called upon all stakeholders for more action within the healthcare sector, as ransomware attacks are dominating the broadening scope of threats faced by these healthcare providers. Cyberattacks on healthcare have continued to plague the sector since the start of the COVID-19 pandemic.

The healthcare sector is a popular target for cybercriminals, the WEF said in a report released Monday. Unscrupulous attackers want data they can sell or use for blackmail, but their actions are putting lives at risk.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with around 14 years of experience in the areas of security, data storage, virtualization and IoT. Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with around 14 years of experience in the areas of security, data storage, virtualization and IoT. Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with around 14 years of experience in the areas of security, data storage, virtualization and IoT. Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with around 14 years of experience in the areas of security, data storage, virtualization and IoT.

Related

communications sector
US GAO calls upon CISA to evaluate cybersecurity effectiveness within the communications sector
cyberattacks
CRS report analyzes US Congress’s understanding of cyberattacks
industrial cyber
DNV joins forces with Applied Risk to build cutting-edge industrial cyber security business
maritime sector
UNCTAD wants maritime sector to adopt measures that help reduce vulnerability to cyberattacks
annual review
Ransomware, supply chains emerge as attack vectors in UK’s cyber threat landscape, says annual review
Iranian government
Iranian government-sponsored APT hackers exploiting Microsoft Exchange, Fortinet vulnerabilities
OpenVPN
Claroty’s Team82 finds new attack concept targeting OpenVPN that could let hackers get into critical infrastructures
ransomware intrusions
House Committee on Oversight and Reform works towards cracking down on ransomware intrusions
water sector
Cybersecurity of water sector emerges as a weak link in US national infrastructure
CMMC program
DoD’s new CMMC program builds on previous framework, works towards improving DIB cybersecurity