You are here

Cyber Resilience – Observed Challenges in Information Sharing, Applicable Lessons from an ISAC Exercise

Cyber Resilience – Observed Challenges in Information Sharing, Applicable Lessons from an ISAC Exercise

Created: Thursday, February 15, 2024 - 13:57
Categories:
Cybersecurity, OT-ICS Security, Security Preparedness

In October 2023, Health-ISAC (H-ISAC) facilitated an all-day workshop and tabletop exercise with Health-ISAC members and United States Government (USG) agencies in Washington, DC. While the exercise involved healthcare organizations, the scenario and challenges are applicable and representative broadly across all critical infrastructure sectors. The H-ISAC has released its Hobby Exercise 2023 After Action Report, which documents the lessons learned and challenges experienced upon review of its most recent Hobby Exercise Series.

H-ISAC is a significant example of the value of conducting exercises, and more importantly, the formal review of those exercises to flesh out valuable lessons and opportunities for improvement. H-ISAC holds its “Hobby Exercises” regularly in an effort to keep sector entities and government partners engaged and informed on cybersecurity challenges and the best ways to respond to widely impactful incidents. The challenges observed from these exercises are highly relevant across all critical infrastructure sectors which grapple with the same obstacles.

Members are highly encouraged to review this After Action Report (AAR) from H-ISAC (below). Among other notable observations, the report discusses the following challenges – which are NOT unique to healthcare:

  • Internal friction: Security/IT, Legal, and Information Sharing
  • Information Sharing/Blocking
  • Criticality of Information Sharing.

According to the report, a significant topic of conversation during this year’s exercise was the internal friction that can occur between an organization’s Security/IT team and their legal counsel, especially in the early stages of an incident. In particular, participants questioned if information sharing was being unnecessarily curtailed, what legal concerns prompted this limitation, and how the issue could be overcome.