As the health care and education sectors have become prime targets for cyberattacks, experts from those sectors expressed their needs on May 18 for more funding and Federal collaboration to better protect the cyber posture of schools and hospitals.
At a Senate Health, Education, Labor, and Pensions (HELP) Committee hearing, witnesses explained that K-12, higher education, and health care systems are up against adversaries and organizations that have many more cyber resources at their disposal.
“Our K-12 districts are on the frontlines of protecting their data and systems against much larger, better-funded organizations and a rapidly evolving cyber threat environment,” said Amy McLaughlin, cybersecurity program director for the Consortium of School Networking. “They need access to staffing and technical resources to continue to securely deliver education.”
While a larger higher education institution may have access to more funding than a K-12 institution, Helen Norris, chief information officer at Chapman University, noted that a smaller university or community college may not have the financial means to employ a cybersecurity department.
Norris explained that higher education institutions are “challenged by the increasing number and complexity of cybersecurity regulations, which generate costs that draw resources away from managing risks.”
“My peers and I would welcome the chance to work with agencies to standardize and streamline requirements, so we can focus our limited resources on maximizing cybersecurity,” Norris said.
“We encourage continued and growing collaboration between our community and Federal agencies,” she added. “We believe that engagement and partnership with colleges and universities will help ensure effective approaches to bolstering cybersecurity.”
Collaboration and partnership with the Federal government will also be critical to strengthening cybersecurity across the healthcare sector, especially for low-income communities with fewer resources, according to Joshua Corman, founder of I Am The Cavalry.
Corman explained there is an awareness and adoption gap in these communities, which he called “target-rich but cyber-poor.”
“One of the big challenges is we don’t have sufficient reach to these cyber-poor – they don’t participate. They don’t have CISOs yet, they don’t participate in ISACs or information sharing groups. They don’t know what this is or who’s who in the pantheon of the Federal government,” Corman said.
“We have an awareness and adoption gap, but once we do engage them, I’ve tried to find fit-for-purpose things that can meet them where they are at their current skill level with empathy and get them to crawl, walk, run,” he added.
Norris agreed with Corman that expanding tools and outreach from the Federal government, especially the Cybersecurity and Infrastructure Security Agency (CISA), to underserved universities and colleges “would be excellent.”
“In addition, perhaps we could see more tools that are more focused on higher education through agencies like CISA,” Norris added. “I also think that for institutions that have fewer resources, simplifying the regulatory environment is extremely critical so that they can point their limited resources in the most effective ways.”
Chairwoman Patty Murray, D-Wash., welcomed the recommendations from the witnesses and emphasized that “families need to know we are taking action to keep them safe from our enemies.”
“We can’t just call it a day after we make technology easy to use and access. We need to make sure it is also safe and secure,” the chairwoman said. “We need to address cybersecurity attacks and ensure they are treated like the national security threat they are.”