In my role leading Product Development for Exostar, I occasionally represent our company and our solutions at events. I am especially pleased to have been invited to present our secure solutions at the upcoming NH-ISAC Biotech/Pharma Security workshop in Prague.
The National Health Information Sharing & Analysis Center (NH-ISAC) is an organization that helps health care stakeholders share best practices and strategies to mitigate cyber and physical security threats. There are 25 different ISAC organizations, across different industries, that collect, analyze, and disseminate actionable threat information to their members.
Members of the National Health ISAC include hospitals, pharmaceutical/biotech manufacturers, laboratories, medical device manufacturers, medical schools, medical R&D organizations, and more. They share resources regarding:
- Protection of valuable Personal Health Information (PHI)
- Guarding health-care related Intellectual Property
- Complying with the federal HITECH ACT and HIPAA-related privacy rights
- Adherence to National Institute of Standards and Technology (NIST) guidelines
With this intense focus on protecting information, it is no wonder that the NH-ISAC is interested in secure solutions. That’s why I wasn’t surprised to discover that they are interested in what Exostar is doing for the Aerospace & Defense industry.
Exostar has been supporting the protection of our industry’s defense chain for over a decade. In this industry we are observing certain trends, which we believe are applicable to the Healthcare sector as well:
First, the industry is made of companies that range from the large (revenue > 25B), to medium (less than $5B) and small (less than $100M). Large companies have very good governance models in place to increase the level of cyber security protection.
Next, the threat vector has migrated. Attackers now focus on the trading partners of large companies. They use these as a conduit to the large companies and ultimately the US Department of Defense. In addition, the attackers are not necessarily interested in short term gains from cyber theft. Instead, they are approaching their attacks from a strategic perspective—they have a strategic long- to medium-term plan.
In addition, 80-90% of the techniques used by attackers exploit weaknesses in Identity and Access management solutions of trading partners. Examples outside the Defense industry include the attack on Target via their HVAC supplier.
Thus, there are many reasons that other industries might look to Exostar and its A&D expertise for inspiration, including these three major ones:
- Mature cyber security posture. Because the A&D industry manufactures goods that can directly impact national security, they have mature processes and technology for protecting sensitive information. Therefore, Biotech and Pharma companies could learn a lot from A&D when looking to protect their own IP.
- Trading partners’ complexity. The large A&D organizations deal with suppliers of all sizes, many of which have multiple levels of suppliers of their own. Exostar provides secure solutions for collaborating and exchanging data within a large, distributed supply chain. Of course, this is increasingly important for health care and pharmaceutical stakeholders.
- Strict regulatory compliance. Like the health care community, the A&D industry is held to stringent standards regarding who can access information. The secure solutions Exostar provides to A&D organizations can accommodate these regulations, even if they are updated frequently.
I’m looking forward to sharing our experience in the A&D industry with Biotech/Pharma Security workshop attendees on November 7 in Prague. Also, I encourage NH-ISAC members, potential members, and related industry interested parties to register to attend.
Vijay Takanti is Senior Vice President of Product Development for Exostar.