View from Arch Street

On Friday, December 28, the Department of Health and Human Services (HHS) released:  “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” [PDF]. The publication, aims to provide voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems.

The industry-led effort was in response to a mandate set forth by the Cybersecurity Act of 2015 Section 405(d), to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. The publication marks the culmination of a two-year effort that brought together over 150 cybersecurity and healthcare experts from industry and the government under the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership.

The HICP publication aims to provide cybersecurity practices for this vast, diverse, and open sector to ultimately improve the security and safety of patients. It explores the five most relevant and current threats to the industry and recommends ten Cybersecurity Practices to help mitigate these threats. The document presents real-life events and statistics that demonstrate the financial and patient care impacts of cyber incidents. It also lays out a call to action for all industry stakeholders, from C-suite executives and healthcare practitioners to IT security professionals, that protective and preventive measures must be taken now. The publication also includes two technical volumes geared for IT and IT security professionals. Technical Volume 1 focuses on cybersecurity practices for small healthcare organizations, while Technical Volume 2 focuses on practices for medium and large healthcare organizations. The last volume provides resources and templates that organizations can leverage to assess their own cybersecurity posture as well develop policies and procedures.

Merry Christmas from Arch Street!

In September 2018, the White House released a National Strategic Overview for Quantum Information Science [PDF] that directed federal research agencies to develop plans to ensure continued American leadership in QIS.  Towards that goal, the National Science and Technology Council through the National Science Foundation is seeking public input to inform this planning process. Responders are asked to answer one or more of the following questions:

1. What specific actions could the US Government take that would contribute best to implementing the policy recommendations in the Strategic Overview? What challenges, not listed in section 3, should also be taken into account in implementation of the Strategic Overview recommendations?

2. What are the scientific and technological challenges that, with substantial resources and focus over the next ten years, will transform the QIS research and development landscape?

3. Regarding industrial engagement, what roles can the U.S. Government play in enabling the innovation ecosystem around QIS-related technologies? Are there critical barriers for industrial innovation in this space? How can these barriers be addressed? What role can the U.S. Government play in mitigating early or premature investment risks?

4. How can the U.S. Government engage with academia and other workforce development programs and stakeholders to appropriately train and maintain researchers in QIS while expanding the size and scope of the `quantum-smart’ workforce?

5. What existing infrastructure should be leveraged, and what new infrastructure could be considered, to foster future breakthroughs in QIS research and development?

6. What other activities/partnerships could the U.S. Government use to engage with stakeholders to ensure America’s prosperity and economic growth through QIS research and development?

7. How can the United States continue to attract and retain the best domestic and international talent and expertise in QIS?

8. How can the United States ensure that US researchers in QIS have access to cutting-edge international technologies, research facilities, and knowledge?

The National Information Technology Research and Development (NITRD) Program issued has issued new guidance to federal agencies on Smart Cities entitled Connecting and Securing Communities.  The document instructs Federal agencies on how to enable U.S. cities and communities to build “smart” infrastructure, systems, and services.

Five high-level recommended practices are provided to inform Federal smart city and community efforts. Four effective approaches, illustrated by case studies from current and past Federal programs and projects, are provided to assist agencies in facilitating job growth and economic prosperity through Federally funded R&D in smart cities and communities.  The plan envisions agencies working with industry, local leaders, civil society, academia, and other key stakeholders to accelerate the development and implementation of new discoveries and innovations that enable cities and communities to achieve their local goals and address their most important challenges.

NIST has launched the Quantum Economic Development Consortium (QEDC) which aims to expand U.S. leadership in global quantum research and development and the emerging quantum industry in computing, communications and sensing. Quantum technologies take advantage of the unusual rules that govern the behavior of the fundamental building blocks of matter, including electrons, protons, neutrons and photons.

Announcement of the new consortium follows a Sept. 25, 2018, Quantum Information Science Summit sponsored by the White House’s Office of Science and Technology Policy. At the summit, the administration released its National Strategic Overview for Quantum Information Science, which outlines its commitment to maintaining and expanding American leadership in quantum information science.

With funding from both the government and private-sector member organizations, the QEDC will:

• determine workforce needs essential to the development of quantum technologies;
• provide efficient public-private sector coordination;
• identify technology solutions for filling gaps in research or infrastructure;
• highlight use cases and grand challenges to accelerate development efforts; and
• foster sharing of intellectual property, efficient supply chains, technology forecasting and quantum literacy.