How Entities Can Use Info-Sharing to Beat Cyber AdversariesCISA's Nitin Natarajan on Critical Role of Threat Intelligence in the Health Sector
Sharing information and threat intelligence "collectively" is critical in order for health and public health sector entities to be able to defeat their cyber adversaries, said Nitin Natarajan, deputy director of the Cybersecurity Information and Security Agency.
That includes information sharing between health sector entities, the security intelligence community, researchers and global partners as well as U.S. government agencies, such as CISA, Natarajan said.
"How do we make sure we're sharing with our private sector colleagues, and how do we make sure they're sharing with us?" he asked. "They have the best visibility into what they're seeing on their networks. So, how do we make sure we have that effective exchange of information?"
Natarajan said CISA has made hundreds of notifications so far this year. "What we're able to do with the research community and global partners - if we know that an adversary has essentially dropped a payload onto somebody's network, we're able to call them and say, 'Somebody's on your networks. We've seen indicators of compromise. These are steps you can take to evict that adversary before they lock up your network,'" he said.
In this video interview at the recent Information Security Media Group healthcare security summit in New York City, where Natarajan served as a keynote speaker, he also discussed:
- How the cyberthreat landscape is evolving globally, including among nation-state and cyber terrorist groups;
- Steps to get healthcare sector leaders more involved and proactive in defending against cyberthreats;
- The importance of patching, multifactor authentication and other "basic hygiene" that often get skimped on, which gets entities into trouble.
Natarajan, who was appointed deputy director of CISA in February 2021, previously served in a variety of public and private sector positions spanning over 30 years. Most recently, he worked as a consulting firm executive, providing subject matter expertise on a variety of national security topics. Natarajan also held a number of federal government roles, including deputy assistant administrator at the U.S. Environmental Protection Agency, director of critical infrastructure policy at the White House/National Security Council, and director at the U.S. Department of Health and Human Services, overseeing healthcare and public health programs.