May 17 2010 9:00AM GMT
Posted by: Azaltsman
, howard schmidt
, private partnerships
, white house
Howard Schmidt, the newly-appointed White House cyber security coordinator, gave a fantastic presentation about the four guiding principles of his cyber security plan:
- Apply Deterrence
- Partnerships (with private industry)
Deterrence is a primary factor in preventing cyber security threats. Applying strong protection, like two factor authentication, one time passwords, smart cards, and implementing standard data protection systems were mentioned.
Resilience is the ability to recover from an attack. Designing systems that are able to recover from an attack is paramount to national security, and especially protected health information (PHI). It was noted (in a different part) of the NIST Conference that doctors relying on Health information systems (HIT) need to ensure that a disaster recovery and backup plan is in place and is tested regularly. A doctor’s office or a hospital would be nearly impossible to operate if access to PHI is not available after moving entirely to electronic medical records.
Privacy is important to the White House. It’s clear that legislation and the regulations that follow have privacy in mind. An good example is the Breach Notification law written into section 13402 in the HITECH ACt, part of the American Recovery and Reinvestment Act of 2009 (ARRA). The HITECH Act specifically provides safe harbors in case of a breach of encrypted PHI. The government is clearly incentivizing the use of data encryption to protect privacy.
Partnerships with private industry were mentioned as well, although not in too much detail. Perhaps the White House wants to make sure that whatever steps they put in place have transparency to the public and the private industry.