The Department of Homeland Security has sent hundreds of tailored notifications of potential vulnerabilities to the medical sector since the coronavirus pandemic began, according to an official who spoke Wednesday at a webinar hosted by cybersecurity company CrowdStrike.
The notifications are not evidence of breaches, but they provide a snapshot of just how many potential targets hackers have in the medical industry as the pandemic spreads.
Bryan Ware, assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, said the U.S. government has a secret working list of coronavirus research institutions that it can give prioritized cybersecurity protections.
The list of organizations, referred to within CISA as “Tier 1” institutions, is a short collection of under 100 universities and pharmaceutical companies working to create and distribute vaccines or other coronavirus treatments and are natural targets for elite hackers.
“At the onset of the COVID-19 pandemic, we recognized just how vital the healthcare sector was to the response,” Ware said in an email.
The new details show how the government has responded to cybersecurity threats during the pandemic, which have included efforts from sophisticated, state-backed hackers.
In May, CISA and the FBI issued a technical advisory warning that China was engaged in a robust campaign to hack institutions involved in coronavirus research, consistent with a longstanding campaign to steal intellectual property. Separately, researchers have identified a similar campaign from Iran, although it is unclear how successful those efforts have been.
The Tier 1 list is part of a CISA mission initially referred to internally as “Project Taken” after a memo agency Director Chris Krebs circulated in March. The name is a reference to the Liam Neeson movie in which the protagonist “sends a clear message to the bad guys that he will use his ‘very particular set of skills’ to protect what’s important to him,” Ware said. The agency considers it part of what President Donald Trump calls “Operation Warp Speed,” a broad effort to speed coronavirus vaccine research.
The list is curated with the FBI and the Department of Health and Human Services. CISA collects information about potential cyberthreats from a number of organizations, from the National Security Agency to civilian Slack groups of cybersecurity workers lending their free time.
“We have placed special focus on Tier 1 entities, asking our partners to be on the lookout for them in particular,” Ware said. Organizations on the list that want it can have their internet-connected devices remotely scanned for vulnerabilities.
“We’ve seen increased detection of critical vulnerabilities, and more importantly, we’ve seen the sector respond by closing critical vulnerabilities faster than any other sector,” Ware said. “We’re not where we need to be just yet, but we’re demonstrably better.”