2. Agenda
1. Overview
2. SIS Major Challenges
3. CommunityCyber Security
4. The Current Status…
5. Requirements
6. Life-Cycle of a Cyber Incident
7. Privacy Consent State of Mind
8. National Strategy Could Nudge SIS Forward
9. Goals
3. 1. Overview
• “Share but protect”
• Saltzer-Schroeder1 identified the desirability and difficulty of maintaining:
• “some control over the user of the information even after it has been released”
4. 2. SIS Major Challenges
• Policy Challenge
• Modeling, specifying and enforcing SIS policies
• Need intuitive yet formal models, guaranteed security properties, etc.
• Containment Challenge
• Ensure that protected information is accessible to users as permitted by the policy
• Security mechanisms such as authentication, cryptography, trusted hardware, etc.
5. 3. Community Cyber Security
• Community refers to a geographical area
• E.g. county or a city with demarcated boundary
• The Center for Infrastructure Assurance and Security at UTSA conducts nation-
wide cyber security preparedness exercises and training
• communication
• incident response
• disaster recovery
• business continuity
• security awareness, etc.
6. 4.The Current Status…
• Exchange of business cards
• No process exists for information sharing
• Technology is not the bottleneck
• Resistance due to political/competitive reasons
• Also want to avoid embarrassment
• E.g. by sharing attack data
• Participants have no clue as to what to share and how to effectively specify what to
share
7. 5. Requirements
• Need abstract models
• With rigorous mathematical foundations
• Should ease administration
• Classic models are limited
• DiscretionaryAccess Control
• Too low-level to configure
• Lattice-BasedAccess Control (E.g. Bell LaPadula)
• Rigid
• One directional info flow is not the primary concern
• Lot of work on Dynamic Coalitions
• Many times heavy-weight
• Mainly focus on technological/infrastructural integration
8. 6. Life-Cycle of a Cyber Incident
Secure Sharing in a Community
Core
Group
Incident
Group
Open
Group
Conditional
Membership
Automatic
Membership
Filtered RW
Administered
Membership
Administered
Membership
9. 7. Privacy Consent State of Mind
• The space of Privacy Consent is full of trepidation. I would like to show that
although there are complexity, there is also simplicity. The complexity
comes in fine-details.The fundamentals, and the technology, are simple
• Privacy Consent can be viewed as a "State Diagram", that is by showing
what the current state of a patients consent, we can show the changes in
state.This is the modeling tool I will use here.
10. Privacy Consent State of Mind
• I will focus on how Privacy Consent relates to the access to Health
Information, that is shared through some form of Health Information
Exchange (HIE).
• The architecture of this HIE doesn't matter, it could be PUSH or PULL or
anything else. The concepts I show can apply anywhere, but for simplicity
think only about the broad use of healthcare information
sharing across organizations.
11. Privacy Consent of OPT-OUT
• At the right is the diagram for an OPT-OUT
environment. One where the patient has the
choice to OPT-OUT, that is to stop the use of
their data. This means that there is a
presumption that when there is no evidence of
a choice by the patient, that the data can be
used.
12. Privacy Consent of OPT-IN
• At the right is the diagram for an OPT-IN
environment. In an OPT-IN environment the
patient is given the opportunity to ALLOW
sharing of their information. This means that
there is a presumption that the patient does
not want their health information shared. I
would view it more as a respect for the patient
to make the decision.
13. Privacy Consent:YES vs NO
• The reality of privacy consent is that there will be a
number of patients that will change their mind.
This is just human nature, and there are many
really good reasons they might change their mind.
A patient that has given OPT-IN authorization
might revoke their authorization. A patient that
has indicated they don't want their data to be
shared might decide that they now do want to
share their data.
14. Privacy Consent of Maybe
• There are those that have special
circumstances that really require special
handling.
• This state is an indicator, just like "YES" or
"NO", but in this case the indicator indicates
that there are patient-specific rules. These
patient-specific rules likely start with a "YES"
or a "NO" and then apply additional rules.
15. Privacy Consent of Maybe
• These additional rules might be to block a specific time-period, block a
specific report, block a specific person from access, allow a specific person
access, etc.
• These special rules are applied against each access.Note that the state
diagram shows transitions between all three states. It is possible that one
goes into the "MAYBE" state forever, or just a while.
16. 8. National Strategy Could Nudge SIS
Forward
• In the early days of the Obama administration, the president declared
cyberspace a critical asset. Since then, little more than lip service has been
paid on a policy level to the security of the country’s critical infrastructure,
despite increasing public awareness of the problem and high-profile attacks
on business and government alike.
17. National Strategy Could Nudge SIS Forward
• In December 2013, there was more movement. The White House released
the National Strategy for Information Sharing and Safeguarding which is a
framework for government agencies to share attack data to repel terrorist
threats, cyberattacks and more.
18. National Strategy Could Nudge SIS Forward
• The strategy stresses that information must be treated as a national asset
and such data must be made available to support national security, it states.
It also urges agencies to work together to identify and reduce risks, rather
than not share at all. Information, the document states, must underlie all
decisions.
19. 9. Goals
The president hopes the strategy achieves five goals:
• Drive collective action through collaboration and accountability: Using
models to build trust and simplify the processes for sharing
• Improve information discovery and access through common standards:
Doing so paves the way for less ambiguous policies. To achieve this, secure
access via authentication and authorization controls, data classification and
sharing standards is vital.
20. Goals
• Optimize mission effectiveness through shared services and
interoperability: Bettering the efficacy of how information is acquired and
shared is key here.
• Strengthen information safeguarding through structural reform, policy and
technical solutions: This calls for controls on data, monitoring for insider and
external attacks to better stave off threats to systems and information.
21. Goals
• Protect privacy, civil rights and civil liberties through consistency and
compliance: Public trust must be a key consideration here, the document
stresses. Privacy and civil protections must be built into any sharing
mechanism.