Skip to main content

Health-ISAC Hacking Healthcare 3-16-2021

TLP White: This week, Hacking Healthcare begins by re-examining the issue of social media misinformation and the effects it has on the public health sector. Next, in our continuing coverage of the fallout from the SolarWinds supply-chain compromise, we take a look at a proposal to create “software cleanliness ratings” to help incentivize informed software acquisition and software development best practices. Finally, we briefly cover China’s attempt to spread its influence within international standards bodies and what it could mean for healthcare.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

 

Welcome back to Hacking Healthcare.

 

1. Misinformation and the COVID-19 Pandemic

Last month, Facebook announced sweeping measures to help promote accurate information about COVID-19 vaccines. The actions included offering tools to help people find vaccination sites; providing support for health ministries, NGOs, and UN agencies to share vaccine information; expanding efforts to remove misinformation on Facebook and Instagram about COVID-19 vaccines; and providing data that could help build public trust in vaccines by hosting surveys from academic institutions on Facebook to show trends and attitudes.[1]

However, a month after Facebook’s announcement, posts sharing misinformation about the COVID-19 vaccine are still appearing on the platform and are gaining thousands of interactions before they are taken down. Since Facebook’s policy change, a conservative estimate of 3,200 posts containing misinformation about COVID-19 vaccines have been shared. These posts include claims that the vaccines cause neurological disorders, infertility, and is responsible for as many as 56,000 deaths. The social media giant often appears slow to react to these posts, which enables the posts to circulate more broadly and gather more views.

Taking down untrue, harmful content is not a new area of focus for Facebook. The company has dealt with many iterations of this issue but has yet to find a foolproof solution that balances eliminating harmful content with the desire to be a platform that allows the free sharing of ideas. In reference to Facebook’s track record for managing this balancing act, Joan Donovan, a specialist in disinformation and research director at Harvard University’s Shorenstein Center on Media, Politics and Public Policy summed up the central issue in an interview with Wired: “They did not build their systems for content moderation so they’re continuously trying to implement policies they do not have the technology or competency to enforce.” [2]

Action & Analysis
**Membership required**

 

2. Software Cleanliness Ratings?

Previously on Hacking Healthcare, we covered how the compromise at SolarWinds has led some lawmakers and technology companies to support exploring mandatory cyberattack disclosures and how such a policy shift could help mitigate the impact of a similar attack in the future. However, this hasn’t been the only suggested countermeasure put forward in recent weeks in response to the SolarWinds events. One proposal gathering the support of prominent Biden administration officials is the concept of “software cleanliness ratings,” which could serve as a helpful software vetting tool similar to that of sanitation ratings for restaurants.

As Recorded Future notes, the idea is similar to the concept of a software bill of materials (SBOM), something that the National Telecommunications and Information Administration (NTIA) has been working on for years with some real success.[3],[4] In effect, a software cleanliness rating would help to address cyber risk by giving organizations visibility into software they are looking to purchase.  For example, it could require companies to list the components that make up their software and provide information such as which components are open source, and which come from commercial code. Or, it could require software developers to document their development processes.

The hope is that by providing this additional insight, organizations looking to procure new software can make better and more informed risk-based decisions about the security of potential purchases. In turn, it is expected that this idea would put pressure on software developers to ensure they follow best practices.

Action & Analysis
**Membership required**

 

3. China’s Impact on International Standards

China has not been shy about its efforts to achieve global power and influence. Between openly and forcefully advocating for its interests in territorial disputes, modernizing its military, and expanding its economic influence through a host of large-scale initiatives, China has been actively operationalizing aspects of this geo-political strategy for years. But while its ambitious development and investment projects like the one-belt-one-road initiative and the construction of militarized islands in the South China Sea receive abundant media attention, China’s increasing presence in international standards bodies has gone under-appreciated by many who do not focus acutely on this important arena.[5]

Over the past several years, China has aggressively pursued increased representation in a host of international standards bodies, and its efforts have objectively been successful. From 2015 to 2017, a Chinese official headed the globally important International Standards Organization (ISO), and in 2020, China headed up 4 of the 15 United Nations specialized agencies and groups, including the International Telecommunications Union (ITU), while also leading the International Electrotechnical Commission (IEC).[6], [7]

The significance of this representation lies in China’s ability to shape international standards to China’s national security interests and economic advantage, especially as they relate to electronics, information communications technologies (ICT) and emerging technologies like artificial intelligence (AI) and the Internet of Things (IoT). China considers this strategy integral to increasing its global influence, and the impending release of its China Standards 2035 plan is expected to further emphasize this point.

Action & Analysis
**Membership required**

 

Congress

 

Tuesday, March 16th:

– No relevant hearings

 

Wednesday, March 17th:

– No relevant hearings

 

Thursday, March 18th:

– No relevant hearings

 

 

 

International Hearings/Meetings

 

– No relevant hearings

 

 

EU –

 

Wednesday, March 24th:

– European Commission: Workshop EU4Health Programme 2021

 

 

Conferences, Webinars, and Summits –       

 

 

https://h-isac.org/tmp24/events/

 

Contact us: follow @HealthISAC, and email at contact@h-isac.org

 

[1] https://about.fb.com/news/2021/02/reaching-billions-of-people-with-covid-19-vaccine-information/

[2] https://www.wired.co.uk/article/facebook-covid-disinformation

[3] https://www.ntia.gov/SBOM

[4] https://therecord.media/white-house-cybersecurity-adviser-wants-a-cleanliness-rating-for-software-security/

[5] https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative

[6] https://www.wsj.com/articles/how-china-is-taking-over-international-organizations-one-vote-at-a-time-11601397208

[7] https://www.wsj.com/articles/from-lightbulbs-to-5g-china-battles-west-for-control-of-vital-technology-standards-11612722698?mod=searchresults_pos4&page=2

This site is registered on Toolset.com as a development site.