Something to look forward to: The Advanced Research Projects Agency for Health (ARPA-H) has announced a new program to fund innovative ideas for healthcare-related cybersecurity. Hospitals need a good IT protection now more than ever, and the NIH agency wants to efficiently automate everything.
ARPA-H, a research agency created by the US Administration two years ago to fuel innovation and "breakthrough technologies" in the healthcare industry, has a new plan to strengthen hospitals' cyberdefenses. The Universal Patching and Remediation for Autonomous Defense (UPGRADE) program wants to provide an effective answer to modern hospitals' need for protection against the most dangerous cyberthreats.
Ransomware and other cyberattacks can disrupt hospital operations with lasting repercussions, the UPGRADE program's introduction states, affecting care availability for weeks or even months. Healthcare organizations can employ different kinds of network-connected devices and technologies to manage their business and patients' data, turning digital security into a difficult area to deal with.
With UPGRADE, ARPA-H and the NIH are investing $50 million in a novel, "autonomous" cyber-security solution designed to be proactive and scalable. The US government wants to bring together device manufacturers, cybersecurity experts, and hospital IT staff to work on the common issue, with the ultimate goal of securing "whole systems" against current and future digital threats.
Also read: The Evolution of Ransomware
UPGRADE includes four main technical areas, ARPA-H said. Area 1 is focused on the development of a vulnerability mitigation platform, while area 2 is for creating "high-fidelity" digital twins of hospital IT equipment to properly test mitigations. Finally, area 3 and area 4 are focused on developing an autonomous system to detect vulnerabilities, and to "confidently" create defenses (i.e., patches and mitigations) for previously discovered flaws, respectively.
ARPA-H was created to shield the US healthcare ecosystem against cyberattacks, with voluntary security goals that could become mandatory in the future. According to Andrea Palm, deputy secretary of the US Department of Health and Human Services, the UPGRADE plan will help HHS with strengthening the US government's cybersecurity strategy in the ever-evolving cyberthreat landscape.
UPGRADE is looking for "performer teams" to submit their ideas on how to finally solve the cyber-security issue in the healthcare ecosystem. The plan expects to provide multiple awards, and ARPA-H stated that it is "uniquely" positioned to address this remarkable challenge. The agency recently launched a program to secure individual applications and devices (DIGIHEALS), and is partnering with DARPA on the Artificial Intelligence Cyber Challenge to secure open-source software used in critical infrastructure.