Thank to those who attend the Cybersecurity for VistA meeting. We had a lively discussion on the four questions (see below) asked by Dr.Tibbits. For those who missed the meeting, here are the Powerpoint presentation and the recording from the meeting.
Thanks to Jack Taylor (The BITS Group) and MarkHilburger (Red Hat) for volunteering to collect and draft the response to question #3. As mentioned during the call, Don Hewitt (OSEHRA) has volunteered to draft response for question #4.
We are still looking for volunteers to draft responses for question #1 and #2.
Here are the discussions associated with each question.
1. Does the open source community have a focus on cybersecurity? (Volunteer?)
Russ Holm of Horton Works introduced two cybersecurity projects from the of the Apache Software Foundation: 1) Apache Metron - sensing, alerting, and visualization, and 2) Apache Nifi - security associated with data in motion.
2. Are projects to enhance cybersecurity proposed to OSEHRA by the open source community? If so, have any been completed? (Volunteer?)
3. Are there lessons learned from Red Hat/LINUX WRT cybersecurity that might be applicable to health IT? (Mark Hilburg and Jack Taylor)
Mark Hilburg discussed Red Hat's approach including methods and tools to deal with cybersecurity. Mark also addressed issues related to cloud implementation.
4. What is the relationship of OSEHRA certification to cybersecurity? (Don Hewitt)
Dirk Barrineau of VA mentioned the lack of security scanning tool for the M-language. He's submitted a proposal to VA to develop a tool for MUMPS. Joel Ivey mentioned the cybersecurity issues related to RPC brokers, Telnet, etc. Dirk replied that Telnet is no longer allowed to be used within VA.
Per Jack's request, a draft response template is available to each section lead for collecting and drafting the response.
Weekly Wednesday 1 PM Call Schedule: March 23, March 30, April 6, April 13 (submission to VA)
Please sign up for the OSEHRA Cybersecurity Work Group to participate in the discussion. All future notices and communication will be send to the members of the work group.