Minutes and Recording from the Community Call on Cybersecurity for VistA - March 16, 2016

Thank to those who attend the Cybersecurity for VistA meeting.  We had a lively discussion on the four questions (see below) asked by Dr.Tibbits.  For those who missed the meeting, here are the Powerpoint presentation and the recording from the meeting.

Thanks to Jack Taylor (The BITS Group) and MarkHilburger (Red Hat) for volunteering to collect and draft the response to question #3.  As mentioned during the call, Don Hewitt (OSEHRA) has volunteered to draft response for question #4.

We are still looking for volunteers to draft responses for question #1 and #2.

Here are the discussions associated with each question.

1.   Does the open source community have a focus on cybersecurity? (Volunteer?)

Russ Holm of Horton Works introduced two cybersecurity projects from the of the Apache Software Foundation: 1) Apache Metron - sensing, alerting, and visualization, and 2) Apache Nifi - security associated with data in motion.

2.  Are projects to enhance cybersecurity proposed to OSEHRA by the open source community? If so, have any been completed? (Volunteer?)

3.  Are there lessons learned from Red Hat/LINUX WRT cybersecurity that might be applicable to health IT? (Mark Hilburg and Jack Taylor)

Mark Hilburg discussed Red Hat's approach including methods and tools to deal with cybersecurity.  Mark also addressed issues related to cloud implementation.

4.  What is the relationship of OSEHRA certification to cybersecurity? (Don Hewitt)

Dirk Barrineau of VA mentioned the lack of security scanning tool for the M-language.  He's submitted a proposal to VA to develop a tool for MUMPS.  Joel Ivey mentioned the cybersecurity issues related to RPC brokers, Telnet, etc.  Dirk replied that Telnet is no longer allowed to be used within VA.

Per Jack's request, a draft response template is available to each section lead for collecting and drafting the response.

Weekly Wednesday 1 PM Call Schedule:  March 23, March 30, April 6, April 13 (submission to VA)

Please sign up for the OSEHRA Cybersecurity Work Group to participate in the discussion.  All future notices and communication will be send to the members of the work group.

 

 

 

 

File: 

like0

Comments

Re:Community Call on Cybersecurity for VistA - March 16, 2016

Russ Holmes's picture

Included below is our feedback on the questions from your presentation.  Hope this helps!

SLIDE 7:

1.Does the open source community have a focus on cybersecurity? 

YES – Project Metron, which used to be OpenSOC.  It has now been stood-up under the Apache open source community as project Metron and should be ready for use in the June timeframe.  We can provide a preview presentation covering what the first release is targeted to include.

2.Are projects to enhance cybersecurity proposed to OSEHRA by the open source community? If so, have any been completed? 

We would like to propose Metron once it is released in June.

Slide 12:

1.Does the open source community have a focus on cyber security?

We can volunteer to keep OSEHRA updated on Project Metron as it progresses

2.Are projects to enhance cybersecurity proposed to OSEHRA by the open source community? If so, have any been completed?

Metron well be "completed" and available in June.  It will continually be enhanced and expanded within the open source community.

 

like0