The letter from HIMSS to the Secretary of Homeland Security provides comments on the Draft National Cyber Incident Response Plan. HIMSS supports the plan's focus on shared responsibility for education and readiness against cyberattacks. However, HIMSS recommends expanding the plan to address: (1) cyber threats that can occur across terrestrial, sea, air and space dimensions; (2) the definition of "significant cyber incidents" as those threatening public health and safety; and (3) incorporating the growing role of artificial intelligence and machine-to-machine communications in cybersecurity defense. HIMSS offers to collaborate further with DHS on these issues regarding cybersecurity for the healthcare sector.

1. 33 West Monroe St, Suite 1700
Chicago, IL 60603-5616
Tel 312 664 4467
Fax 312 664 6143
www.himss.org
October 31, 2016
The Honorable Jeh Johnson
Secretary
US Department of Homeland Security
Washington, D.C. 20528
Dear Secretary Johnson:
On behalf of the Healthcare Information and Management Systems Society (HIMSS), we are
pleased to provide written comments regarding the Draft National Cyber Incident Response Plan
(NCIRP) which was released on September 30, 2016. HIMSS appreciates the opportunity to
comment on this plan, and we look forward to initiating dialogue with the Department of
Homeland Security (DHS) on the role that health information technology (IT) can play in
responding to cyber incidents in our nation’s healthcare infrastructure.
HIMSS is a global, cause-based, not-for-profit organization focused on better health through
information technology (IT). In North America, HIMSS focuses on health IT thought leadership,
education, market research, and media services. Founded in 1961, HIMSS North America
encompasses more than 64,000 individuals, of which more than two-thirds work in healthcare
provider, governmental, and not-for-profit organizations, plus over 640 corporations and 450 not-
for-profit partner organizations, that share this cause.
HIMSS thanks DHS for actively engaging the public on the draft NCIRP. We strongly support
the basic principle in the NCIRP that education and readiness are shared responsibilities to ensure
greater public awareness against cyber-attacks. We offer the following enhancements to ensure
the NCIRP remains relevant into the foreseeable future. Our comments focus on three categories:
(1) the dimensions of potential cyber threats; (2) clarification on what a significant cyber incident
is; and, (3) the rise of artificial intelligence as a means for cybersecurity defense.
The Dimensions of Potential Cyber Threats and Actions: Terrestrial, Sea, Air, Space
Cyber threats and actions may occur in one or more dimensions: terrestrial, sea, air, and space. IT
infrastructure and assets may exist in these dimensions. The complexity of threat and asset
response may be significantly compounded, especially when multiple dimensions are in play—
including in the private and public sectors (e.g., underwater data centers, undersea Internet cables,
satellite communications, and over-the-air communications). In light of these different possible
spheres, the NCIRP should address the multiple dimensions of cyberspace so that this response
plan is flexible and nimble enough to incorporate potential threat areas for the present time as well
as into the future.

2. 2
Significant Cyber Incidents That May Potentially Threaten Public Health and Safety
As a stakeholder in the healthcare critical infrastructure sector, HIMSS is concerned about
significant cyber incidents, including those that have the potential of threatening public health and
safety. HIMSS acknowledges that in lines 1023-1024 of the Plan, significant cyber incidents are
defined as “cyber incidents that have implications for national security or public health and safety.”
As the federal government’s decision to fund two grants for the NH-ISAC indicated, coordination
across the healthcare community is becoming increasingly important in the fight against cyber-
attacks. Collaboration with the NH-ISAC and other stakeholders, particularly on threat
identification and incident mitigation, will have a significant impact on public health and safety.
For our part, HIMSS hosts a Cybersecurity Hub at the HIMSS Innovation Center in Cleveland,
Ohio, to address cybersecurity education for health stakeholders. In addition, we have released a
Call to Action to highlight the need for healthcare to support the use of the NIST Cybersecurity
Framework to create a privacy and security framework that is scalable for a wide range of health-
related organizations. We are also committed to working with the federal government and other
stakeholders to develop a plan of action to resolve the shortage of qualified cybersecurity
personnel, thus ensuring health-related organizations can be active partners in deterring and
mitigating cyber-attacks.
Machine-to-Machine (M2M) Communications and the Role of Artificial Intelligence
On October 13, 2016, the White House hosted the “White House Frontiers Conference.” Without
a doubt, IT will be transformed by artificial intelligence (AI) advances going forward.
Cybersecurity, too, will likely be vastly different in the future with AI. Zero-day vulnerabilities
can be fixed within minutes and not days or months—with the help of AI. The challenges that the
public and private sector face with cybersecurity defense today will likely be overcome tomorrow
with innovations such as AI technology. Further, cyber threat intelligence analysis and automated
threat response capabilities use AI capabilities and machine-to-machine (M2M) communications.
There are also predictions that, within a few decades, computers may commit more cybercrimes
than humans. Additionally, in the future, machines may create other machines (such as those
whose purpose is to commit cybercrimes)—potentially taking the human threat actor out of the
equation.
With all of these considerations in mind, HIMSS suggests that the NCIRP be revised to
acknowledge the role of AI and M2M in shaping cybersecurity and, specifically, cyber incident
response. A few areas in which such edits may be made include the following:
 Line 837 (Screening, Search, and Detection—Critical Tasks):
Locate persons, machines, and networks associated with cyber threats or acts.
 Line 863 (Threat Response Core Capabilities—Critical Tasks):
Interdict persons, machines, and networks associated with a potential cyber threat or act.
 Line 887 (Threats and Hazards Identification-Critical Tasks):
Ensure that the right people, machines, and networks receive the right data at the right time.

3. 3
Overall, HIMSS is committed to becoming an even greater resource to DHS and its agencies as it
works toward its mission of securing our nation from the various threats we face, especially as
they relate to the health sector.
We look forward to the opportunity to discuss these issues with you in more depth. Please feel
free to contact Jeff Coughlin, Senior Director of Federal & State Affairs, at 703.562.8824, or Eli
Fleet, Director of Federal Affairs, at 703.562.8834, with questions or for more information.
Thank you for your consideration.
Sincerely,
Michael H. Zaroukian, MD, PhD, MACP, FHIMSS H. Stephen Lieber, CAE
Vice President & Chief Medical Information Officer President & CEO
Sparrow Health System HIMSS
Chair, HIMSS North America Board of Directors