Ransomware Impacts

Q&A with Theresa Fersch

Theresa Fersch is a Principal Systems Engineer with 15 years of exercise design and development expertise.

What is IDEAS?

As part of our continued focus on solving problems for a safer world, MITRE recognizes that one of our nation’s greatest challenges is that threats and adversaries are constantly evolving. Technology advances by leaps and bounds, our adversaries are becoming faster and stronger, and disruptions are becoming even more disruptive. To stay ahead of the game, we must continuously be checking and refining our assumptions, methods, and strategies. Tabletop exercises are a form of serious games that have long been used by the Department of Defense (DOD), Department of Homeland Security (DHS), the Intelligence Community (IC), and other government agencies to sharpen their focus on a problem set and their understanding of the people, processes, and technologies associated with them. Based on our previous experience, MITRE experts have developed a methodology for implementing and scaling table top exercises we call Intelligence Driven Exercises and Solutions or IDEAS.

Why is MITRE unique?

Over the last 15 years, I have led a small team of diverse subject matter experts (SME) at MITRE in tackling some of our nation’s greatest challenges by compiling lessons learned and best practices in tabletop exercise development to create a scalable and tailored methodology that can be applied to any problem set or industry.

So how did we do this?

We began with traditional tabletop exercise and wargaming methodologies and enhanced them by applying systems engineering principles and making a few key changes. We have leveraged MITRE’s culture of speed and adaptability to identify areas within these tried-and-true methods that can be standardized, replicated, and repeated. Our collaborative focus has helped us learn that by cross-pollinating expertise or applying different types of expertise to the problem set, we can identify new threats or vulnerabilities, and therefore new solutions, that might not necessarily be explored by those who are deeply familiar with the problem. By encouraging participation from specific subject matter experts, IDEAS leads build high performance teams to uniquely tailor each exercise and ensure a high degree of relevance to the problem set being explored. Our exercises and solutions provide an environment wherein participants can safely and boldly explore dynamic problem sets in unique ways to bolster understanding, identify areas for improvement, develop actionable recommendations, and harvest lessons learned.

Applying to cyber in the healthcare sector

While IDEAS began as an exercise methodology for the intelligence community, MITRE has since applied this method to numerous industries and sectors. To date, we have developed and conducted exercises ranging across cybersecurity, healthcare, economics, transportation, intelligence, international relations, defense, supply chain, and emergency management.

Most recently, MITRE has been working with Health Delivery Organizations (HDOs) across the country to build and conduct exercises with a focus on stressing, improving, and validating responses to cyberattacks.

Cyberattacks can have devastating impacts not only from a business continuity perspective, but from a patient health and safety perspective as well. We work with HDOs to fully understand their ecosystems: the roles and responsibilities of key security and emergency response personnel involved, the processes, procedures, and plans currently in place, and their technical capabilities and systems. This vital information, combined with MITRE’s extensive expertise in cybersecurity, informs exercise development to produce exercises that are relevant, realistic, and effective at exercising an HDO’s response to cyberattacks.

We exercise concepts such as:

• Ransomware
• Extortion demands
• Negative impacts on electronic health records (EHR), medical devices, and clinical operations
• Interactions with pharmacies and other external partners
• Disaster recovery
• Business continuity during system downtime
• Communications across the organization
• Executive level decision making
• Patient harm
• Adverse publicity

It is our goal to ensure everyone who works with us is fully prepared to handle cyber attacks on their healthcare systems.

Interested in conducting table top exercises at your organization?

Learn more about how MITRE can help support your organization: https://healthcyber.mitre.org/blog/resources/cyber-tabletop-exercises/