DHS’s cyber division has stepped up protections for coronavirus research, official says

“I just want you to know that we have stepped up our protections of HHS and CDC," Bryan Ware told industry representatives Friday.
Bryan S. Ware, CISA, DHS, coronavirus cybersecurity
Bryan S. Ware speaks Jan. 14, 2020, at the Data Cloud Summit presented by Cloudera and produced by FedScoop. (Scoop News Group)

The Department of Homeland Security’s cybersecurity wing says it has put heightened defense measures for health-care-focused organizations and research facilities in place as foreign government-backed hackers continue to try to steal U.S. coronavirus research.

“I just want you to know that we have stepped up our protections of [the Department of Health and Human Services] and [the Centers for Disease Control and Prevention] — our federally-funded research organizations,” Bryan Ware, assistant director of DHS’s Cybersecurity and Infrastructure Security Agency, told industry executives Friday. “[We’ve] significantly accelerated that work.”

CISA is regularly scanning the internet-connected devices of top pharmaceutical companies and research institutions for vulnerabilities and trying to get them fixed quickly “because we are seeing adversaries that are targeting them right now,” Ware said on a webinar focused on CISA contracting opportunities.

Ware cited efforts by China and other unnamed governments to target vaccine research, echoing recent warnings from CISA and the FBI. China has denied the allegations. On Thursday, the FBI offered U.S. companies new details on the scope of hacking during the coronavirus pandemic, describing ongoing efforts to steal “proprietary research of U.S. universities and research facilities.”


Ware, who became CISA’s assistant director for cybersecurity in January, also said his agency is focused on preventing a disruptive ransomware attack on the U.S. health care sector.

“We’ve been concerned about ransomware that we’ve seen overseas in the Czech Republic and Germany and elsewhere amongst our allies,” Ware said, apparently referring to a March cyberattack on a Czech hospital and the breach earlier this month of a Germany-based health care conglomerate. “We’ve been doing a number of things to try to prevent that ransomware scenario in the U.S. that might interrupt our ability to deliver health care.”

Shifting resources

The coronavirus, which has strained federal resources while killing over 95,000 people in the U.S., has shifted many CISA analysts to focus on pandemic-related hacking threats.

“We pivoted our organization the first quarter of this year to really helping the nation with this COVID response,” Ware said of the cybersecurity division within CISA that he leads. “There’s nowhere that said that pandemic response was within our job, but we realized very quickly that our adversaries…whether they’re state actors or criminal actors, that they could present great risks to [the U.S.].”


CISA, he said, has “been very aggressive [in] working with law enforcement” to take down the slew of malicious web domains that criminals have created to try to scam people during the pandemic.

The agency has also leaned on a group of volunteers — analysts at cybersecurity companies around the world — to develop closer ties with health care organizations and alert them of hacking threats.

“We are literally engaged with hundreds of hospitals and health care companies and pharmaceutical companies that weren’t even on our radar screen in January,” Ware said.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts