If consumers learn anything from the movies, it's that machines can't be trusted. Yet trust is essential for medical devices - especially as these devices connect to the Internet of Things (IoT). Iot connectivity enables faster, smarter,and more efficient care, but it creates new opportunities for security breaches. Avoiding these breaches - and building consumer confidence - is critical because hackers could exploit private patient data and misappropriate medical equipment, possibly endangering lives.
Members of the Intel® Internet of Things Solutions Alliance (Intel® IoT Solutions Alliance) offering robust security software are working with Intel to protect critical data and preserve the benefits of IoT. The following discussion features edited excerpts from interviews with Mike Cioffi, senior security architect at McAfee, and AJ Shipley, senior director of security solutions at Wind River, who highlight how Intel-enabled embedded software technologies can help make IoT-connected medical devices more secure and trustworthy for end users.
RR: Explain your IoT strategy and how you’re working with Intel to propagate intelligent systems – particularly medical devices and systems.
Cioffi: IoT was inevitable. The communication of devices across a network is something traditional compute platforms have done for many years. Today, devices that have not had a Human-Machine Interface (HMI) in the past are beginning to gain different use cases because of IoT.
Sharing information across devices is similar to sharing information with a team of people; the group as a whole becomes more intelligent simultaneously. But with these positives come risks of improper use and unwanted/unauthorized sharing of personally identifiable information.
Trust and solution integrity are essential in the IoT. Users will only trust solutions when they are assured that devices are behaving as they were originally intended (i.e., a pacemaker does what it is supposed to do) and that devices are designed to guarantee authentication without jeopardizing individual privacy. McAfee is working with Intel to provide security at the edge device level, as well as to ensure these devices communicate securely with the cloud.
Shipley: Countless IoT-based health care service opportunities exist in hospitals, doctors’ offices, and homes, as well as through mobile applications. Machines will manage medication dosages and X-ray radiation levels. Hospitals will leverage data generated by CT scanners, X-ray machines, and other equipment to monitor and audit their usage, protecting patient safety while meeting FDA compliance requirements.
Health care companies that want to leverage the IoT can do so by connecting existing assets. Their goal is to manage and control devices remotely and utilize the data they are already generating. The solution is to build a bridge between these devices and the Internet with what is referred to as a gateway or hub. Even for the new generation of Internet-connected devices, connecting via gateways will be the most practical way to achieve scalability and minimize cost.
Wind River is working with Intel and McAfee on a new family of intelligent gateway solutions that connect legacy systems and provide common interfaces and seamless communication between devices and the cloud. This system of systems helps ensure that the data generated by devices and existing infrastructure can be shared securely between the cloud and intelligent devices for analysis.
RR: What security issues does the IoT raise for connected hospitals and clinics?
Shipley: Embedded software plays a role in a broad swath of devices from imaging systems such as CT scanners to intensive care ventilators. The rapid growth in the number, intelligence, and connectivity of medical devices has created an upward spiral in security threats.
Of all medical devices, devices that are implantable, portable, or used in a home health scenario represent a growing concern for security and information privacy. A recent report of a high-ranking U.S. government official disabling the wireless connectivity of an implantable medical device due to cyber security concerns highlights the growing need for security and data privacy.
As embedded medical devices become more complex and connected to open networks, developers and manufacturers of these devices bear the responsibility for ensuring that an adequate level of due care and due diligence regarding cyber security is exercised.
- Patient safety is the highest priority of medical device vendors and regulatory agencies.
- A major concern of medical devices is how they capture, store, and transmit sensitive patient data as well as the intellectual property of the device manufacturer. For example, data at rest on a device, however temporarily, presents a security gap if the proper precautions aren’t taken to protect that data.
- Medical devices require a static state unless the vendor has approved a specific update. If the devices are treated as IT assets, the patches meant to make the device more secure end up crippling the device, which leads to health care disruption, support calls, and technicians dispatched to repair if not reimage the software stack.
- General-purpose IT policies cannot be applied easily to specialized medical devices.
- As standard connection protocols like TCP/IP have become ubiquitous, many vendors have embraced these standards and fallen behind in implementing security for the new vectors of attack these standards allow.
RR: What steps can health care facilities take to address the security risks posed by IoT while still capitalizing on its potential benefits?
Cioffi: OEMs can take several steps to ensure the IoT phenomenon doesn't negatively affect their medical devices. First is secure boot through the use of Intel chips. The booting process is one of the biggest exposure points for the medical industry since the system is often closed box with limited I/O. Hardware security features like secure boot will allow customers to use both hardware and software to increase the overall security profile of systems based on the Bay Trail architecture. McAfee's Deep Defender helps ensure secure boot by enumerating the BIOS and checking the value of the enumeration each time.
McAfee and Intel have come together on two fronts to enhance encryption. Firstly, using Intel® Advanced Encryption Standard New Instructions (AES-NI) instructions embedded in the hardware speeds up data encryption and decryption. Secondly, Intel® Active Management Technology (Intel® AMT) provides out-of-band authentication by checking that the device can still communicate with its home ePolicy Orchestrator server, thus allowing it to boot sans typing in a password.
For additional security measures, McAfee's Integrity Control whitelists all the executable data on disk and makes it tamperproof, while McAfee's Device Control locks down the USB bus so securely that it can be configured to allow only a device with a specific embedded serial number.
Shipley: Medical device manufacturers should leverage security best practices such as SANS 20 Critical Security Controls and design their products from the beginning with security in mind. It’s important to note that no single security solution can address all existing and future risks; instead, a series of different defenses must be implemented across the system. This can be done using a layered security approach that enforces security policy from the CPU to the application software. In the best case, devices are fully protected, and in the worst case, malware is detected faster, allowing remedial action to be taken before any harm is done.
Wind River has a portfolio of products both for new development and for connecting legacy devices that can help medical device manufacturers address the security risks posed by IoT. For example, Intelligent Device Platform (Figure 1) delivers built-in security features designed to secure the communication channel, data, and end device while acting as a gateway for connecting legacy devices to other devices or the infrastructure. The platform has features designed for IoT software development that protect critical data throughout the device life cycle. It also has customizable secure remote management that ensures end device integrity via secure boot, provides encrypted communication between device and a cloud-based management console, and limits exposure to untrusted applications through device resource management.
RR: How will your company’s software work in conjunction with Intel® technologies to increase IoT security?
Cioffi: McAfee uses DeepSAFE technology (Figure 2) to make use of features that Intel builds directly into the silicon. Deep Defender goes beyond the BIOS and utilizes virtualization technology to ensure that rootkits don't embed themselves into memory where AV drivers at the OS level cannot find them. Deep Command allows remote power management as well as “boot to ISO” of connected devices regardless of the power state or network status. McAfee's ePolicy Orchestrator can help manage IoT devices and provide out-of-band management through Intel AMT.
Figure 2. McAfee DeepSAFE technology provides real-time kernel monitoring to detect and block advanced, hidden threats such as stealth rootkits and advanced persistent threats.
Shipley: Intel is building a number of security features into its processors. Wind River puts the OS, firmware, and software in place to enable those security features by default to secure the device. McAfee adds embedded endpoint security controls such as whitelisting at the device level, as well as security for the infrastructure with which the device must communicate.
The combined capabilities and expertise of Wind River, Intel, and McAfee make possible the true end-to-end security that IoT requires. Intel provides the low-power silicon foundation to host the deeply embedded OSs and applications from Wind River, as well as security solutions that McAfee has developed for the IT world, which Wind River augments for IoT applications.
Watch this video to learn how Intel, McAfee, and Wind River are collaborating to advance the IoT by providing secure, integrated solutions that scale across industries, and check back here for further discussion on the intelligent gateway products the technology trio is developing to address interoperability issues involved with connecting legacy systems to the cloud.
Contact Featured Alliance Members:
Solutions in this blog:
Roving Reporter (Intel Contractor), Intel® IoT Solutions Alliance