小程序
传感搜
传感圈

IoMT Asset Risk Management Challenges

2022-12-13
关注

IoMT Asset Risk Management Challenges
Illustration: © IoT For All

The Internet of Medical Things (IoMT) has advanced the healthcare industry by strengthening its efficiency and accuracy. Smart medical devices have enabled doctors, physicians, nurses, and other medical staff to enhance the delivery of healthcare services and improve the patient experience. However, reaping the many benefits that these smart medical devices offer is not a straightforward task; IoMTs come with significant risks, and managing these risks is imperative to maintaining operational continuity and ensuring patient safety. Despite acknowledging this fact, healthcare delivery organizations (HDOs) struggle with managing IoMT risks, and below are four key reasons why.

'Smart medical devices come with significant risks, and managing these risks is imperative to maintaining operational continuity and ensuring patient safety.' -SepioClick To Tweet

IoMT Challenges

#1: Insufficient Authentication

IoMTs are not 802.1x compliant, meaning they require alternative authentication protocols, such as MACsec and MAB. However, these protocols rely on a device’s MAC address for identification and authentication, which brings significant challenges. A MAC address database must be created and maintained, which is a tedious task and one that is vulnerable to human error. More concerning is that MAC addresses can be easily spoofed, and some devices don’t even have one, rendering MACsec and MAB futile.

The weaknesses of MACsec and MAB mean it is difficult to precisely determine which assets are connected to the network. Whether a device was erroneously authenticated or bypassed authentication entirely, the result is the same; the risks to the enterprise are unknown.

#2: Incompatible With Agents

Smart medical devices are incompatible with traditional security and inventory tools as they do not support agents. In turn, security teams have to resort to archaic and manual methods of inventorying assets and determining their identity, which is extremely unreliable. Not only is a manual inventory impractical and impossible to maintain in real-time, but it also runs the risk of devices going unaccounted for or being mistakenly identified. As such, with the asset inventory providing an inaccurate representation of the environment, security teams cannot determine the true risks.

#3: Limited Context

IT security solutions fail to differentiate between medical devices; instead, they treat every endpoint as the same. But seeing a device can only tell so much – without deeper insights into its usage and technical properties, a device’s unique context is not understood and assessed. Establishing a device’s risk posture without a complete picture of its identity and context is a paradox that misguides security teams’ perception of risks.

#4: Not Understanding Risk

Ultimately, the greatest obstacle to managing IoMT risks is not understanding them. The aforementioned challenges all encompass visibility gaps that prevent security teams from understanding an asset’s risk. Without complete visibility, certain properties, or the device itself, get overlooked, resulting in risks not being fully understood – and one cannot manage what one cannot understand, measure, and rank.

The Root of the Problem

Overcoming asset risk management challenges requires getting to the root cause of the problem; HDO security teams must have complete visibility of all IoMTs, down to their physical properties, to ensure that risks are truly and accurately represented. Doing so provides a solid foundation for effective and comprehensive asset risk management of IoMTs.

Tweet

Share

Share

Email

  • Asset Tracking
  • Healthcare
  • Medical Devices
  • Security

  • Asset Tracking
  • Healthcare
  • Medical Devices
  • Security

参考译文
IoMT资产风险管理挑战
医疗物联网(IoMT)通过加强效率和准确性,推动了医疗保健行业的发展。智能医疗设备使医生、医生、护士和其他医务人员能够加强医疗保健服务的提供并改善患者体验。然而,获得这些智能医疗设备提供的许多好处并不是一件简单的任务;iomt具有重大风险,管理这些风险对于保持运营连续性和确保患者安全至关重要。尽管承认这一事实,但医疗保健交付组织(HDOs)在管理IoMT风险方面存在困难,以下是四个关键原因。iomt不兼容802.1x,这意味着它们需要替代身份验证协议,如MACsec和MAB。然而,这些协议依赖于设备的MAC地址进行识别和身份验证,这带来了巨大的挑战。MAC地址数据库必须创建和维护,这是一项繁琐的任务,而且很容易受到人为错误的影响。更令人担忧的是MAC地址很容易被欺骗,而一些设备甚至没有MAC地址,使得MACsec和MAB毫无用处。MACsec和MAB的弱点意味着很难精确地确定哪些资产连接到网络。无论一个设备被错误地认证还是完全绕过认证,结果都是一样的;企业面临的风险是未知的。智能医疗设备不支持代理,因此与传统的安全和库存工具不兼容。反过来,安全团队不得不求助于过时的手工方法来清点资产并确定其身份,这是非常不可靠的。手工盘点不仅不切实际,也不可能实时维护,而且还存在设备下落不明或被错误识别的风险。因此,由于资产清单提供了环境的不准确表示,安全团队无法确定真正的风险。IT安全解决方案未能区分医疗设备;相反,它们将每个端点都视为相同的。但是看到一个设备只能说明这么多——如果没有对它的使用和技术属性的更深入的了解,一个设备的独特环境就无法被理解和评估。在没有完整的身份和背景的情况下建立设备的风险态势是一个误导安全团队对风险的认知的悖论。最终,管理IoMT风险的最大障碍是不了解它们。前面提到的挑战都包含可见性差距,这阻碍了安全团队了解资产的风险。如果没有完全的可见性,某些属性或设备本身就会被忽视,导致风险不能被完全理解,并且无法管理无法理解、测量和排名的风险。要克服资产风险管理方面的挑战,就必须找到问题的根源;HDO安全团队必须完全了解所有iomt,直至其物理属性,以确保真实准确地反映风险。这为有效、全面的资产风险管理提供了坚实的基础。
您觉得本篇内容如何
评分

评论

您需要登录才可以回复|注册

提交评论

提取码
复制提取码
点击跳转至百度网盘