小程序
传感搜
传感圈

How Healthy Are the IoT Devices of Healthcare?

2022-08-23
关注

Illustration: © IoT For All

The Internet of Things (IoT) is becoming an integral component of everyday life – whether we know (and like) it or not. Most industries have adopted IoT technologies thanks to the many benefits they provide for enterprises and consumers. Healthcare is no exception, with nearly 80 percent of healthcare providers adopting IoT, according to Gartner. IoT in this industry, also known as the Internet of Medical Things (IoMT), often carries out vital tasks that are fundamental to a patient’s health and wellbeing. Any disruptions or breakdowns to a device’s operability can have noticeable and even fatal consequences; hence, IoMT vulnerabilities must be accounted for and managed. Moreover, the interconnectedness of Industry 4.0 means that even seemingly innocuous IoT devices – such as HVACs and smart cameras – pose a risk to the critical environment of healthcare delivery organizations (HDOs).

'Combining the high-stake healthcare environment with the high-risk nature of IoT devices means security is imperative.' -SepioClick To Tweet

IoT (and IoMTs) devices are vulnerable by nature. More than 50 percent of IoT and IoMT devices contain critical vulnerabilities, and these highly-accessible devices often lack necessary built-in security measures – a recipe for disaster. Additionally, IoT devices are sought after by malicious actors thanks to their access to and collection of data (with Protected Healthcare Information (PHI) having the most monetary value), as well as their connectivity. Combining the high-stake healthcare environment with the high-risk nature of IoT devices means security is imperative. Yet, despite widespread knowledge of the risks associated with IoT devices, security in this domain remains weak and rudimentary, and, in 2021, IoT security projects dropped by an alarming 16 percent.

Layer 2: Limited Visibility Means Weak Authentication

IoT security begins with device authentication to ensure network access is granted only to those with authorization. IoT devices are non-802.1x compliant, meaning this authentication protocol is unsuitable. Alternative authentication protocols exist, such as MACsec and MAB, both of which rely on a device’s MAC address for authentication, using Layer 2 data packets to identify this indicator. However, a MAC address database must be created and maintained; more importantly, MAC addresses easily get spoofed, and some devices don’t even have a MAC address, thus rendering MACsec and MAB weak authentication protocols. In turn, IoT devices might get erroneously authenticated or bypass authentication altogether, subsequently gaining network access and putting the entity at serious risk. Ultimately, the weak spot in these protocols is visibility; Layer 2 data is insufficient in identifying IoT devices, and one of the greatest concerns for HDOs is that they lack the visibility to properly authenticate IoT devices.

Layer 1 Device Security: Securing Starts with Seeing

Complete visibility and, in turn, reliable authentication of IoT devices requires Physical Layer (Layer 1 device security) data. Rather than relying on traffic monitoring, Layer 1 data signals, such as noise level, voltage, signal timing, current, and more, offer greater and deeper insights into device characteristics for accurate identification. Unlike a MAC address, Layer 1 indicators cannot get changed, nor can devices hide by operating passively or out-of-band. Further, such visibility enables the detection of abnormalities in device behavior, which could indicate device manipulation. With complete visibility into IoT devices, HDOs can be sure that device authentication is accurate and reliable and that subsequent authorization processes are, too. With enhanced device authentication and authorization, risks posed by IoT devices to the healthcare environment get minimized as unauthorized devices do not gain network access, and those which are authorized get properly managed and controlled.

Conclusion

The interconnectedness of IoT devices means just one exploited vulnerability can cause significant disruptions to healthcare operations – and when human lives are at stake, the risk is too high to take. The only way to secure IoT devices and minimize their threat to the healthcare environment is to control their network access, whether that means blocking a device or restricting and heavily monitoring its access. Such control begins with authentication and relies on complete visibility, which can only be achieved when going all the way down to Layer 1.

Tweet

Share

Share

Email

  • Healthcare
  • Industry 4.0
  • Medical Devices
  • Network and Protocols
  • Security

  • Healthcare
  • Industry 4.0
  • Medical Devices
  • Network and Protocols
  • Security

参考译文
医疗IoT设备有多健康?
物联网(IoT)正在成为日常生活中不可或缺的组成部分——无论我们是否知道(或喜欢)它。由于物联网技术为企业和消费者提供了许多好处,大多数行业都采用了物联网技术。医疗保健也不例外,根据Gartner的数据,近80%的医疗保健提供商采用了物联网。该行业的物联网,也被称为医疗物联网(IoMT),通常执行对患者的健康和福祉至关重要的任务。任何对设备可操作性的破坏或故障都可能产生明显甚至致命的后果;因此,必须对IoMT漏洞进行解释和管理。此外,工业4.0的互联性意味着,即使看似无害的物联网设备(如暖通空调和智能摄像头)也会对医疗保健交付组织(HDOs)的关键环境构成风险。物联网(和iomt)设备本质上是脆弱的。超过50%的物联网和IoMT设备存在重大漏洞,这些高度可访问的设备往往缺乏必要的内置安全措施,这是造成灾难的原因。此外,物联网设备因其对数据的访问和收集(受保护的医疗保健信息(PHI)具有最大的货币价值)以及其连接性而受到恶意行为者的追捧。高风险的医疗环境与物联网设备的高风险性质相结合意味着安全势在必行。然而,尽管人们广泛了解物联网设备相关的风险,但该领域的安全仍然薄弱和初级,2021年,物联网安全项目下降了令人担忧的16%。物联网安全从设备认证开始,确保只有授权的人才能访问网络。物联网设备不兼容802.1x,认证协议不合适。另一种认证协议也存在,如MACsec和MAB,它们都依赖于设备的MAC地址进行认证,使用二层数据包来识别该指标。但是,必须创建和维护MAC地址数据库;更重要的是,MAC地址很容易被欺骗,一些设备甚至没有MAC地址,从而呈现MACsec和MAB弱认证协议。反过来,物联网设备可能会得到错误的身份验证或完全绕过身份验证,随后获得网络访问,使实体处于严重的风险。最终,这些协议的弱点是可见性;在识别物联网设备方面,第二层数据是不够的,HDOs最担心的问题之一是,它们缺乏正确认证物联网设备的可见性。物联网设备的完全可见性和可靠的认证需要物理层(第一层设备安全)数据。第一层数据信号,如噪声电平、电压、信号时序、电流等,而不是依赖于交通监控,为准确识别设备特性提供了更深入、更深刻的见解。与MAC地址不同,第一层指示灯不能改变,也不能通过被动操作或带外操作隐藏设备。此外,这种可见性允许检测设备行为中的异常,这可能表明设备操作。通过对物联网设备的完全可见性,HDOs可以确保设备认证的准确性和可靠性,以及后续的授权过程。通过加强设备认证和授权,物联网设备对医疗保健环境造成的风险降至最低,未经授权的设备无法获得网络访问,授权的设备得到适当的管理和控制。 物联网设备的互联性意味着,只要一个被利用的漏洞就可能对医疗保健业务造成重大中断,当危及到人的生命时,风险太大,不能承担。确保物联网设备安全并将其对医疗环境的威胁降到最低的唯一方法是控制其网络访问,无论这意味着封锁设备还是限制和严格监控其访问。这种控制从身份验证开始,并依赖于完全的可见性,这只能在一直向下到第1层时才能实现。
您觉得本篇内容如何
评分

评论

您需要登录才可以回复|注册

提交评论

提取码
复制提取码
点击跳转至百度网盘