SlideShare a Scribd company logo

Securing_Medical_Devices_v3

Download as PPT, PDF
Steve Markey
Steve Markey
1 of 16
Securing IoT Medical Devices Steven C. Markey, MSIS, PMP, CISSP, CIPP/US , CISM, CISA, STS-EV, CCSK, CCSP, Cloud + Principal, nControl, LLC Adjunct Professor
Source: NECCR Source: Fitbit
Source: HealthInfoSec Securing IoT Medical Devices
• Presentation Overview – IoT? Huh…. – Vulnerabilities & Exploits – Hacking Examples – Security / Privacy by Design – Where Do We Go From Here? Securing IoT Medical Devices
• IoT? Huh.... – IoT = Internet of Things • Ubiquitous Connectivity (e.g., 802.11x, 802.15, 3G / 4G, WMTS) • Data Portability / Interoperable Data Synching – EDI = Electronic Data Interchange • Redundant Technologies & Methods – Java, Linux, Open-source APIs, etc. – Cocoa Touch Layer, etc. – Medical / Healthcare Esoteric Language & Nuances • WMTS = Wireless Medical Telemetry Services • Regulatory Requirements: HIPAA / HITECH, FDA • Healthcare Digitization: PPACA (i.e., Obamacare) – ICD-9 / 10 for US = EDI Securing IoT Medical Devices
• Vulnerabilities & Exploits – Data in Motion (DIM) Challenges • (Distributed) Denial of Service = DoS / DDoS – Disable the Device via Signal – Dick Cheney’s Heart, No Wireless • Man in the Middle (MITM) – Sniff / Alter Packets – Economic DoS (EDoS) – Data in Use (DIU) Challenges • DLP – Is sandboxing that effective? – Data at Rest (DAR) Challenges • Jailbreak • Crack Weak Cryptography Securing IoT Medical Devices
• Hacking Examples Securing IoT Medical Devices
Source: Flickr
• Security / Privacy By Design – Security / Privacy Requirements – Threat Modelling – Misuse Cases – Compensating Controls Securing IoT Medical Devices
• Security / Privacy By Design – Security / Privacy Requirements • Access Controls – Mobile Medical Applications (MMAs) » Sandboxed w/ Strong Password Protections – Wearable Medical Devices (WMDs) » Self-contained with DLP Protections – Embedded Medical Devices (EMDs) » Secure, Configurable, Intuitive GUIs – Like a Wireless Router • Cryptography – Strong Encryption / Hashing for DAR / DIM / DIU – Transparent Data Encryption (TDE) » Follow the Apple Model – Homomorphic Encryption (HE) Securing IoT Medical Devices
• Security / Privacy By Design – Threat Modelling • Performance / DDoS / Quality of Service (QoS) • Nonrepudiation – Data, Patches • False Positives – Alerts, Data Transfer • Data Retention – Misuse Cases • EDoS – Insurance – Clinical Visits • Physiological, Psychological Stress • Device Misconfiguration – Data Loss, Transaction Integrity • GPS Securing IoT Medical Devices
• Security / Privacy By Design – Compensating Controls • SIEM Operational Awareness • Tokenization • DLP • IAM • MDM / MAM • Physical Access Controls Securing IoT Medical Devices
Securing IoT Medical Devices
• Where Do We Go From Here? – National / Industry / Workgroup Standards • FDA • HIMSS • HITRUST • NIST – Thought Leadership • OWASP • ISC2 • ISSA – Device Certification / Attestation • FDA • HITRUST Securing IoT Medical Devices
Securing IoT Medical Devices Source: HealthInfoSec
• Questions? • Contact – Email: smarkey@ncontrolsec.com – Twitter: @markes1 – LI: http://www.linkedin.com/in/smarkey

Recommended

Securing_Medical_Devices_v5
Securing_Medical_Devices_v5Securing_Medical_Devices_v5
Securing_Medical_Devices_v5Steve Markey
 
One page
One page One page
One page Devi Sri
 
Presentation
PresentationPresentation
Presentationwzad
 
call for papers - International Journal on Cryptography and Information Secur...
call for papers - International Journal on Cryptography and Information Secur...call for papers - International Journal on Cryptography and Information Secur...
call for papers - International Journal on Cryptography and Information Secur...JonesSmith7
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioDomenico Catalano
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...arpublication
 
Ijcis -->cfp
Ijcis -->cfp Ijcis -->cfp
Ijcis -->cfp JonesSmith7
 
Best practices for connecting medical devices to the cloud
Best practices for connecting medical devices to the cloudBest practices for connecting medical devices to the cloud
Best practices for connecting medical devices to the cloudGuy Vinograd ☁
 

Recommended

Securing_Medical_Devices_v5
Securing_Medical_Devices_v5Securing_Medical_Devices_v5
Securing_Medical_Devices_v5Steve Markey
 
One page
One page One page
One page Devi Sri
 
Presentation
PresentationPresentation
Presentationwzad
 
call for papers - International Journal on Cryptography and Information Secur...
call for papers - International Journal on Cryptography and Information Secur...call for papers - International Journal on Cryptography and Information Secur...
call for papers - International Journal on Cryptography and Information Secur...JonesSmith7
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioDomenico Catalano
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...arpublication
 
Ijcis -->cfp
Ijcis -->cfp Ijcis -->cfp
Ijcis -->cfp JonesSmith7
 
Best practices for connecting medical devices to the cloud
Best practices for connecting medical devices to the cloudBest practices for connecting medical devices to the cloud
Best practices for connecting medical devices to the cloudGuy Vinograd ☁
 
Medical & Healthcare IoT M2M Solutions
Medical & Healthcare IoT M2M SolutionsMedical & Healthcare IoT M2M Solutions
Medical & Healthcare IoT M2M SolutionsEurotech
 
Information technology in health care management
Information technology in health care managementInformation technology in health care management
Information technology in health care managementmohamedmoosa2
 
Security and privacy preserving challenges of e-health solutions in cloud com...
Security and privacy preserving challenges of e-health solutions in cloud com...Security and privacy preserving challenges of e-health solutions in cloud com...
Security and privacy preserving challenges of e-health solutions in cloud com...Venkat Projects
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...arpublication
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...arpublication
 
connected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture Telemedicineconnected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture TelemedicineAlessandro Sappia
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...arpublication
 
Ijwns
IjwnsIjwns
IjwnsMiajackB
 
Wearable Tech Privacy and Intellectual Property
Wearable Tech Privacy and Intellectual PropertyWearable Tech Privacy and Intellectual Property
Wearable Tech Privacy and Intellectual PropertyMike Evans
 
Medi cloud
Medi cloudMedi cloud
Medi cloudDr. Paolo Di Prodi
 
Healthcare and Cyber Security 2015 :Is India Ready?
Healthcare and Cyber Security 2015 :Is India Ready? Healthcare and Cyber Security 2015 :Is India Ready?
Healthcare and Cyber Security 2015 :Is India Ready? Apollo Hospitals Group and ATNF
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...arpublication
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
eHealth ….. How to trust a cloud?
eHealth ….. How to trust a cloud?eHealth ….. How to trust a cloud?
eHealth ….. How to trust a cloud?Mario Drobics
 
International Journal on Cryptography and Information Security ( IJCIS)
International Journal on Cryptography and Information Security ( IJCIS)International Journal on Cryptography and Information Security ( IJCIS)
International Journal on Cryptography and Information Security ( IJCIS)ijcisjournal
 
Medical applications using io t
Medical applications using io tMedical applications using io t
Medical applications using io tKPR INSTITUE OF ENGINEERING AND TECHNOLOGY
 
Internet of things & healthcare
Internet of things & healthcareInternet of things & healthcare
Internet of things & healthcarekhalidhassan105
 
AI, Blockchain, IoT for Healthcare AT A Glance
AI, Blockchain, IoT for Healthcare AT A GlanceAI, Blockchain, IoT for Healthcare AT A Glance
AI, Blockchain, IoT for Healthcare AT A GlanceAlex G. Lee, Ph.D. Esq. CLP
 
alphaMEDRIX Company - Solution Presentation
alphaMEDRIX Company - Solution PresentationalphaMEDRIX Company - Solution Presentation
alphaMEDRIX Company - Solution PresentationKonstantinos Koutsopoulos
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...arpublication
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Steve Markey
 
Alpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneAlpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneERAUWebinars
 

More Related Content

What's hot

Medical & Healthcare IoT M2M Solutions
Medical & Healthcare IoT M2M SolutionsMedical & Healthcare IoT M2M Solutions
Medical & Healthcare IoT M2M SolutionsEurotech
 
Information technology in health care management
Information technology in health care managementInformation technology in health care management
Information technology in health care managementmohamedmoosa2
 
Security and privacy preserving challenges of e-health solutions in cloud com...
Security and privacy preserving challenges of e-health solutions in cloud com...Security and privacy preserving challenges of e-health solutions in cloud com...
Security and privacy preserving challenges of e-health solutions in cloud com...Venkat Projects
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...arpublication
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...arpublication
 
connected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture Telemedicineconnected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture TelemedicineAlessandro Sappia
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...arpublication
 
Wearable Tech Privacy and Intellectual Property
Wearable Tech Privacy and Intellectual PropertyWearable Tech Privacy and Intellectual Property
Wearable Tech Privacy and Intellectual PropertyMike Evans
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...arpublication
 
eHealth ….. How to trust a cloud?
eHealth ….. How to trust a cloud?eHealth ….. How to trust a cloud?
eHealth ….. How to trust a cloud?Mario Drobics
 
International Journal on Cryptography and Information Security ( IJCIS)
International Journal on Cryptography and Information Security ( IJCIS)International Journal on Cryptography and Information Security ( IJCIS)
International Journal on Cryptography and Information Security ( IJCIS)ijcisjournal
 
Internet of things & healthcare
Internet of things & healthcareInternet of things & healthcare
Internet of things & healthcarekhalidhassan105
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...arpublication
 

What's hot (20)

Medical & Healthcare IoT M2M Solutions
Medical & Healthcare IoT M2M SolutionsMedical & Healthcare IoT M2M Solutions
Medical & Healthcare IoT M2M Solutions
 
Information technology in health care management
Information technology in health care managementInformation technology in health care management
Information technology in health care management
 
Security and privacy preserving challenges of e-health solutions in cloud com...
Security and privacy preserving challenges of e-health solutions in cloud com...Security and privacy preserving challenges of e-health solutions in cloud com...
Security and privacy preserving challenges of e-health solutions in cloud com...
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...
 
connected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture Telemedicineconnected Medical devices IoT Cybersecurity reference architecture Telemedicine
connected Medical devices IoT Cybersecurity reference architecture Telemedicine
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...
 
Ijwns
IjwnsIjwns
Ijwns
 
Wearable Tech Privacy and Intellectual Property
Wearable Tech Privacy and Intellectual PropertyWearable Tech Privacy and Intellectual Property
Wearable Tech Privacy and Intellectual Property
 
Medi cloud
Medi cloudMedi cloud
Medi cloud
 
Healthcare and Cyber Security 2015 :Is India Ready?
Healthcare and Cyber Security 2015 :Is India Ready? Healthcare and Cyber Security 2015 :Is India Ready?
Healthcare and Cyber Security 2015 :Is India Ready?
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...
 
Data Security
Data SecurityData Security
Data Security
 
eHealth ….. How to trust a cloud?
eHealth ….. How to trust a cloud?eHealth ….. How to trust a cloud?
eHealth ….. How to trust a cloud?
 
International Journal on Cryptography and Information Security ( IJCIS)
International Journal on Cryptography and Information Security ( IJCIS)International Journal on Cryptography and Information Security ( IJCIS)
International Journal on Cryptography and Information Security ( IJCIS)
 
Medical applications using io t
Medical applications using io tMedical applications using io t
Medical applications using io t
 
Internet of things & healthcare
Internet of things & healthcareInternet of things & healthcare
Internet of things & healthcare
 
AI, Blockchain, IoT for Healthcare AT A Glance
AI, Blockchain, IoT for Healthcare AT A GlanceAI, Blockchain, IoT for Healthcare AT A Glance
AI, Blockchain, IoT for Healthcare AT A Glance
 
alphaMEDRIX Company - Solution Presentation
alphaMEDRIX Company - Solution PresentationalphaMEDRIX Company - Solution Presentation
alphaMEDRIX Company - Solution Presentation
 
International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...International Journal of Computer Science Applications & Information Technolo...
International Journal of Computer Science Applications & Information Technolo...
 

Viewers also liked

Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Steve Markey
 
Alpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneAlpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneERAUWebinars
 
e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5Steve Markey
 
Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Steve Markey
 
Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Steve Markey
 
Passion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartPassion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartERAUWebinars
 
ICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINALICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINALSteve Markey
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Steve Markey
 
ERAU Webinar Slides: Global Business Environment--China Trip
ERAU Webinar Slides: Global Business Environment--China TripERAU Webinar Slides: Global Business Environment--China Trip
ERAU Webinar Slides: Global Business Environment--China TripERAUWebinars
 
Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014ERAUWebinars
 
Safety webinar with mark friend
Safety webinar with mark friendSafety webinar with mark friend
Safety webinar with mark friendERAUWebinars
 
Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2Steve Markey
 
FOJ Marketing 2015
FOJ Marketing 2015FOJ Marketing 2015
FOJ Marketing 2015Erin Perkins
 
Na it infographic_fnl
Na it infographic_fnlNa it infographic_fnl
Na it infographic_fnlThuyly Vu
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsSteve Markey
 
Presentatie hrm inspiratiedag
Presentatie hrm inspiratiedagPresentatie hrm inspiratiedag
Presentatie hrm inspiratiedagEsther Mallant
 
Maotchitim
MaotchitimMaotchitim
Maotchitimjoliff
 

Viewers also liked (20)

Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5
 
Alpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneAlpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the Capstone
 
e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5
 
Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1
 
Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12
 
Passion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartPassion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia Earhart
 
ICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINALICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINAL
 
Cryptov2 v1
Cryptov2 v1Cryptov2 v1
Cryptov2 v1
 
MARIA AUXILIADORA
MARIA AUXILIADORAMARIA AUXILIADORA
MARIA AUXILIADORA
 
SSO_Good_Bad_Ugly
SSO_Good_Bad_UglySSO_Good_Bad_Ugly
SSO_Good_Bad_Ugly
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4
 
ERAU Webinar Slides: Global Business Environment--China Trip
ERAU Webinar Slides: Global Business Environment--China TripERAU Webinar Slides: Global Business Environment--China Trip
ERAU Webinar Slides: Global Business Environment--China Trip
 
Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014
 
Safety webinar with mark friend
Safety webinar with mark friendSafety webinar with mark friend
Safety webinar with mark friend
 
Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2Vendor_Mgmt_101_IIMC_v2
Vendor_Mgmt_101_IIMC_v2
 
FOJ Marketing 2015
FOJ Marketing 2015FOJ Marketing 2015
FOJ Marketing 2015
 
Na it infographic_fnl
Na it infographic_fnlNa it infographic_fnl
Na it infographic_fnl
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clients
 
Presentatie hrm inspiratiedag
Presentatie hrm inspiratiedagPresentatie hrm inspiratiedag
Presentatie hrm inspiratiedag
 
Maotchitim
MaotchitimMaotchitim
Maotchitim
 

Similar to Securing_Medical_Devices_v3

Ccdc 2012 Wireless Data Exfiltration - building and using low cost signal int...
Ccdc 2012 Wireless Data Exfiltration - building and using low cost signal int...Ccdc 2012 Wireless Data Exfiltration - building and using low cost signal int...
Ccdc 2012 Wireless Data Exfiltration - building and using low cost signal int...warezjoe
 
Best practices for connecting medical devices to the cloud
Best practices for connecting medical devices to the cloudBest practices for connecting medical devices to the cloud
Best practices for connecting medical devices to the cloudGuy Vinograd ☁
 
SMART HEALTH AND Internet of Things (IoT) - RESEARCH Opportunities
SMART HEALTH AND Internet of Things (IoT) - RESEARCH Opportunities SMART HEALTH AND Internet of Things (IoT) - RESEARCH Opportunities
SMART HEALTH AND Internet of Things (IoT) - RESEARCH Opportunities Tauseef Naquishbandi
 
SN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoTSN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoTSukumar Nayak
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Andris Soroka
 
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)OnRamp
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidancePam Gilmore
 
REMOTE MONITORING- A RECENT ADVANCE.pptx
REMOTE MONITORING- A RECENT ADVANCE.pptxREMOTE MONITORING- A RECENT ADVANCE.pptx
REMOTE MONITORING- A RECENT ADVANCE.pptxDr. Ravikiran H M Gowda
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
International Journal on Cryptography and Information Security (IJCIS)
International Journal on Cryptography and Information Security (IJCIS)International Journal on Cryptography and Information Security (IJCIS)
International Journal on Cryptography and Information Security (IJCIS)ijcisjournal
 
Internet of Things: The story so far
Internet of Things: The story so farInternet of Things: The story so far
Internet of Things: The story so farPayamBarnaghi
 
Internet of Things: The story so far
Internet of Things: The story so farInternet of Things: The story so far
Internet of Things: The story so farCityPulse Project
 
A Secure and Efficient Cloud centric Internet of Medical Things-Enabled Smart...
A Secure and Efficient Cloud centric Internet of Medical Things-Enabled Smart...A Secure and Efficient Cloud centric Internet of Medical Things-Enabled Smart...
A Secure and Efficient Cloud centric Internet of Medical Things-Enabled Smart...suherashaik2003
 
Integrated Information Tracking Technology
Integrated Information Tracking TechnologyIntegrated Information Tracking Technology
Integrated Information Tracking TechnologyNick Nudell
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceValdez Ladd MBA, CISSP, CISA,
 

Similar to Securing_Medical_Devices_v3 (20)

Ccdc 2012 Wireless Data Exfiltration - building and using low cost signal int...
Ccdc 2012 Wireless Data Exfiltration - building and using low cost signal int...Ccdc 2012 Wireless Data Exfiltration - building and using low cost signal int...
Ccdc 2012 Wireless Data Exfiltration - building and using low cost signal int...
 
Best practices for connecting medical devices to the cloud
Best practices for connecting medical devices to the cloudBest practices for connecting medical devices to the cloud
Best practices for connecting medical devices to the cloud
 
Cobit 2
Cobit 2Cobit 2
Cobit 2
 
Main Menu
Main MenuMain Menu
Main Menu
 
Smart health
Smart healthSmart health
Smart health
 
SMART HEALTH AND Internet of Things (IoT) - RESEARCH Opportunities
SMART HEALTH AND Internet of Things (IoT) - RESEARCH Opportunities SMART HEALTH AND Internet of Things (IoT) - RESEARCH Opportunities
SMART HEALTH AND Internet of Things (IoT) - RESEARCH Opportunities
 
SN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoTSN-Security Architecture for Mobile Computing and IoT
SN-Security Architecture for Mobile Computing and IoT
 
CLOUDIFICATION FOR INTERNET OF THINGS - THE ROAD AHEAD
CLOUDIFICATION FOR INTERNET OF THINGS - THE ROAD AHEADCLOUDIFICATION FOR INTERNET OF THINGS - THE ROAD AHEAD
CLOUDIFICATION FOR INTERNET OF THINGS - THE ROAD AHEAD
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
 
IoT for Smart Healthcare Solutions
IoT for Smart Healthcare SolutionsIoT for Smart Healthcare Solutions
IoT for Smart Healthcare Solutions
 
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
 
THE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity GuidanceTHE FDA and Medical Device Cybersecurity Guidance
THE FDA and Medical Device Cybersecurity Guidance
 
REMOTE MONITORING- A RECENT ADVANCE.pptx
REMOTE MONITORING- A RECENT ADVANCE.pptxREMOTE MONITORING- A RECENT ADVANCE.pptx
REMOTE MONITORING- A RECENT ADVANCE.pptx
 
Information security principles
Information security principlesInformation security principles
Information security principles
 
International Journal on Cryptography and Information Security (IJCIS)
International Journal on Cryptography and Information Security (IJCIS)International Journal on Cryptography and Information Security (IJCIS)
International Journal on Cryptography and Information Security (IJCIS)
 
Internet of Things: The story so far
Internet of Things: The story so farInternet of Things: The story so far
Internet of Things: The story so far
 
Internet of Things: The story so far
Internet of Things: The story so farInternet of Things: The story so far
Internet of Things: The story so far
 
A Secure and Efficient Cloud centric Internet of Medical Things-Enabled Smart...
A Secure and Efficient Cloud centric Internet of Medical Things-Enabled Smart...A Secure and Efficient Cloud centric Internet of Medical Things-Enabled Smart...
A Secure and Efficient Cloud centric Internet of Medical Things-Enabled Smart...
 
Integrated Information Tracking Technology
Integrated Information Tracking TechnologyIntegrated Information Tracking Technology
Integrated Information Tracking Technology
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity GuidanceThe FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
 

Securing_Medical_Devices_v3

  • 1. Securing IoT Medical Devices Steven C. Markey, MSIS, PMP, CISSP, CIPP/US , CISM, CISA, STS-EV, CCSK, CCSP, Cloud + Principal, nControl, LLC Adjunct Professor
  • 4. • Presentation Overview – IoT? Huh…. – Vulnerabilities & Exploits – Hacking Examples – Security / Privacy by Design – Where Do We Go From Here? Securing IoT Medical Devices
  • 5. • IoT? Huh.... – IoT = Internet of Things • Ubiquitous Connectivity (e.g., 802.11x, 802.15, 3G / 4G, WMTS) • Data Portability / Interoperable Data Synching – EDI = Electronic Data Interchange • Redundant Technologies & Methods – Java, Linux, Open-source APIs, etc. – Cocoa Touch Layer, etc. – Medical / Healthcare Esoteric Language & Nuances • WMTS = Wireless Medical Telemetry Services • Regulatory Requirements: HIPAA / HITECH, FDA • Healthcare Digitization: PPACA (i.e., Obamacare) – ICD-9 / 10 for US = EDI Securing IoT Medical Devices
  • 6. • Vulnerabilities & Exploits – Data in Motion (DIM) Challenges • (Distributed) Denial of Service = DoS / DDoS – Disable the Device via Signal – Dick Cheney’s Heart, No Wireless • Man in the Middle (MITM) – Sniff / Alter Packets – Economic DoS (EDoS) – Data in Use (DIU) Challenges • DLP – Is sandboxing that effective? – Data at Rest (DAR) Challenges • Jailbreak • Crack Weak Cryptography Securing IoT Medical Devices
  • 7. • Hacking Examples Securing IoT Medical Devices
  • 9. • Security / Privacy By Design – Security / Privacy Requirements – Threat Modelling – Misuse Cases – Compensating Controls Securing IoT Medical Devices
  • 10. • Security / Privacy By Design – Security / Privacy Requirements • Access Controls – Mobile Medical Applications (MMAs) » Sandboxed w/ Strong Password Protections – Wearable Medical Devices (WMDs) » Self-contained with DLP Protections – Embedded Medical Devices (EMDs) » Secure, Configurable, Intuitive GUIs – Like a Wireless Router • Cryptography – Strong Encryption / Hashing for DAR / DIM / DIU – Transparent Data Encryption (TDE) » Follow the Apple Model – Homomorphic Encryption (HE) Securing IoT Medical Devices
  • 11. • Security / Privacy By Design – Threat Modelling • Performance / DDoS / Quality of Service (QoS) • Nonrepudiation – Data, Patches • False Positives – Alerts, Data Transfer • Data Retention – Misuse Cases • EDoS – Insurance – Clinical Visits • Physiological, Psychological Stress • Device Misconfiguration – Data Loss, Transaction Integrity • GPS Securing IoT Medical Devices
  • 12. • Security / Privacy By Design – Compensating Controls • SIEM Operational Awareness • Tokenization • DLP • IAM • MDM / MAM • Physical Access Controls Securing IoT Medical Devices
  • 14. • Where Do We Go From Here? – National / Industry / Workgroup Standards • FDA • HIMSS • HITRUST • NIST – Thought Leadership • OWASP • ISC2 • ISSA – Device Certification / Attestation • FDA • HITRUST Securing IoT Medical Devices
  • 15. Securing IoT Medical Devices Source: HealthInfoSec
  • 16. • Questions? • Contact – Email: smarkey@ncontrolsec.com – Twitter: @markes1 – LI: http://www.linkedin.com/in/smarkey