INDUSTRY WATCH
Implementing a TPM can form a cornerstone for cyber resiliency , network security , identity and attestation , enabling organizations to uncover and mitigate any deviations from normal device behaviour .
As a result , communications between any devices found in the network can be trusted , and any ‘ trojan horses ’ deployed by attackers can be swiftly dealt with .
For smaller devices , such as sensors found in medical equipment , these are supported through the Device Identifier Composition Engine ( DICE ) specification .
A special security key is provided to each firmware layer found in a device , which is then combined with the previous identifier from the level above and a measurement of the current one to create a strong line of security . In the event of a successful attack .
When new medical supplies and technologies are brought into the hospital , the security measures carried out are reliant on human intervention . This includes the monitoring the alignment of labels to verifying the authenticity of serial numbers , neither of which are cost and time effective .
At the same time , as digitalization of systems increases , so too does the number of patients reliant on telehealth services .
Leveraging digital communication technologies can enable patients to be proactive in managing their own healthcare , with devices like tablets and smartphones commonly used to access medical services .
It also lets doctors , nurses and other professionals to remotely provide support without leaving a site .
The unique key provided means an exposed layer cannot be used to infiltrate further elements of the device . Sensors and other technologies can be re-keyed should tampering be discovered within the firmware , giving institutions the tools to identify vulnerabilities throughout a system ’ s update process .
Strong measures for your own networks is one thing , but these can quickly be made redundant if security isn ’ t up to scratch across the entire supply chain .
As institutions cannot directly manage the security of other organizations within the chain , or their patient ’ s own devices , they must rely on standards bodies to protect the general ecosystem with enhanced security measures .
This can come through Firmware Integrity Measurement ( FIM ), devised to determine the health of multiple endpoints within a network .
Through the guidelines provided by the specification , institutions can review the integrity of devices during the manufacturing stage and offer a baseline measurement that allows for security result comparisons throughout .
The FIM specification verifies that an endpoint device has been received by the end user and matches their exact order .
The FIM can then be measured and compared to the Reference Integrity Measurement ( RIM ) to detect whether the hardware has been compromised .
At any point of a supply chain , manufacturers can determine the integrity of a device , allowing institutions to trust the devices once used by patients to access sensitive medical data .
Hacking attempts will no doubt increase in volume and sophistication , but standards bodies continue to evolve to overcome the growing threat landscape .
It is imperative that healthcare institutions continue to adhere to the latest standards and specifications to protect their networks and patient well-being . p
74 INTELLIGENTCIO APAC www . intelligentcio . com