Sec4IoMT: Security for the Internet of Medical Things
As more and more medical devices are getting connected, the makers of embedded medical systems (in the Internet of Medical Things, or IoMT) are facing new and complex challenges: They are dealing with critical infrastructure, in which specially certified, connected high-tech products are installed and used around the world and need to be readily upgradeable. Reliability and availability are paramount. At the same time, increasing connectivity also increases the likelihood of attacks. One reason for this is that medical technology, including e.g. sophisticated and expensive diagnostic instruments integrated into OR facilities, will usually be used for a long time and have to stay protected with regular software updates and security measures to guard against cyberattacks. All of this makes the development and availability of trustworthy electronics for use in such critical infrastructures an immensely important consideration for medical technology enterprises.
Modular concepts and “security retrofitting” with automated patches and updates for software, cryptographic capabilities and the necessary keys make it possible to keep the level of protection for (medical) products up for a long time and guarantee the integrity of the products’ identities with upgradeable certificate and key management. Security updates to even individual devices need to be handled with care for the medical devices to be and remain certified and for them to work reliably with other devices in the field. The relevant standards for the integrity of the certified functionality are determined by the legal requirements in force and need to be fulfilled; on top of this, the backward compatibility that is needed to ensure the continued interoperability of devices in the network must not open up new inroads for would-be attackers.
The consortium behind the “Security for the Internet of Medical Things” project (or “Sec4IoMT” for short) is committed to finding and proving solutions for the long-term security of IoMT devices in critical infrastructures.
As part of the project, Wibu-Systems is developing security architectures for upgradeable communication software, both at the end points in the field (such as the cybersecure sharing of patient data in telemedicine) and in the form of upgrade infrastructures that maintain cybersecurity, such as the upgrading of cryptographic algorithms for retrofitting or the sharing of the necessary keys and certificates.