Discussing what effective IoT security standards would look like and what government and industry leaders are doing to bring them about.
American Enterprise Institute panel, hosted by AEI’s Shane Tews, including Health-ISAC’s Director of Medical Device Security, Phil Englert.
Recording of Panel, available here:
Some quotes from Phil Englert pulled from the discussion:
We’re heading toward zero trust, where every ID is validated, best in class, the protections need to be commensurate with the risk created. Like going through TSA at the airport, you’re willing to stand in line for a certain amount of security. Have controls appropriate to the risk.
Make it a New Year’s ritual to change all your passwords and be sure to keep them all unique and complicated.
There are 10-15 connected devices for every bed in an acute care facility. Data is sent to a central collection point. An acute care center is more like a mall of specialized shops than a single business unit. They don’t operate together and neither does the equipment.
We’re beginning to see a transformation where a manufacturer has bought other MDMs to own an entire department in a hospital with the hopeful intent of interoperability.
The real challenge is to recognize what is NOT normal comms. If a patient monitor speaks to a CT, we have to know that’s not normal behavior and should have an alert that it needs to be monitored.