The Internet of Things (IoT) is becoming an integral part of everyday life, whether we know (and love) it or not. Most industries have embraced IoT technologies due to the many benefits it offers to businesses and consumers. Healthcare is no exception, with nearly 80% of healthcare providers adopting IoT, according to Gartner. The IoT in this industry, also known as the Internet of Medical Things (IoMT), often performs life-saving tasks that are fundamental to a patient’s health and well-being. Any disturbance or breakdown in the operation of a device can have significant, even fatal consequences; therefore, IoMT vulnerabilities must be considered and managed. Additionally, the interconnectivity of Industry 4.0 means that even seemingly innocuous IoT devices – such as CVCs and smart cameras – pose a risk to the critical environment of healthcare delivery organizations (HDOs).
IoT (and IoMT) devices are inherently vulnerable. More than 50% of IoT and IoMT devices contain critical vulnerabilities, and these highly accessible devices often lack the necessary built-in security measures – a recipe for disaster. Additionally, IoT devices are sought after by malicious actors due to their access and collection of data (protected health information (PHI) having the most monetary value), as well as their connectivity. The combination of the high-stakes healthcare environment and the high-risk nature of IoT devices means security is imperative. Yet despite widespread awareness of the risks associated with IoT devices, security in this area remains weak and rudimentary, and in 2021 IoT security projects dropped an alarming 16%.
Layer 2: Limited Visibility Means Weak Authentication
IoT security starts with device authentication to ensure network access is granted only to authorized individuals. IoT devices are not 802.1x compliant, which means this authentication protocol is not suitable. Alternative authentication protocols exist, such as MACsec and MAB, both of which rely on a device’s MAC address for authentication, using Layer 2 data packets to identify this indicator. However, a database of MAC addresses must be created and maintained; more importantly, MAC addresses are easily spoofed and some devices don’t even have a MAC address, which makes MACsec and MAB authentication protocols weak. In turn, IoT devices can be mistakenly authenticated or bypass authentication altogether, subsequently gaining network access and putting the entity at risk. Ultimately, the weak point of these protocols is visibility; Layer 2 data is insufficient to identify IoT devices, and one of the biggest concerns of HDOs is that they lack the visibility to properly authenticate IoT devices.
Layer 1 Device Security: Securing Starts with Visibility
Full visibility and, in turn, reliable authentication of IoT devices requires physical layer data (Layer 1 device security). Rather than relying on traffic monitoring, Layer 1 data signals, such as noise level, voltage, signal timing, current, etc., offer more complete and in-depth information about the characteristics of the device for precise identification. Unlike a MAC address, Layer 1 flags cannot be changed, nor can devices hide themselves by operating passively or out of band. In addition, such visibility allows the detection of anomalies in the behavior of the device, which could indicate manipulation of the device. With complete visibility into IoT devices, HDOs can be confident that device authentication is accurate and reliable, and subsequent authorization processes are as well. With enhanced device authentication and authorization, the risks posed by IoT devices to the healthcare environment are minimized, as unauthorized devices do not gain access to the network, and those that are authorized are properly managed and controlled.
The interconnectedness of IoT devices means that a single exploited vulnerability can significantly disrupt healthcare operations – and when human lives are at stake, the risk is too high to take. The only way to secure IoT devices and minimize their threat to the healthcare environment is to control their access to the network, whether that means blocking a device or heavily restricting and monitoring its access. Such control starts with authentication and relies on full visibility, which can only be achieved by going all the way down to Layer 1.