Mobile-as-a-Medical-Device (Security) David Kleidermacher Chief Security Officer, BlackBerry dave.kleidermacher@gmail.com
Mobile Devices in Medical Cardiology Pacemakers Defibrillators Oncology Drug delivery Neurology Deep brain stimulation Infertility Drug delivery Radiology Mobile ultrasound Endocrinology EMR Diabetes management Bariatric therapy Secure drug prescription Telemedicine 2 2016 BlackBerry. All Rights Reserved. 2
Assurance Lack of assurance is the most significant problem in cybersecurity today 3 2016 BlackBerry. All Rights Reserved. 3
Safety Assurance vs. Security Assurance Using an insulin pump a billion times on millions of people provides high assurance the pump will be clinically safe for the next user Using an insulin pump a billion times on millions of people provides NO assurance the pump can protect the millions of people against hackers It is dangerous to think we can understand our obligations by applying policies, laws, and arguments concerning older technologies and issues - Deborah Johnson 4 2016 BlackBerry. All Rights Reserved. 4
Internet of [Insecure] Medical Things 5 2016 BlackBerry. All Rights Reserved. 5
Muddy Waters May Aug Sep Oct Jan 6 2016 BlackBerry. All Rights Reserved. 6
The Hidden Disease of Security Vulnerability 7 2016 BlackBerry. All Rights Reserved. 7
Assurance Programs: Role of Government FDA do not establish any legally enforceable responsibilities NIST has no plans to develop a conformity assessment program. NIST encourages the private sector to determine its conformity needs, and then develop appropriate conformity assessment programs 8 2016 BlackBerry. All Rights Reserved. 8
Other Industries? 9 2016 BlackBerry. All Rights Reserved. 9
Other Industries? EMVco Eurosmart Common Criteria Works! (How the smart card industry uses the CC) https://www.commoncriteriaportal.org/iccc/9iccc/pdf/b2501.pdf AVA_VAN.5! 10 2016 BlackBerry. All Rights Reserved. 10
Ideal Assurance Program Risk-based approach to security functional requirements definition Scientific approach to security evaluation Efficient (cost and time) Continuous improvement Open and inclusive (international, all stakeholders) 11 2016 BlackBerry. All Rights Reserved. 11
DTSec: https://diabetestechnology.org/dtsec.html Connected healthcare devices Efficiency: reuse ISO/IEC 15408/62304/14971 + focus on vuln assessment Protection Profiles for device families (first: diabetes) Accredited evaluation labs UL, BrightSight, Booz Allen Assurance maintenance 12 2016 BlackBerry. All Rights Reserved. 12
Diabetes: A Global Emergency 13 2016 BlackBerry. All Rights Reserved. 13
Trajectory to a Promising Future Banting Research Foundation acs.org Future possibilities 14 www.diabetes.org www.medtronicdiabetes.com First insulin pump: www.medscape.com Biostator: openi.nlm.nih.gov 2016 BlackBerry. All Rights Reserved. 14
Medical Apps Domain Consumer App Store Apps Consume r app Consume r app Consume r app Consume r app Encryption Managed Medical Domain (TEE) Medical app Authentication Medical app Mobile Device 15 2016 BlackBerry. All Rights Reserved. 15
Connected Medical Device vs. Mobile Medical Device Security Capability Hospital Infusion Pump Secure Android Smartphone Firmware authenticity CRC HW-backed verified boot Independent security certification None CTS, NIAP, DTSec (planned) On-device anti-malware None Yes, VerifyApps and 3 rd party ML-based threat detection None Yes, SafetyNet and 3 rd party Remote security attestation None Yes, SafetyNet and 3 rd party Rapid vuln patching None Yes Security contextual APIs None Yes Data-at-rest protection None Yes Protected network channels No Yes HW-backed crypto key storage No Yes Hardened Linux kernel Custom with unknown options, config, content; no memory protection Permroot difficulty Trivial Not rooted Fully vetted, 16 hardened kernel (chip manufacturer, OEM, Google) 2016 BlackBerry. All Rights Reserved. 16
Call to Action Get behind DTSec (and similar) and get involved Bring me your secure mobile medical app needs industry scollaboration is needed We must have a balanced, risk-based discussion about security tradeoffs in medical Do not unnecessarily frighten consumers and patients But we need to do MUCH better in gaining their confidence 17 2016 BlackBerry. All Rights Reserved. 17
No One Has Been Killed Yet 18 2016 BlackBerry. All Rights Reserved. 18
Thank You! MEDSEC: Security and Privacy for the Internet of Medical Things May 23-24, 2017 San Jose, CA medsecmeeting.org dave.kleidermacher@gmail.com 19 2016 BlackBerry. All Rights Reserved. 19