The Internet of Things (IoT) is becoming an integral component of everyday life – whether we know (and like) it or not. Most industries have adopted IoT technologies thanks to the many benefits they provide for enterprises and consumers. Healthcare is no exception, with nearly 80 percent of healthcare providers adopting IoT, according to Gartner. IoT in this industry, also known as the Internet of Medical Things (IoMT), often carries out vital tasks that are fundamental to a patient’s health and wellbeing. Any disruptions or breakdowns to a device’s operability can have noticeable and even fatal consequences; hence, IoMT vulnerabilities must be accounted for and managed. Moreover, the interconnectedness of Industry 4.0 means that even seemingly innocuous IoT devices – such as HVACs and smart cameras – pose a risk to the critical environment of healthcare delivery organizations (HDOs).
IoT (and IoMTs) devices are vulnerable by nature. More than 50 percent of IoT and IoMT devices contain critical vulnerabilities, and these highly-accessible devices often lack necessary built-in security measures – a recipe for disaster. Additionally, IoT devices are sought after by malicious actors thanks to their access to and collection of data (with Protected Healthcare Information (PHI) having the most monetary value), as well as their connectivity. Combining the high-stake healthcare environment with the high-risk nature of IoT devices means security is imperative. Yet, despite widespread knowledge of the risks associated with IoT devices, security in this domain remains weak and rudimentary, and, in 2021, IoT security projects dropped by an alarming 16 percent.
Layer 2: Limited Visibility Means Weak Authentication
IoT security begins with device authentication to ensure network access is granted only to those with authorization. IoT devices are non-802.1x compliant, meaning this authentication protocol is unsuitable. Alternative authentication protocols exist, such as MACsec and MAB, both of which rely on a device’s MAC address for authentication, using Layer 2 data packets to identify this indicator. However, a MAC address database must be created and maintained; more importantly, MAC addresses easily get spoofed, and some devices don’t even have a MAC address, thus rendering MACsec and MAB weak authentication protocols. In turn, IoT devices might get erroneously authenticated or bypass authentication altogether, subsequently gaining network access and putting the entity at serious risk. Ultimately, the weak spot in these protocols is visibility; Layer 2 data is insufficient in identifying IoT devices, and one of the greatest concerns for HDOs is that they lack the visibility to properly authenticate IoT devices.
Layer 1 Device Security: Securing Starts with Seeing
Complete visibility and, in turn, reliable authentication of IoT devices requires Physical Layer (Layer 1 device security) data. Rather than relying on traffic monitoring, Layer 1 data signals, such as noise level, voltage, signal timing, current, and more, offer greater and deeper insights into device characteristics for accurate identification. Unlike a MAC address, Layer 1 indicators cannot get changed, nor can devices hide by operating passively or out-of-band. Further, such visibility enables the detection of abnormalities in device behavior, which could indicate device manipulation. With complete visibility into IoT devices, HDOs can be sure that device authentication is accurate and reliable and that subsequent authorization processes are, too. With enhanced device authentication and authorization, risks posed by IoT devices to the healthcare environment get minimized as unauthorized devices do not gain network access, and those which are authorized get properly managed and controlled.
The interconnectedness of IoT devices means just one exploited vulnerability can cause significant disruptions to healthcare operations – and when human lives are at stake, the risk is too high to take. The only way to secure IoT devices and minimize their threat to the healthcare environment is to control their network access, whether that means blocking a device or restricting and heavily monitoring its access. Such control begins with authentication and relies on complete visibility, which can only be achieved when going all the way down to Layer 1.