Welcome to the third edition of Dellfer Insights, a series curated by our VP of Channels, Shawn Lorenz. The series highlights notable industry news, key takeaways, and why it matters to combat the next cyberattack. This month we wrap up our medical device series and then move to a hot topic all the kids are talking about – cars, cars, cars.
💡Dellfer Insight #1: Recap of Health-ISAC Webinar – Medical Devices Breaking Bad: A Discussion Around Security
In sponsorship with H-ISAC, Dellfer hosted a webinar on February 7th focused on Medical Devices and led by Pete Fonash. We had a very experienced and insightful panel representing industry and regulatory viewpoints. It was more than your run-of-the-mill webinar. The discussion was lively. A special thanks to all of the panelists for delivering a very impactful webinar;
- Phil Englert – Director of Medical Device Security, Health-ISAC
- Thomas Ruoff – Chief, Methodology Branch within the Vulnerability Management Division, DHS, CISA
- Gopal Iyer – Senior product Security Analyst, Intuitive
- Srik Soogoor – President, Maxxsure
- Shawn Lorenz – VP Channels, Dellfer
- Pete Fonash – Advisor, Dellfer
Topics included recent research on the high percentage (89%) of healthcare organizations that have experienced a cyber-attack in the last year, affecting both patient outcomes and Medical Devices named the primary target. Also, the FDA’s new regulatory Bill of Material (and other) requirements and recent warnings by the FBI call out medical device vulnerabilities.
Interesting insights on the large number of devices in the hospital environment and much of the risk is unknown. The importance of OT as well as IT, was emphasized. The role of manufacturers and their concerns that 70% are running on unsupported operating systems. Hospital networks have to be considered untrustworthy. Suggestions were offered on how to approach managing this infrastructure. Who is responsible in hospitals for device security? What happens to the Legacy devices? Communication between industry and hospitals is the most repeated comment among the panelist for the session. “Shared responsibilities” is how H-ISAC views this interaction.
For the complete playback webinar: https://youtu.be/AXabztRto6k
Additional white paper:
💡 Dellfer Insight #2: Yes, Virginia, millions of cars will be hacked.
As we discuss IOT security with key players in the auto industry, there is often a slightly awkward point in the conversation when we all realize that the potential for the mass hacking of millions of cars is more than possible. Delivering this message of potential doom is a lonely job some days. “Who else knows about this?” I was asked last week. Then it happened. The Wall Street Journal published an article titled “Could Electric Vehicles Be Hacked?” on Monday. Welcome to the discussion WSJ; perhaps we have reached an inflection point with the media.
There is certainly a risk that hackers will target all cars, not just electric cars and trucks. The article notes that electric vehicles are packed with many more electronic components and software, which malicious actors will, if not already have, exploited. Additionally, connected cars rely heavily on communication networks, charging stations, and the internet, presenting potential vulnerabilities.
“The nightmare possibility: Hackers spread malicious software to thousands or millions of EVs.” There are more attack surfaces with each new model year; more connectivity. Now is a good time for the topic to come out of the shadows.
Why It Matters:
There is a reason that the discussion of a mass casualty attack on entire fleets of cars has a certain inevitability tone. We now know the answer to the question, “is it possible?” We also know that existing bolt-on security models attempting to secure networks are insufficient. Resiliency is needed in the automobile ECU to defend itself from attack. Dellfer’s ZeroDayGuard is integrated into the source code of the ECU to deliver the industry’s highest level of device hardening. Good timing.