healthcare cybersecurity: what’s next4g lte architecture. nist mobility efforts. 14 other mobility...
TRANSCRIPT
![Page 1: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/1.jpg)
1
Healthcare Cybersecurity: What’s Next
CYB6, March 5, 2018
Kevin Stine, Chief, Applied Cybersecurity Division
National Institute of Standards and Technology
![Page 2: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/2.jpg)
2
Kevin Stine has no real or apparent conflicts of interest to report.
Conflict of Interest
![Page 3: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/3.jpg)
3
Agenda• Cybersecurity in Healthcare
• NIST’s Cybersecurity Purpose
• Key Cybersecurity Activities and a Look to the Future
• Discussion and Questions
![Page 4: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/4.jpg)
4
Learning Objectives• Discuss how the interdependencies of the healthcare sector with
other sectors introduce complexity into cybersecurity defense
• Describe advancements in technology for cybersecurity defense and how such technology may help your organization in the future
• Explore potential scenarios for the future and what to expect and plan for in the future in the realm of cybersecurity
![Page 5: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/5.jpg)
5
Cybersecurity in Healthcare“The growing convergence, interconnectedness,
interdependence, and global nature of cyber and physical
systems means that cybersecurity must be better managed
in all contexts—international, national, organizational, and
individual.”
“While the threats are real, we must keep a balanced
perspective. We should be able to reconcile security with
innovation and ease of use. … We need to preserve those
qualities while hardening it and making it more resilient
against attack and misuse.”
-- Report on Securing and Growing the Digital Economy,
Commission on Enhancing National Cybersecurity, 12/1/2016
The health care system cannot deliver
effective and safe care without deeper digital
connectivity. If the health care system is
connected, but insecure, this connectivity
could betray patient safety, subjecting them to
unnecessary risk and forcing them to pay
unaffordable personal costs.
-- Report on Improving Cybersecurity in the Health
Care Sector, Health Care Industry Cybersecurity
Task Force, 12/1/2016
![Page 6: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/6.jpg)
6
Cultivate trust in information and
technology…
why.
![Page 7: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/7.jpg)
7
how.
… By conducting foundational &
applied research to produce and
advance standards, best practices,
measurements, and reference
resources
![Page 8: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/8.jpg)
8
Internet and Communications
Infrastructure
Risk Management
Cryptography
Education and Workforce
Development
Vulnerability Management
Identity and Access
Management
Transition to Practice
what.
![Page 9: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/9.jpg)
9
Managing Cybersecurity Risk in the Enterprise
![Page 10: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/10.jpg)
10
Understanding, Managing, and Communicating Cybersecurity Risk
• What processes and assets need protection?
• What safeguards are available?
• What techniques can identify incidents?
• What techniques can contain impacts of
incidents?
• What techniques can restore capabilities?
https://www.nist.gov/cyberframework
![Page 11: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/11.jpg)
11
IoT Adoption on the Rise
The Challenge
Fostering security for devices and data in the internet of
things (IoT) ecosystem, across industry sectors and at
scale
Program Mission
Cultivate trust in IoT and foster an environment that
enables innovation on a global scale.
![Page 12: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/12.jpg)
12
Develop & apply standards, guidelines,
and related tools to improve the
cybersecurity of connected devices and the
environments in which they are deployed.
Cybersecurity for IoT
https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program
![Page 13: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/13.jpg)
13
NIST Mobility Guidance
NIST SP 800-124
Managing Enterprise Mobile Devices
NIST SP 800-163
Vetting the Security of Mobile Applications
NIST SP 800-157
Guidelines for PIV Derived Credentials
NIST SP 800-187
Guide to LTE Security
Provides recommendations for
selecting, implementing, and using
mobile management technology.
Helps organizations understand,
plan, and implement a mobile app
security review process.
Technical guidelines for a
standards-based, secure, reliable,
interoperable PKI-based PIV
infrastructure.
Provides a security analysis of the
4G LTE architecture.
NIST mobility efforts
![Page 14: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/14.jpg)
14
Other Mobility Projects
Mobile Single Sign On
Using 2 separate management
technologies to demonstrate a
standards-based mobile deployment.
Identify security objectives,
determine best practices, and
analyze the security of devices on
the marketplace.
Analyze current OTA methods to
determine the security posture for
OTA and possible recommended
enhancements.
Demonstrate a Public Safety SSO
architecture incorporating existing
multiple authentication platforms.
NIST mobility efforts
Mobile Device Security for Enterprises
Handset & Wearable Security
Over the Air SIM Updates
![Page 15: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/15.jpg)
15
Accelerate adoption of
secure technologies:
collaborate with innovators
to provide real-world,
standards-based
cybersecurity capabilities
that address business needs
NIST’s National Cybersecurity Center of Excellence
![Page 16: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/16.jpg)
16
Standards-based Apply relevant industry standards to each
security implementation; demonstrate example
solutions for new standards
ModularDevelop components that can be easily
substituted with alternates that offer equivalent
input-output specifications
RepeatableProvide a detailed practice guide including a
reference design, list of components,
configuration files, relevant code, diagrams,
tutorials, and instructions to enable system
admins to recreate the example solution and
achieve the same results
Commercially availableWork with the technology community to identify
commercially available products that can be
brought together in example solutions to
address challenges identified by industry
UsableDesign blueprints that end users can easily and
cost-effectively adopt and integrate into their
businesses without disrupting day-to-day
operations
Open and transparentUse open and transparent processes to
complete work; seek and incorporate public
comments on NCCoE publications
Core Tenets
![Page 17: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/17.jpg)
17Source: ZingBox, “Threat Report
on IOT Medical Devices,” 1/25/18
Imaging Systems rank #2 in Number of
Connected Medical Devices
Imaging Systems Lead in Security Alerts
![Page 18: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/18.jpg)
18
Securing Wireless Infusion Pumps in Healthcare Delivery Organizations
https://nccoe.nist.gov/projects/use-cases/medical-devices
• Today’s wireless infusion pumps connect to a variety of
healthcare systems, networks, and other devices.
• While this can improve delivery of care, this can also increase
cybersecurity risk.
• Apply security controls to the pump’s ecosystem to protect
infusion pumps and their surrounding systems against various
risk factors.
• Guidelines demonstrate how to securely configure and deploy
wireless infusion pumps to reduce cybersecurity risk.
![Page 19: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/19.jpg)
19
Securing Picture Archiving and Communication Systems
https://nccoe.nist.gov/projects/use-cases/health-it/pacs
• PACS are nearly ubiquitous throughout healthcare delivery
organizations, allowing remote image review by users.
• They interact with various healthcare systems and functions,
and are central to doctor-patient workflow management.
• This project intends to provide a practical solution for securing
the PACS ecosystem, including a reference design and example
solution.
![Page 20: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/20.jpg)
20
Cybersecurity: What’s Next
• Cloud
• Mobile
• IoT
• Data Integrity
• Cryptography
• Blockchain
• AI/ML
![Page 21: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/21.jpg)
21
Some Closing Thoughts…
![Page 22: Healthcare Cybersecurity: What’s Next4G LTE architecture. NIST mobility efforts. 14 Other Mobility Projects Mobile Single Sign On Using 2 separate management technologies to demonstrate](https://reader033.vdocument.in/reader033/viewer/2022041721/5e4f07d99686d4275961b0b7/html5/thumbnails/22.jpg)
22
Questions
Kevin Stine
contact us.
@NISTcybe
rNIST.gov/topics/
cybersecurity