securing the fog
TRANSCRIPT
© 2015 UL LLC
Anura Fernando – Underwriters Laboratories (UL)Security of ThingsSeptember 10, 2015
Copyright © 2015 UL LLC ® All rights reserved
Securing the Fog
Anura S FernandoAnura S. Fernando is UL’s Principal Engineer for Medical Software & Systems Interoperability.
Background:• Degrees in Electrical Engineering, Biology/Chemistry, and Software Engineering• Over 17 years experience at UL with safety critical software and control systems certification;
as well as research across many industries – process automation, alternative energy, medical, hazardous locations, appliances, optical radiation, nanotechnology, battery technologies, etc.
• Research and publications in Predictive Modeling and Risk Analysis, Cybersecurity, Systems of Systems, Software, Health IT, Apps, and Medical Device safety.
• Projects with numerous Fortune 500 companies, DoD, DoE, DHS, FDA, FCC, ONC, NASA and several U.S. National Laboratories
Additional experience relevant for this discussion/audience:• Contributed to the development of several standards involving software and Functional Safety
as a member in IEC, ISO, ASME committees and Expert Task Force member.• UL lead for the development of the AAMI/UL 2800 family of eHealth standards for
interoperable medical device interface safety.• Member of the Federal Advisory Committee FDASIA WG to the Health IT Policy Committee,
FDA Medical Device Interoperability Coordinating Council, Medical Device Interoperability Safety Working Group, Health Information Management Systems Society, Association for the Advancement of Medical Instrumentation, and the International Council on Systems Engineering
Not too long ago, we were pretty focused on what could be done in the cloud…
Slide 3
http://gcn.com/Blogs/Pulse/2012/12/VA-cloud-Office-365-for-600000-users.aspx
Now we’re equally interested in what is happening around the cloud…
Slide 4http://www.slate.com/blogs/future_tense/2014/08/05/oregon_gulch_fire_photos_show_pyrocumulus_clouds_and_fighter_jets_over_wildfire.html
What do we call this new domain?...the “Fog”
Slide 5
http://www.bahrainweather.gov.bh/education_fog
…fog computing covers…the IoE
Slide 6http://www.sintef.no/home/Information-and-Communication-Technology-ICT-old/Software-Engineering-Safety-and-Security/Research-groups/Model-Based-Systems/Ubiquitous-and-mobile-computing/
What is “fog computing” (or edge computing)
Slide 7http://www.frontiersin.org/files/Articles/78030/fnhum-08-00370-r2/image_m/fnhum-08-00370-g001.jpg
The fog uses pervasive computing technologies
Slide 8
http://2.bp.blogspot.com/-afr-gp6eyl
http://www.untitledname.com/archives/upload/2005/10/bicyclist-cell-phone.jpg http://i-cdn.phonearena.com/images/articles/84906-image/wear.png
…with many sensors creating many possibilities
Slide 9
https://blogs.synopsys.com/configurablethoughts/2012/05/sensing-your-world/
…and new sensor technologies emerging regularly
Nanotechnologies integrated with textiles
10
H Zhao et al, Nanotechnology 21 (2010) 305502
Combining wearables with network technologies…
Slide 11
http://ualr.edu/sxyu1/Research.htm
In a “microbiome” of wearable sensors…
http://www.bizjournals.com/sanjose/news/2013/06/21/216-million-geeky-americans-want.html?s=image_gallery
…we can become the “quantified self”
Slide 13
http://www.thethinkingbench.com/the-year-of-the-quantified-self-revolution/
So what risks may lie ahead?
Slide 14
http://www.smarterbusiness.org.uk/business_targets/view/minimiserisks
Understanding new science…What makes fog?
Slide 15
http://www.wsaz.com/blogs/askjosh/53290657.html
Understanding new science…what makes “fog”
Slide 16Image extracted from Systems Engineering Fundamentals. Defense Acquisition University Press, 2001
Analyzing Risk: Hazard Based Safety Engineering
17
…or Data …or Process
Slide 18
HazardousEnergySource
TransferMechanism
SusceptiblePart
HBSE Premise
ENERGY TRANSFER
INJURY
AND
INADEQUATEPERSONAL
SAFEGUARD
PERSONALSAFEGUARD
FAILURE
NOPERSONAL
SAFEGUARD
OR
INADEQUATEPERSONALAVOIDANCE
AVOIDANCENOT
POSSIBLE
AVOIDANCENOT
ATTEMPTED
OR
BODILYEXPOSURE
AND
INADEQUATEEQUIPMENTSAFEGUARD
EQUIPMENTSAFEGUARD
FAILURE
NOEQUIPMENTSAFEGUARD
OR
INADEQUATEEQUIPMENTSAFEGUARD
EQUIPMENTSAFEGUARD
FAILURE
NOEQUIPMENTSAFEGUARD
OR
HAZARDOUSENERGY
AND
(EVENT)
OR
(EVENT)
OR
HBSE Standard Injury Fault Tree
No
No
IDENTIFY ENERGYSOURCE
IS SOURCEHAZARDOUS?
IDENTIFY MEANS BY WHICHENERGY CAN BE
TRANSFERRED TO A BODY PART
DESIGN SAFEGUARD WHICHWILL PREVENT ENERGY
TRANSFER TO A BODY PART
MEASURE SAFEGUARDEFFECTIVENESS
IS SAFEGUARDEFFECTIVE?
DONE
Yes
Yes
HBSE Process
…or Data …or Process
Analysis Drives UL’s Safety Testing and Certification
Applying HBSE to Wearable Technologies
19
HazardousEnergySource
TransferMechanism
SusceptiblePart
HBSE Premise
…or Data …or Process
Are there any hazards?
We can see some WT IoE risks
20
Optical Radiation(LASER, UV, etc…)
Privacy, Security, Performance if used by Dr(Cryptographic verification, HIPAA)
Acoustic Energy Data Integrity, Usability
Even some unique new problems can arise…”cybersickness”
21
• Eye strain• Headache
• Pallor• Sweating
• Dryness of mouth• Fullness of stomach
• Disorientation• Vertigo2• Ataxia3• Nausea
• Vomiting. Viola, SIGCHI Bulletin Volume 32, Number 1 January 2000
Different layers of the IoE system require different risk considerations
22
http://sebokwiki.org/wiki/Applying_Life_Cycle_Processes
What about “big data” from the IoE…
23
http://www.districtoffuture.eu/index.php/mod.pags/mem.detalle/id.10/relcategoria.1077/relmenu.5
Where is all this data stored? Is it secure? Is it correct? Can I trust it?...
Slide 24
Big data problems can be due to little differences in context
Slide 25
https://blogs.synopsys.com/configurablethoughts/2012/05/sensing-your-world/
Who should get a reduced premium?
Slide 26
http://www.unfitbits.com/http://www.nutripro.net/become-a-morning-jogger/
Who is a hacker?
Slide 27
http://www.unfitbits.com/http://impulse.coreatcu.com/opinions/2014/10/30/hacker-culture-bank-account-mine/
http://www.gizmag.com/funtoro-bus-coach-infotainment-system/15056/
A hacker is…• Someone who exploits imperfections of the system for personal or
organizational (e.g. nation state) gain.
Slide 28
http://sebokwiki.org/wiki/Applying_Life_Cycle_Processes
http://ww
w.ibis-instrum
ents.com/index.php?link=en/m
enu/2211/protocol-analysis
http://www.quora.com/What-is-wireless-sensor-network-WSN-technology
Different kinds of wearables bring different risks
Slide 29Created by Beecham Research in Partnership with Wearable Technologies Group
http://www.hl7standards.com/blog/2013/09/12/redesigning-wearable-tech/
Managing complexity is a key to security
Slide 30
http://scholar.lib.vt.edu/ejournals/JOTS/v32/v32n1/images/mcquade1.jpg
Defense in depthSecurity risk
control
AssetBreach
PrivilegeControl
Managing breaches and elevation of privilege
Architecture can promote safety, security, and robustness
Sensor A and B faildangerously due
to CCFSensor A failsdangerously
Sensor B failsdangerously
Sensor systemfails dangerously
Specifications, standards, codes, and regulations can help guide architects and developers
Slide 33
Regulations
Standards
Specifications
Codes
Case Study – Healthcare (ASTM F2761 ICE architecture)
Slide 34FDA Recognized Consensus Standard
The growing Medical IoT
Slide 35
New solutions: low cost pervasive technologies
36
All this data could help improve healthcare
Slide 37http://www.cs.purdue.edu/homes/bertino/IIS-eHealth/images/ehealth_full.jpg
The medical Internet of Things (mIoT)
Digital health devices — defined as “an internet-connected device or software created for detection or treatment of a medical indication”
— saved the US healthcare system $6 billion last year in the form of improved medication adherence, behavior modifications and fewer emergency room visits. They predict that savings will grow to $10 billion in 2015, $18 billion in 2016, $30 billion in 2017 and $50 billion in 2018.
- Accenture
38
UL participates with government agencies to establish perspectives on risk
39http://www2.idexpertscorp.com/images/uploads/ehr.jpg
http://static.ddmcdn.com/gif/wireless-network-1a.jpg http://www.commercialintegrator.com/
i /
FDA Safety and Innovation Act (FDASIA WG)
Regulators are balancing risk and innovation…
FCC Requirements for MBAN and FDA MOU – 24 May 2012
FDA Guidance: RF Wireless Technology…– 13 Aug 2013
FDA Guidance for Home Use Devices – 24 Nov 2014
FDA Draft Guidance: General Wellness (Low Risk) – 20 Jan 2015
FDA Guidance: Mobile Medical Applications – 25 Sept 2013
EC Guidance Document – Qualification and Classification of stand alone software (MEDDEV 2.1/6) – Jan 2012
FDA Final Rule: MDDS – 15 Feb 2011
FDA Guidance: Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices – 9 Jan 2015
FDA Guidance: Management of Cybersecurity – 2 Oct 2014
Consumer product or medical device?
A medical device1 is "an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is:recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them, intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or
intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes."http://www.fda.gov/aboutfda/transparency/basics/ucm211822.htm
41
Labeling can make all the difference…
42
http://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/ObesityDevices/ucm350134.htm
Treat Obesity vs. Manage Weight
The struggle to characterize relative riskProposed in 2015 draft guidance on low risk general wellness devices
Whether a device is low risk for purposes of this guidance is determined by whether or not the product:
1) is invasive;
2) involves an intervention or technology that may pose a risk to a user’s safety if device controls are not applied, such as risks from lasers, radiation exposure, or implants;
3) raises novel questions of usability; or
4) raises questions of biocompatibility.
43
Consumer products may be regulated too
US Consumer Product Safety Commission- Consumer Product Safety Improvement Act (e.g. wearable tech considered
childrens’ “jewelry”)- Mechanisms to facilitate recalls
US Federal Trade Commission- Federal Trade Commission Act (e.g. FTC levies fines against melanoma
detection apps…”lacks adequate evidence to support their claims”…) - …”unfair or deceptive acts or practices in or affecting commerce; (b) seek
monetary redress and other relief for conduct injurious to consumers”…
Occupational Safety and Health Administration- Most employees in the US come under OSHA jurisdiction (e.g. NIOSH
recommendations for body-worn RFID)
44
Not just in the US
EU data protection reform allows penalties up to 100m Euros
Ongoing attempts to strictly regulate cybersecurity in China has included tight controls of supply chain and significant IP disclosures for imported products.
Cyber security is one of Australia's national security priorities under the Prime Minister's 2008 National Security Statement. Australia's national security, economic prosperity and social wellbeing rely on the availability, integrity and confidentiality of a range of information and communications technology. This includes desktop computers, the internet, telecommunications, mobile communications devices and other computer systems and networks.
45
Standards and regulations can stimulate thinking about the problem space.
46
Is the data properly encrypted?
47
)))))))Cryptographic Verification
http://img.mit.edu/newsoffice/images/article_images/20110214123646-1.jpg
What if my wearable interacts with health IT systems?
WWW
Acme Insurance
Are there new risks to consider?
49
WWW
Acme Insurance
How secure are my data exchanges?
1001010010100101101010
Has my data been compromised (even a little)?
51
1001010010100101101010X
Single Event Upset or Data Corruption
EXAMPLE:
How do I respond when service is lost?
52
No DataEXAMPLE:
Reduce the likelihood of breaches
53
Addressing such system robustness issues in general can minimize weaknesses that hackers could exploit.
Slide 53
http://sebokwiki.org/wiki/Applying_Life_Cycle_Processes
http://ww
w.ibis-instrum
ents.com/index.php?link=en/m
enu/2211/protocol-analysis
http://www.quora.com/What-is-wireless-sensor-network-WSN-technology
Standards can help establish assurance cases
Slide 54
https://buildsecurityin.us-cert.gov/bsi/1051-BSI/version/default/part/ImageData/data/Assurance_Cases_and_LifeCycle_Processes.png
Safety Standards
Regulators Leverage Standards
Aug 6, 2013 FDA Recognized Consensus Standards Support Interoperability:
There are 25 new standards grouped mainly into three categories:
1. Managing risk in a connected and networked environment;
2. Nomenclature, frameworks and medical device specific communications, including system and software lifecycle process;
3. Cybersecurity including standards from the industrial control systems arena that are relevant to medical devices.
Coming soon:AAMI / UL 2800 – interoperable medical device safety
http://www.securedgenetworks.com
Technology is enabling rapid product innovation andnew safety standards and regulations are emerging
56
IDEAPRODUCT
& SERVICE
Managing innovation and regulatory change
UL supports WT and IoE developers through supply chain and sustainability services
Slide 57
Throughout the entire product lifecycle to address safety, security, and performance
Slide 58
Thank You
59