Layered Security on Mainstream IT Platforms Brings

Better threat protection

• Implementaseriesofdifferentdefensesacrossthedevice

• Defendagainstadvancedpersistentthreats(APTs),suchasStuxnet

Less support burden

• Usefamiliartechnologiesdeployedinnetworkedclients

• Minimizeefforttodetermineifadeviceiscompliant

Increased scalability

• Administerandmonitorequipmentinasimilarfashion

• Implementfuturesecuritysolutionsconsistentlyacrossthenetwork

This layered security model spans multiple layers:

hardware, virtualization, operating system and services

software

High Stakes: Medical Device Security and Patient Safety

HealthcareITmanagersknowthatmedicaldevices,suchasinfusionpumps,patientmonitors,medicaltabletsandMRIscanners,canbejustassusceptibletomalwareasstandardcomputers.Keepingthemsecureinanynetworkedenvironmentiscertainlychallenging,butthestakesareparticularlyhighfortheseparticularapplicationssincetheycanaffectpatientcareandoutcomes.

Provingthispoint,McAfee*andamedicalequipmentmanufacturerrecentlyraisedawarenessofsecurityholeswithpotentiallylifeordeathconsequences;theyidentifiedanetworkedinsulinpumpwithasecurityflawthatallowsthedevicetobehackedandsubsequentlyadministerapotentiallylethalamountofinsulintodiabetespatients.1Althoughnottypicallythetargetofcyberattacks,medicalequipmentcanbecome“collateraldamage”inamalwareoutbreak,orevenbetheweaklinkthatopensthedoortoacyberattack.Sincethereisn'tasinglesecuritysolutioncapableofaddressingallfuturerisks,mostwouldagreeit'snecessarytoincorporatethreatprotectionusingaseriesofdifferentdefensesacrossthesystem.

Why Insist on Mainstream IT PlatformsOneofthechallengesfacinghealthcareITorganizationsismanagingandsecuringalargevarietyofhardwareandsoftwaresystems.Furthercomplicatingmatters,manyequipmentmanufacturersdevelopuniquesecuritysolutions,theresultofdesigningpurpose-builtsolutionsbasedonnon-standardorproprietarycomponents.Consequently,itcanbedifficulttodetermineifthesemedicaldevicescomplywithtoday'ssecuritypoliciesandwillsuccessfullysatisfyfuturerequirementsthroughtheirexpectedlife.

Alternatively,whynottakeadvantageofthesameprovensecuritytechnologiesusedthroughouttheITinfrastructure?ThisispossiblewhenmedicaldevicesarebasedonIntel®vPro™technologydeliveredonmainstreamstandardITplatforms,whichgreatlysimplifymedicaldevicemanagementandprovidestate-of-the-artsecurityprotection.OneexampleisIntel®VirtualizationTechnology(Intel®VT),2akeyingredientinIntelvProtechnology,whichisolatesapplicationsfrommalwarebyrunningtheminsecurepartitions.AsampleconfigurationisdepictedinFigure1.

Intel® Processor with Multi-core & Virtualization Technology

Wind River Hypervisor

Communication

Port

Wind River

VxWorks*

Microsoft*

Windows* 7

Virtual Machine 1

Processor Core 1 Processor Core 2

Wind River*

Linux* Secure

Virtual Machine 2

Safety-Critical

Application

Virtual Machine 3

Human Machine

Interface

Figure1:VirtualizationExample

Threat Protection for Medical Devices

2

For More InformationMovingforward,medicaldevicesbasedonmainstreamITplatformscangreatlysimplifysecuritymanagementwhileofferingstate-of-the-artsecurityprotection.Thistopiciscoveredingreaterdetailinthewhitepaperathttp://download.intel.com/embedded/applications/medical/326505.pdf#iid=5871.

TolearnmoreabouthowIntelvProtechnologycanimproveamedicaldevice'ssecurityposture,visitwww.intel.com/vproandwww.intel.com/healthcare.

Defend Against APT-Class Threats

Stuxnet,asophisticatedAPTandcyberweaponthattargetedandsabotagedautomateduraniumenrichmentfacilitiesinIran,changedthescopeandcontextofcontrolsystemcybersecurityforever.Stuxnetraisedthebar—bycombiningstolencertificatesandmultiplezero-dayexploits.

Improvedsecuritymeasuresarerequired,suchaslockingdownmedicaldeviceswithMcAfee*EmbeddedControl*,awhitelistingapplicationthatensuresonlytrustedapplicationsandfilesarepermittedtoexecute,whileallothersareprohibitedfromlaunching.Whitelistingiswell-suitedformedicaldevicesrunningonlyknownsoftware;thepermittedcodeisenumerated,andanyapplicationorfilenotonthelistispreventedfromexecuting.

Robust Virtualization

Virtualizationallowssafety-criticalapplicationstoruninasecurepartitioncalledavirtualmachine.Intel®VirtualizationTechnology(Intel®VT)2,akeyingredientofIntel®vPro™Technology,providesanotherlayerofprotection.WithIntelVT,memoryaddresstablesaresaferbecausetheyaremanagedbythehardware,notthesoftware,makingitfarmoredifficultforavirustomanipulatethem.DeveloperscanimplementvirtualizationusingtheWindRiver*Hypervisor*,whichtakesadvantageofthehardware-assistedvirtualizationfeaturesofIntelVT.

Seven Safeguards for Protecting Medical DevicesInhealthcare,networkedmedicaldevicescanfallvictimtoalltypesofperpetratorsusingawidevarietyofmethods.Thissectionexplorespotentialvulnerabilitiesandsuggestssafeguards,implementedacrosstheplatform,thateitherhelppreventattacksorminimizetheirimpactuntilcorrectiveactionistaken.

Objective 1: Stop unauthorized data copying

PreventconfidentialpatientrecordsfromfallingintothewronghandsbyimplementingMcAfeeDeviceControl*,whichgiveshospitalITorganizationsgranularcontroloverdataprivileges,suchasspecifyingwhatdatacanbecopiedtoexternaldevices.

Objective 2: Prevent untrusted code execution

Stopworms,viruses,spywareandothermalwarefromeverexecutingbyusingawhitelistingapplication,suchasMcAfeeEmbeddedControl*,thatensuresonlyknowncodecanrun.

Objective 3: Interrogate incoming packets

DetectwhenahackerconcealsavirusinspuriouspacketsbyimplementingaWindRiver*orMcAfeefirewallonthedevicethatdiscardsunwantedpacketsandlogspackets,whichcanbeusedtoidentifypotentialmaliciousactionsatalatertime.

Objective 4: Secure data and communications

Prohibitacompromisedmedicaldevicefrombecomingabasefromwhichahackerlaunchesattacksonothersystemsonthenetworkbyusingapassword-basedauthenticationincorporatedintheWindRiverLinux*Securedistribution.

Objective 5: Prevent unintended interactions between applications

MinimizetheharmmalwarecancausebyrestrictingitsaccesstoothersoftwareelementsrunninginsecurepartitionswiththeaddedhardwareprotectionfromIntelVirtualizationTechnology(IntelVT).

Objective 6: Prevent device performance degradation due to poorly functioning code

Don'tletabadlycodedapplicationorapatchconsumecopiousamountsofCPUcyclesandpotentiallyimpactdevicesafety;instead,runcriticalapplicationsonadedicatedCPUcore,thusdeliveringafixedlevelofcomputingresources.

Objective 7: Reduce attack surface

MinimizeexposuretovirusesenteringvianetworkportsbyrunningWindRiverLinuxSecureasagatekeeper–throughwhichallcommunicationswiththemedicaldevicemustpass–creatingaprotectionlayerforotherdevicesoftware.

1 Source: www.reuters.com/article/2011/10/25/us-medtronic-cybersecurity-idUSTRE79O8EP20111025.2 Intel® Virtualization Technology (Intel® VT) requires a computer system with an enabled Intel® processor, BIOS, virtual machine monitor (VMM), and for some uses,

certain platform software enabled for it. Functionality, performance, or other benefits will vary depending on hardware and software configurations and may require a BIOS update. Software applications may not be compatible with all operating systems. Please check with your application vendor.

Copyright © 2012 Intel Corporation. All rights reserved. Intel, the Intel logo, Intel vPro and Intel Core are trademarks of Intel Corporation in the United States and/or other countries.

*Other names and brands may be claimed as the property of others. Printed in USA 0612/LS/TM/PDF Please Recycle 327597-002US