Toward a Safe and Secure Medical Internet of Things
these standardization efforts are effectively incomplete due to a lack of appropriate security analysis.
Regulators are also noting the importance of incorporating security for safety and privacy in the medical domain. The FDA is calling for medical device manufacturers to address cyber-security issues for the entire lifecycle of the device: from the initial design phase through deployment and end-of-life [ 8 ][ 9 ]. Although these calls are in the form of draft guidelines for ensuring device security and interoperability, there is evidence that the FDA intends to use them as a basis for clearing medical device submissions [ 26 ]. This seems to be addressing the traditional lack of incentive for medical device manufacturers to incorporate necessary security mechanisms in their products for fear of complicating regulatory approval [ 27 ].
In this paper, we present recent research on protecting the communications within ICE based on the fine-grained security mechanisms provided by the OMG Data Distribution Service( DDS) standard. In Section 2, we provide a background on ICE and the components that comprise ICE systems. We provide an overview of the DDS standard suite, which forms the connectivity platform of OpenICE [ 4 ]; OpenICE is the ICE reference implementation. We also briefly introduce the DDS Security architecture for granularly protecting DDS-based communications. Sections 3 and 4 go over our analysis, developed prototypes and results.
Real-Time Innovations( RTI) and the Medial Device Plug-and-Play( MD PnP) Program at the Massachusetts General Hospital have collaborated on this research. We are planning on applying our findings to the Industrial Internet Consortium’ s Connected Care Testbed.
2. BACKGROUND 2.1 Background on Integrated Clinical Environments( ICE)
The ICE framework, as defined by the ASTM F2761-09 standard [ 1 ] provides an approach for integrating heterogeneous medical devices and coordinating their activities to automate clinical workflows. From a high-level perspective, the idea behind ICE is to allow medical devices that conform to the ICE standard, either natively or using an after-market adapter, to interoperate with other ICE-compliant devices regardless of manufacturer. A similar paradigm has existed for many years in the personal computing domain, leading to an explosion of devices supporting WiFi, USB or Bluetooth standards. A similar approach in the medical domain, if done correctly, would enable dramatic improvements to patient safety. Known examples include patient transfers from the Operating Room( OR) to Intensive Care Units( ICU) or reducing false alarms in Patient-Controlled Analgesia( PCA) systems. In both of these examples, cross-vendor inter-device communications significantly reduces preventable medical errors [ 2 ].
Figure 1 depicts the general architecture of ICE and how it maps to the equipment of a test-bed setup at the MD PnP Interoperability Lab.
- 6- June 2016