Securing complex cyber-physical medical device landscapes

Dr. Ulrich Lang, Founder & CEO, ObjectSecurity - Published in ISSA Journal April 2018

Home|Securing complex cyber-physical medical device landscapes

The Internet of Things (IoT) is the network of physical devices, vehicles, home appliances and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these objects to connect and exchange data[i]. The IoT is going to be transformational – significantly impacting most industries and parts of society. Experts estimate that the IoT will rapidly grow to 30 billion objects within just two more years[ii] (for comparison, in 2015, there were approximately 4.9 million things connected to the internet).

Importantly, IoT will also play a major role in achieving “smart healthcare” to improve patient care/experience, efficiency, and outcomes. Hospitals already use many medical devices today (e.g. numerous monitoring and pump devices etc.), though mostly not in a very interconnected fashion. Presently, in most cases, there is a human (e.g. nurse) in the loop to ensure safety, because the devices in use have not been designed with the security in mind that is required for autonomous operation (e.g. monitoring). According to the latest research, US Department of Health plans to (eventually) save up to USD 300 billion from the national budget due to medical innovations[iii].

Such future medical device landscapes pose many cybersecurity and privacy challenges because most of these are “cyber-physical” systems where cybersecurity breaches (and other failures) would directly impact the physical safety of patients.

Today, Medical IoT is not fully matured yet, leading to a disconnect: Health IT is increasingly interconnected, while information security is not keeping up. This limits “smart healthcare” improvements and health IoT in general: in this emerging environment, hospitals need to prioritize patient safety first, which means medical devices are often not integrated; since humans are usually in the loop, there isn’t much need for automation. This leads to inefficiencies, and patient care/experience is not as good as it could be. Yet, having humans in the loop actually creates its own risks.

In this article we will present innovative approaches to cybersecurity that should be considered to securely integrate medical device landscapes (and many other IoT environments) in the coming years as IoT rapidly matures. The article is based on the results of several government-funded R&D projects, in particular a research project to secure a cyber-physical medical environment (for Defense Health Program, DHP[1]), and a research project to automate access control policy testing (for National Institute of Standards and Technology, NIST[2]).

The presented approach comprises several parts:

  1. Integrated Clinical Environment: OpenICE ( is an initiative to create a community implementation of an Integrated Clinical Environment (ICE). The initiative encompasses not only software implementation but also an architecture for a wider clinical ecosystem to enable new avenues of clinical research. The OpenICE project is run by MD PnP. Our research uses the OpenICE reference implementation and DocBox’s implementation as an ICE layer.
  2. Secure Device Communications: The Data-Distribution Service (DDS) ( provides secure publish-subscribe communications for real-time and embedded systems. DDS introduces a virtual Global Data Space where applications can share information by simply reading and writing data-objects addressed by means of an application-defined name (topic) and a key. DDS features fine and extensive control of QoS parameters. Our research uses RTI DDS Connext (, a leading DDS implementation provided by Real-Time Innovations (RTI), Inc. OpenICE uses RTI DDS as a communications layer.
  3. Security Policy Automation simplifies the management and technical implementation of security policies. It allows security professionals to manage rich security policies consistently in one place and often automatically technically enforce the managed policies across many devices, layers and technologies. Our research uses ObjectSecurity OpenPMF (, a leading security policy automation product, which generates technical policy enforcement for DDS, networks etc. from generic security policies and imported information about users, systems, applications, networks etc.

By |April 13th, 2018|General|Comments Off on Securing complex cyber-physical medical device landscapes