Embedded Firewall Provides Medical Devices with a Sense of Security

Author: 
Shana Leonard
ICD
Supplied as a portable source-code library, the Floodgate firewall is suited for use in products ranging from such implants as ICDs (above) to monitoring equipment.

The realization of an ever-increasing number of remote patient monitoring and telehealth applications signifies a significant step forward in chronic disease management. And while transmitting patient data over the Internet may allow for better care, it also poses new challenges to the industry in terms of ensuring device security. By protecting against packet floods and Internet-based attacks, however, an embedded firewall developed by Icon Laboratories Inc. could potentially contribute to a strong medical device defense.

“Automated hacking drones are constantly scanning Internet-connected computers looking for any vulnerability,” states Alan Grau, CEO of Icon Labs. “If a device is connected to the Internet, you need to assume it will be attacked.”

To combat these attacks, the company’s Floodgate packet filter features a two-pronged approach to device security consisting of both rules- and threshold-based filtering. The former helps to block against ‘known threats’ based on static criteria such as port number, IP address, or protocol; the latter provides real-time defense against packet floods based on network conditions. Packet floods can knock an Internet-connected product offline, resulting in communication delay or device failure, according to Grau. They can occur by accident or can be maliciously induced.

“Other technologies do the static [rules-based] processing, but are not protecting against packet floods,” Grau says. “As far as I’m aware, we’re the only company in the embedded space that provides both. It allows a lot of flexibility and a deeper level of protection.”

The need for this deeper level of protection is becoming increasingly evident as telehealth applications begin to take off and Internet-related threats become a concrete risk. “Medical devices are one of the fastest-growing segments of Internet-connected devices and easily one of the most critical when it comes to the risk of attack,” Grau says. “If your Internet-connected television fails due to a denial-of-service (DoS) attack, it will be inconvenient and may cost you time and money to resolve the problem. If an in-home medical monitoring system cannot report back to the monitoring center because of a DoS attack, the potential consequences are severe.” Several prominent research projects involving implant hacking, he adds, have further highlighted the issue of device vulnerability and the potential consequences in recent years.

Suited for use in products ranging from implants to monitoring equipment, the Floodgate is supplied as a portable source-code library that can be integrated into any new or existing medical device that supports TCP/IP communication.

Icon Laboratories Inc.
West Des Moines, IA
www.icon-labs.com