WannaCry ransomware attack should push hospitals to gauge certain tech

The WannaCry ransomware attack affected hundreds of countries and hundreds of thousands of systems, including health systems. Experts discuss what healthcare orgs need to do.

In the wake of the WannaCry ransomware attack, two cybersecurity experts suggest that if hospitals are not already using techniques such as multifactor authentication and public key infrastructure certificates, they need to head in that direction.

Continue reading

 

NIST offers guidance for securing wireless infusion pumps

The National Institute of Standards and Technology has issued new guidance on securing wireless infusion pumps in hopes of hardening the devices against cyber attacks.

The federal agency issued the instructions in collaboration with the National Cybersecurity Center of Excellence (NCCoE), which is a unit within NIST.

Continue reading

NIST Issues Draft Guidance for Wireless Infusion Pumps

New draft guidance from the National Institute of Standards and Technology calls for using commercially available, standards-based technologies to improve the security of wireless infusion pumps.

NIST issued a white paper on the same topic in 2014, but it was criticized for being too prescriptive (see Infusion Pump Security: NIST Refining Guidance).

Wireless infusion pumps are commonly used medical devices that can be potentially vulnerable to accidental and malicious tampering, posing both data security and patient safety risks.

Continue reading

Security certificates gone wrong

Security certificates are designed to authenticate hosts. Browsers have become pretty good about understanding chains of authorities, and making users accept the risk when websites can’t prove the chain of authorities needed to verify they are who they say they are…

Continue Reading

Owner-controlled PKI: The next step in securing the future of IoT

Mark Weiser, known to many as the father of ubiquitous computing, stated in an article he wrote for Scientific American in 1991 that, “The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it.” The Internet of Things is quickly achieving this status as we barely recognize all the devices that are both connected to the Internet and part of our lives.

But securing these IoT devices is not an easy task, and is one topic of discussion that must remain prominent because the ramifications from a security breach could be severe. Connected devices need to have strong identity attestation, authenticate all connections, and data must be encrypted to protect system integrity…IoT requires owner-controlled PKI security posture to provide independent security control over connected devices.

Continue reading

 

FAA Seeks Digital ID for Drones

FAA Administrator Michael Huerta announced at the agency’s Unmanned Aircraft Systems Symposium in Reston, Virginia, a rulemaking effort that will lead to remote digital identification of drones and their pilots…

An effort by private industry to create a universal system for remote, digital drone identification was announced in December by AirMap, the company that launched with an online airspace recognition tool for remote pilots, collaborating with DigiCert Inc. Industry analyst Colin Snow wrote about the new technology this month, explaining in detail many implications for regulators, pilots, and other stakeholders.

Continue reading

Automating PKI for the IoT platform

In this podcast recorded at RSA Conference 2017, Jeremy Rowley, Executive VP of Emerging Markets at DigiCert, talks about automating PKI for the IoT platform and building scalable solutions for the IoT platform.

“I’m going to be talking about automating PKI for IoT platform and building scalable solutions for the IoT platform. So we have a lot of IoT devices that are being employed throughout the Internet. You have various connected vehicles, you have connected homes, you have connected cities – heck, you have even connected watches and everything else, right? But a lot of these devices don’t deploy security, meaning they’re subject to attacks. In 2015, for example, we saw attacks on various devices that include cars and medical devices and things like that. And in 2016 we even saw insulin pump taken over through a man in the middle attack where you could actually change the dosage and thus cause harm to the patient who’s wearing that insulin pump.”

“The question becomes: how do we secure these devices at scale when they’ve already been deployed or are being deployed as well as in an effective manner that can support manufacturers? ”

Continue reading

 

Evolving PKI for the Internet of Things

The rapid growth of the Internet of Things is outpacing security implementations, and the industry desperately needs to stem the tide of risks that come with it.

IDC estimates that, by 2020, the number of Internet-connected devices will surge past 200 billion. The sheer scale of this future Internet of Things means that it needs a strong security layer that is scalable, reliable and can be automated to meet the needs of a rapidly growing market.

Cryptography is one solution that can provide a strong security layer, with encryption and identity, at such a scale. And now, more than ever, security teams are looking to evolve public key infrastructure (PKI) to meet the challenges of IoT security.

Continue reading

 

Page 1 of 1312345...10...Last »