Esmond Kane, Deputy Chief Information Security Officer at Partners HealthCare System, described how Blockchain can enhance security in the explosive era of IoT.
At the beginning of his keynote presentation at the 2016 Chief Information Officer Leadership Forum held on December 1 in Boston, Kane noted that he’s seeing a lot of common thematic elements in IT: the embrace of the Cloud, the cultural challenges around behavior, the fact that adversaries have dramatically increased their capability. “This is particularly a concern in healthcare, where we’re in that paradigm shift from IT being an enabler to being the direct engagement with the healthcare provider,” noted Kane. “Now when you meet with your doctor, you see him sitting there entering data into a computer. The next generation will be entering data from home and FaceTiming with their provider using an app on their phone. Finance and retail are already there,” he said.
“In healthcare, we’ve had to ask ourselves how we can learn to trust systems involved in patient care when the patient bedside is starting to resemble a data center.” Kane asked, “What's the cybersecurity 'apple' that protects the health of the system? What does it mean to be proactive in the cybersecurity space? Innovation is the key. In that regard, I’m going to talk about Internet of Things and Blockchain as they relate to my company.”
“In healthcare, we’ve had to ask ourselves how we can learn to trust systems involved in patient care when the patient bedside is starting to resemble a data center.”
Kane noted that, 10 years ago, mobile phone engagement was next to nothing; now there are several billion mobile phones. By 2020, there are projected to be four billion connected people, 25 million apps, 25 billion intelligent systems making decisions on our behalf, and 50 trillion gigabytes of data. “This big data allows us to predict situations rather than wait for the crisis to happen, but it comes with some hazard. Devices are getting to some level of autonomy in making decisions, and that too brings hazard,” he said.
“Big data allows us to predict situations rather than wait for the crisis to happen, but it comes with some hazard. Devices are getting to some level of autonomy in making decisions, and that too brings hazard.”
“We’re also dealing with an explosion of consumer-level devices, including wearable and embedded devices, and patients have an expectation that these will be integrated into what will become a smarter hospital,” said Kane.
In the medical device arena, Kane noted these potential risks:
• Electromagnetic interference
• Untested or defective software and firmware. “If you already have a problem with your software manufacturer, you’ve probably baked in 50% risk.”
• Theft or loss
• Denial-of-service attacks
• Unauthorized device setting changes, reprogramming, or infection via malware
• Targeting mobile health devices using wireless technology to access patient data, monitoring systems, and implanted medical devices
• Supply chain and procurement risks
• Hacking of the device
What is Blockchain? “Blockchain is a data structure that makes it possible to create a digital, distributed ledger of transactions and share it among a distributed network of computers," explained Kane. This technology uses cryptography to allow each participant on the network to manipulate the ledger in a secure way without the need for a central authority. This prevents tampering. There are generally three types of Blockchain: public, private, and consortium. “Traditional cryptography is about to break,” noted Kane. “Quantum computing is about to make it near-worthless. This Blockchain cryptocurrency is very cutting edge.”
“Blockchain is a data structure that makes it possible to create a digital, distributed ledger of transactions and share it among a distributed network of computers. This technology uses cryptography to allow each participant on the network to manipulate the ledger in a secure way without the need for a central authority."
Advantages of Blockchain include:
• Allows companies to make and verify transactions on a network instantaneously without a central authority
• Uses digital signatures
• Has computable enforcement of policies and contracts (smart contracts)
• Manages IoT devices
• Offers distributed, encrypted storage
• Trust is distributed
Potential risks of Blockchain include:
• Decentralization and trust
• Adoption by criminals
• Infrastructure attacks
Kane concluded his presentation with a security checklist for IoT, ranging from security by management to security by isolation to security by abstraction, each of which would benefit from inserting Blockchain:
• Trust the platform (mobile device management)
• Trust the container (secure container)
• Trust the app (application wrapper)
• Trust the Cloud (hybrid container)
• Trust the site (web portal)
• Trust nothing (virtual desktop)
ABOUT ESMOND KANE:
Esmond Kane is the Deputy Chief Information Security Officer in the Partners Healthcare Information Security and Privacy Office. In this role, Esmond is responsible for the operational component of the "Lighthouse" program, a radical transformation in Partners approach to security and privacy risk management. Prior to Partners, Esmond spent the previous 10 years in Harvard University, most recently helping to guide the information security program across the University including efforts in the Harvard School of Dental Medicine, the Harvard Medical School, and others. Prior to Harvard, Esmond spent 10 years in several roles and industries including KPMG and BIDMC.