Biomedical companies can join universities to counter cyberattacks

Biomedical companies can join universities to counter cyberattacks

With the recent cyberattacks that have affected essential industries in the United States, workforce training and cybersecurity research have become even more critical. A timely joint effort by the FDA and the UCSF-Stanford Center for Excellence in Regulatory Science Innovation (CERSI) to educate the biomedical engineering and manufacturing communities on cybersecurity has resulted in a Cyber ​​Security Seminar Series. One of the recent webinars “Cybersecurity for Biomedical Engineering”, addresses what the field of biomedical engineering can learn from research and academic programs in integrated cybersecurity.

The speaker, Kevin T. Kornegay, PhD, is a professor of IoT security and director of the Cybersecurity Policy and Assurance (CAP) Center for Academic Excellence in the Department of Electrical and Computer Engineering at Morgan State University in Baltimore, MD. Kornegay explained the CAP Center’s role in the medical field, which is to “provide the defense and intelligence community with the knowledge, methodology, solutions, and highly trained cybersecurity professionals to mitigate the penetration and manipulation of cyberphysical infrastructure.” of our nation,” according to Kornegay.

Students in the program learn how to ensure the safety and efficacy of medical devices, pharmaceuticals, and more, in part through the CAP Center’s dual purpose of research. Integrated cyber security is currently emphasized as cyber attacks on technology within medical products become more prominent.

Embedded systems operate within physical objects connected to the Internet of Things (IoT) to perform dedicated functions within larger mechanical or electrical systems for industries such as medical and pharmaceuticals.Embedded systems operate within physical objects connected to the Internet of Things (IoT) to perform dedicated functions within larger mechanical or electrical systems for industries such as medical and pharmaceuticals.

Embedded systems operate within physical objects connected to the Internet of Things (IoT) to perform dedicated functions within larger mechanical or electrical systems for industries such as medical and pharmaceuticals. Critical infrastructure then becomes dependent on its embedded systems for distributed control, monitoring, data collection, and other uses, making these systems targets for hacking, intrusion, and physical manipulation.

The times when embedded systems become vulnerable listed in the webinar included:

  • hardware implementations
  • Software and firmware errors
  • Implementation of protocols and standards
  • system integration
  • User errors (due to the use of default passwords, phishing attacks, etc.)

Kornegay further explained that hackers have the ability to understand the weaknesses and vulnerabilities of systems. In a medical environment involving applications on patients’ smart devices, collecting data to send to the cloud where medical providers can access it, hackers who break through to control IoT devices in such an environment can prevent communications , holding patient information hostage, among other things. .

There are a multitude of ways hackers can attack a system.There are a multitude of ways hackers can attack a system.

There are a multitude of ways hackers can attack a system, using intended channels such as keyboards, displays, Bluetooth, and WiFi, and unwanted channels such as power consumption, EM radiation, sound, and temperature. And their attacks can be passive (analyzing the behavior of the device) or active (changing the behavior of the device). Many attacks can be prevented through employee training, although taking other cybersecurity measures reduces the chance that attackers will find a way in. However, security is an added layer of cost and lengthens the product-to-market cycle, deterring some companies from investing in such security. measures.

Kornegay stated that the current solutions the industry relies on for protection are not viable in the long term and must be replaced with transformative solutions.

“You have seen in the media many instances of various types of cyberattacks on our supply chain and various infrastructures,” Kornegay said. “But our tactic to address the problem is to use reverse engineering techniques to assess the security of these embedded systems, because embedded systems are the heart of many systems.”

At Morgan University’s CAP Center, students are researching and testing security methods that range from the edge, where devices reside, to the cloud. The center’s facilities range from laboratories to a zero-trust data center and its own IT department separate from that of the university.

At Morgan University's CAP Center, students are researching and testing security methods that range from the edge, where devices reside, to the cloud.At Morgan University’s CAP Center, students are researching and testing security methods that range from the edge, where devices reside, to the cloud.

Morgan University’s workforce development plan helps them recruit talented students, starting with summer courses for middle and high school students. The university has achieved a 30% female ratio in the program and plans to grow and maintain an even higher ratio through the workforce development plan.

The program and the Center are funded by and partner with organizations such as:

  • National Science Foundation (SaTC Frontier, CyberCorps, NRT, EIR)
  • National Security Agency (investigation and cybersecurity directorates)
  • NIST Preparation Program
  • NASA Jet Propulsion Laboratory
  • MITER
  • JHU Applied Physics Laboratories – Smart Campus
  • Northrop Grumman: IoT Security and RF Fingerprinting

Kornegay said that the program seeks to involve more medical companies in its final projects. “The way to access our students is to establish a partnership with us,” she said. “Our five doctorates. students graduating in May will go to NSA, JHUAPL, NIST and MITRE. So become a member and get in line.”

For those experienced engineers already working in the field who want to train to enhance their knowledge and skills with the latest research findings, Kornegay listed opportunities that include workshops, training segments, talks offered at other universities like OSU, and certifications. Helping professionals transition into this space is just as essential as educating the future workforce. She further suggested opening a dialogue with her cybersecurity colleagues to increase awareness and understanding of cyberattacks and to diversify investigation teams, as data shows that diversified teams lead to better solutions.

Watch the webinar on YouTube here: “Cybersecurity for Biomedical Engineering.”

Leave a Comment