CIRA will support secure device identity management for the cohort’s new medical devices
In December we joined with our partners TELUS, Blackberry, and Solace to welcome L-SPARK Global’s first ever MedTech Accelerator cohort. The program, which features eight exciting Canadian startups, was created to accelerate new medical internet of things (IoT) devices that can help change the way healthcare services are delivered.
CIRA’s role in the MedTech Accelerator is to provide device identity management and validation support for the cohort’s new medical devices. In particular, our focus will be on ensuring that these new devices are aligned with emerging global IoT security standards so they can be implemented safely and securely.
IoT devices allow medical professionals and organizations of all types to reduce costs and improve patient monitoring and care. Unfortunately, IoT devices are notoriously vulnerable to cyber threats. Cyber criminals frequently target IoT devices to take control of the device itself, or to gain access to information inside private systems.
The risk of compromise is particularly acute in healthcare environments. Not only can internet-connected medical devices influence whether somebody lives or dies, stolen medical records fetch high prices on the black market.
More and more medical IoT devices are being adopted every day. Ensuring their security against constantly evolving cyber threats will be one of the biggest challenges facing device manufacturers, application providers, and healthcare professionals going forward.
At CIRA, we believe that device identification management is key to keeping patients and their information secure. That’s why we’re contributing the CIRA Secure IoT Registry to L-SPARK’s MedTech Accelerator platform.
While CIRA isn’t managing the actual data generated by these devices, our contribution to the platform will enable medical IoT devices to be registered, activated, and managed with zero-touch security.
As we mentioned, IoT devices are susceptible to compromise. In particular, generic IoT devices like digital sensors are often hard-coded to a given application provider or mobile network operator, which limits the administrators’ ability to securely provision and manage IoT devices in complex environments like homes, hospitals, or other care facilities.
The CIRA Secure IoT Registry changes this. It creates a single root of trust by inserting the GSMA IoT SAFE and Domain Name Security Extensions (DNSSEC) standards into the IoT device ecosystem. This enables the administrator, application service provider and network operator to trust the keys and other administrative information it receives, and prevents unauthorized attempts to change the IoT device’s ownership by malicious actors.
Put simply: it adds an additional layer of security to any IoT device equipped with a GSMA IoT SAFE-enabled eSIM, to prevent outside meddling.
While the Secure IoT Registry is still in development, it will provide MedTech Accelerator participants with a cutting-edge security framework to keep their innovations safe from malicious actors. We will also work closely with the cohort to integrate hardware and software solutions with new IoT Security standards, which CIRA has been working on now for several years.
We are confident that the CIRA Secure IoT Registry will play an important role in keeping healthcare organizations and their patients safe and secure through the next generation of IoT devices. We look forward to working with the cohort throughout 2021.
Natasha D’Souza is the Product Manager for IoT Security at the Canadian Internet Registration Authority (CIRA), the national not-for-profit best known for managing the .CA domain and developing new cybersecurity, DNS, and registry services. Natasha is an engineer by training and an expert in product development and marketing. Her favourite challenge is to take concepts ‘from idea to product launch’ in the most impactful way possible for her organization and clients. Her latest project is an innovative framework to securely provision generic Internet of Things (IoT) devices. CIRA’s Secure IoT Registry will allow the world’s IoT devices to seamlessly and securely connect between any manufacturer, owner, service provider and network operator. You can learn more at www.cira.ca/IoT.
