By Ian Contreras
With the rise of networked medical devices and the increasing importance of data-driven health care, the lines between clinical engineering and IT are becoming increasingly blurred. As a result, it is becoming more necessary for all members of the healthcare technology management (HTM) community to develop a thorough understanding of IT best practices. The OSI model and TCP/IP model are well known structured approaches in IT that can be used for medical device security. They help by identifying and addressing vulnerabilities that can be exploited by cyber attackers. Both OSI and TCP/IP provide a framework for understanding network communication and security, but they offer different perspectives. By comprehending and implementing these models, HTM personnel can help health care organizations ensure the safety and privacy of their patients while leveraging the benefits of connected medical devices.Â
Formalized in 1984, the OSI model is a theoretical model that provides a seven-layered approach to network communication. It is a model that assists with troubleshooting. The two major components of this model are the basic reference model and protocols. The basic reference model means adjacent layers work directly with each other. The lower layer feeds into the next higher layer and vice versa. The protocols are what allow for the communications between the same layers but among different hosts. In other words, layer three can communicate directly with layer two and layer four in the same machine. Additionally, machines can communicate to layer three on one host to layer three on another host. The seven layers from top to bottom are the application layer, presentation layer, session layer, transport layer, network layer, data layer and physical layer.Â
Each layer presents its own security risks and there are methods to mitigate them. The application layer is the software end-users typically interact with. It is the actual applications that use the network. For medical device security, this layer is usually deemed the most vulnerable and would involve implementing access control measures. These ensure that only authorized users can access medical device applications such as firmware updates and password management. An example of a control measure would be a login required to use a software. This ensures that the software cannot be easily controlled by remote.Â
The presentation layer deals with the formatting and presentation of the data. This layer would utilize encryption and decryption protocols to ensure that the data transmitted between medical devices and other networked devices is secure. An example of this is the use of codex, which encode and decode information. A security function of this layer is to make sure the codex is up to date and patched to limit vulnerabilities.Â
The session layer acts as a moderator by establishing and managing the connection between different medical devices, computers or servers. This layer would use authentication controls to limit user access to medical devices. It is an operating system level login.Â
The transport layer deals with reliable transmission of data between systems and hosts acting like a digital post office. It creates packets, labels them with the encryption protocols to secure transmission and assigns a port. Port control is extremely important for Access Control Lists (ACLs) as it helps identify what software the packets are usually sent to. ACLs permit or deny packet traffic based on the port number of a packet. In this way, networks can secure the flow of packets from machine to machine.Â
The network layer deals with the routing of the data across a network looking for the most efficient pathways of communication. It is the IP that we most often use to identify a machine on a network. This layer can be protected through network segmentation. In this technique, IP ranges and subnets isolate medical devices from other subnets in the overall networks. Control can be used when routing packets between these network segments. Firewalls and intrusion detection systems monitor the IP network traffic for security risks.
The data layer deals with the transmission of data across a physical link. It uses the MAC address, which is like a serial number attached to all network interfaces. Switches use MAC addresses to identify the machine attached to their connectors. Users should not be able to edit them, but some hackers can hide theirs. Therefore, watching MAC network traffic and restricting access to authorized medical devices authenticates them and is a best practice for this layer. MAC addresses can either be approved or denied access to a network on a case-by-case basis. Â
Finally, the physical layer deals with the physical components of the network such as cables and connectors. Troubleshooting involves verifying this network port is physically connected to the networking switches and routers. Control access to the network physically. Securing a devices network port and limiting entry points to network equipment offers a solid mitigation to risks.Â
Developed in the 1970s by the Department of Defense (DOD), the TCP/IP model is a more practical model that is a shortened version of the OSI model. It contains four layers: the application layer, transport layer, Internet layer and network access layer. The application layer is like the application layer in the OSI model as it is the software, codex and operating system of the machine. It would be protected by implementing secure authentication protocols as well as data storage and backup procedures. This prevents data loss and data corruption. The transport layer combines the presentation, session and transport layer in the OSI model and would also involve using the same protocols for secure data transmission between medical devices and networked systems as previously discussed. The Internet layer is like the network layer and is protected through network segmentation and firewalls. The network access layer contains the data and physical layer from the OSI model and would need to limit the number of approved MAC addresses and physical entry points to the network.
The OSI model and TCP/IP model provide a structured approach to medical device security that can reduce the risk of cyber threats. Both are used to create a comprehensive security regiment using security measures at each layer. When implementing either model for medical device security, it is important to consider the unique requirements and vulnerabilities of medical devices. Medical devices often have limited resources and may not have the processing power to implement complex security protocols. Additionally, medical devices may have longer lifetimes than traditional IT devices. This can result in outdated software and firmware that are vulnerable to cyber-attacks. The main challenge of using the OSI model and TCP/IP model for medical device security is understanding the complexity of the models. Implementing security measures at each layer requires a familiarity of the model and the ability to identify the level’s unique security risks and vulnerabilities. Other challenges include the cost of implementation and the need for ongoing maintenance and updates.
In conclusion, the increasing connectivity of medical devices has created new challenges for health care organizations in ensuring patient safety and data privacy. The OSI model and TCP/IP model provide a structured approach to medical device security. Applying best practices using these models can significantly reduce the risk of cyber-attacks. However, be aware of the common challenges and limitations that can arise when using these models for medical devices and to take steps to overcome them. By following these best practices, health care organizations can implement effective security measures to protect their medical devices. This will ensure the safety of patients.Â
Ian Contreras is a biomedical engineer with VA North Texas Healthcare System.
