The National Academies Press

Currently Skimming:

5 Applied Cybersecurity Division
Pages 28-36

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 28... ... 1800 series document.2 Three projects that the NCCoE briefed to the panel were securing wireless infusion pumps, secure interdomain routing, and trusted cloud. 1 In addition to the University of Maryland System, nine other universities from around the country are members: University of Alabama, Birmingham; University of Delaware; George Mason University; Massachusetts Institute of Technology; Purdue University; University of California, Berkeley; University of Illinois; University of Texas, Dallas; and University of Texas, San Antonio. Read the entire page →
From page 29... ... working with system administrators of operational large clouds to assess how the hardened individual machines can be managed at scale. The NCCoE initiated the Securing Wireless Infusion Pump project with the goal of applying the cybersecurity framework to devise a set of specific security measures that could enable health-care delivery organizations such as hospitals to use wireless infusion pumps for drug delivery without introducing undue risks such as compromise of personal information or unauthorized modifications to drug dosage. Read the entire page →
From page 30... ... Furthermore, complex solutions such as the network partitioning approach proposed for protecting infusion devices run a significant risk of being misconfigured by operators or users. The publication Securing Wireless Infusion Pumps in Healthcare Delivery Organizations3 does provide some general recommendations for mitigating and responding to residual risks. Read the entire page →
From page 31... ... 6 NIST, 2018, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (Final Public Draft) , Draft NIST Special Publication 800-37: Revision 2, Gaithersburg, Md. Read the entire page →
From page 32... ... It is important that strong leadership be exercised to keep the group focused on achievable important goals, and to keep alignment with other cybersecurity efforts within ITL, particularly within the NCCoE. Privacy Engineering In recent years major Internet technology companies created a privacy engineering function that is distinct from security and legal concerns. Read the entire page →
From page 33... ... The NCCoE wireless infusion pump project was conducted by a team from NIST, the NCCoE FFRDC, and technical employees from infusion pump and security product developers who comprise a major fraction of the market for such products. Thus, the solution reflects significant expertise in security products and their use, and in the real-world configuration and operation of infusion pumps and related information technology (IT) Read the entire page →
From page 34... ... A project of the scope and credibility of the NCCoE wireless infusion pumps security effort is likely to attract broad interest in the medical device and cybersecurity communities. The latter attraction offers the ACD the opportunity to seek adversarial analysis and feedback that will make the solution more credible and effective. Read the entire page →
From page 35... ... The infusion pump project is a good model for the creation of NCCoE products that are likely to be used. The NCCoE Secure Interdomain Routing group has a plan for appropriate dissemination of the results, but the effort is not yet to a level of maturity where that is appropriate. Read the entire page →
From page 36... ... The results from this proactive monitoring should then be disseminated (e.g., by the NIST Special Publications 1800 series) and appropriately incorporated into future NCCoE laboratory projects. Read the entire page →

From page 28...

... 1800 series document.2 Three projects that the NCCoE briefed to the panel were securing wireless infusion pumps, secure interdomain routing, and trusted cloud. 1 In addition to the University of Maryland System, nine other universities from around the country are members: University of Alabama, Birmingham; University of Delaware; George Mason University; Massachusetts Institute of Technology; Purdue University; University of California, Berkeley; University of Illinois; University of Texas, Dallas; and University of Texas, San Antonio.

Read the entire page →

From page 29...

... working with system administrators of operational large clouds to assess how the hardened individual machines can be managed at scale. The NCCoE initiated the Securing Wireless Infusion Pump project with the goal of applying the cybersecurity framework to devise a set of specific security measures that could enable health-care delivery organizations such as hospitals to use wireless infusion pumps for drug delivery without introducing undue risks such as compromise of personal information or unauthorized modifications to drug dosage.

Read the entire page →

From page 30...

... Furthermore, complex solutions such as the network partitioning approach proposed for protecting infusion devices run a significant risk of being misconfigured by operators or users. The publication Securing Wireless Infusion Pumps in Healthcare Delivery Organizations3 does provide some general recommendations for mitigating and responding to residual risks.

Read the entire page →

From page 31...

... 6 NIST, 2018, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (Final Public Draft) , Draft NIST Special Publication 800-37: Revision 2, Gaithersburg, Md.

Read the entire page →

From page 32...

... It is important that strong leadership be exercised to keep the group focused on achievable important goals, and to keep alignment with other cybersecurity efforts within ITL, particularly within the NCCoE. Privacy Engineering In recent years major Internet technology companies created a privacy engineering function that is distinct from security and legal concerns.

Read the entire page →

From page 33...

... The NCCoE wireless infusion pump project was conducted by a team from NIST, the NCCoE FFRDC, and technical employees from infusion pump and security product developers who comprise a major fraction of the market for such products. Thus, the solution reflects significant expertise in security products and their use, and in the real-world configuration and operation of infusion pumps and related information technology (IT)

Read the entire page →

From page 34...

... A project of the scope and credibility of the NCCoE wireless infusion pumps security effort is likely to attract broad interest in the medical device and cybersecurity communities. The latter attraction offers the ACD the opportunity to seek adversarial analysis and feedback that will make the solution more credible and effective.

Read the entire page →

From page 35...

... The infusion pump project is a good model for the creation of NCCoE products that are likely to be used. The NCCoE Secure Interdomain Routing group has a plan for appropriate dissemination of the results, but the effort is not yet to a level of maturity where that is appropriate.

Read the entire page →

From page 36...

... The results from this proactive monitoring should then be disseminated (e.g., by the NIST Special Publications 1800 series) and appropriately incorporated into future NCCoE laboratory projects.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

5 Applied Cybersecurity Division Pages 28-36

5 Applied Cybersecurity Division
Pages 28-36