How AI can help IoT security (with a sidenote on Medical Devices & HIPAA)

Read, or skip, to the end to see where we can meet.

As applications expand, IoT devices are becoming integrated into nearly every home, device, and organization. It is projected that by 2023, the total quantity of IoT devices will have increased twelvefold. This tremendous expansion of IoT is a growing security concern for businesses big and small, and the number of active devices is outpacing organizations’ abilities to ensure secure data transfers over the networks where these devices reside.

So what can organizations do to protect their networks and devices?

Build a Smarter Security System with AI

Companies are already using artificial intelligence and machine learning to comb through big data and gain detailed insights on everything from sales to customer satisfaction. The same methodology can be used to halt malware and hacking. With an AI-powered security solution, technicians will be able to program their systems to expect certain behaviors or levels of activity from computers, mobile devices, and IoT nodes. Anything outside those norms will trigger a warning, lock down specific areas of the network, or even halt traffic from the port the IoT device is using.

While this is not currently a standard practice, the technology is already being developed and deployed, and companies must begin to consider it. There will be a learning curve for end-users. But just as employees had to learn to deal with threats from pop-ups and viruses on their own devices, they will soon need to gain a basic understanding of how security works at the network level as well.

However an interesting counterpoint to this idea is that, in the same way that AI can be learn to protect, it can be learn to attack. Nicholas Fearn says in his article:

“The use of AI in cyber security is a double-edged sword. While businesses will see the benefits, criminals will also tap into this technology to automate attacks. He says businesses could “see criminals and nation states using innovative AI attacks to do serious harm to everything from companies’ reputations to critical infrastructure”

Security has always been a function of what it is defending against, and visa versa like an infinite Möbius strip.

Network Segmentation

Another option for organizations is one that’s already a best practice and part of ISO compliance. By segmenting the network and restricting IoT devices’ access to only the segments they need, IT departments can quarantine intrusions. That way, many IoT devices will not have wide access to network files, computers, and shares that other devices such as employees’ computers will need.

That doesn’t mean data can’t be shared. More organizations than ever are moving to the cloud. They can keep IoT devices on a separate network connection, thus protecting other devices from threats that might infect the IoT nodes. Before moving data to the cloud, they can analyze it and scrub it to ensure it’s clean. Data that are infected or abnormal can be quarantined, never reaching the cloud or infecting other network devices.

Medical Data Scrubbing and HIPAA

In the field of medical IoT and connected medical devices in general, it is standard practise to remove all identifying metadata in this way. The US Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets the standard for what is sensitive patient data and how this data can be handled and transferred in the US, and is a de-facto global standard. In developing medical device solutions, we need to be HIPAA compliant, which means understanding what needs to be secured, and finding a balance between security implementation and usability.

We Can Help Develop Your Next Product (HIPPA compliant, or not)

I will be at ATA Chicago April 27 – May 1, and the San Francisco Bay Area May 2 – May 9. See our latest customer product, the Visionflex ProEX, at ATA. Get in touch to meet me.