SECURING MEDICAL DEVICES

In the past few years “Connected Healthcare” has turned from a dream into reality but, as with
any industry increasing connectivity, there are criminal gangs, nation state actors, or just mischief
makers who will seek to exploit this new connectivity for financial gain, cyber warfare, or just to
show they can.

As well as this direct threat to the cybersecurity of medical devices, there is also a derived threat
to other devices, as a breached or infected device may serve as the gateway, enabling the bad
guys to disrupt more devices on that network. (…)

NEW LIFE FOR OLD SYSTEMS

Included in a recent report (*), Gartner estimates that in 2020, over 30% of successful
attacks suffered by enterprises will be on data located in shadow IT resources, such as
abandoned, forgotten and legacy applications.

In numerous industries, legacy systems may be running on old hardware and/or using
operating systems that can’t be easily updated but may be required to continue to operate
for a few years more since replacing them would require a re-design of the complete
architecture requiring substantial cost and resource.

The problem is, to extend the useful life of these systems they often need to communicate
with new computers or systems, over networks carrying different flows of information, but
which may also contain malware. (…)

Legislation and certification : NIS DIRECTIVE

Cybersecurity threats are almost always cross-border, and a cyberattack on the critical facilities of one country can affect the EU as a whole. EU Member States therefore need to have strong governmental bodies that supervise cybersecurity in their country, especially in sectors that are critical for our societies, and to work together with their counterparts in other Member States by sharing information.

They agreed with the EU to ensure this by adopting the NIS Directive (Directive on security of Network and Information Systems), which all countries have now implemented. This Directive was reviewed at the end of 2020.

Legislation and certification : Proposal for a revised NIS Directive (NIS2)

As a result of the review process, the new legislative proposal has been presented on 16 December 2020. 
This proposal is part of a package of measures to improve further the resilience and incident response capacities of public and private entities, competent authorities and the Union as a whole in the field of cybersecurity and critical infrastructure protection. It is in line with the Commission’s priorities to make Europe fit for the digital age and to build a future-ready economy that works for the people.

The proposal builds on and repeals the current NIS Directive. It modernises the existing legal framework taking account of the increased digitisation of the internal market in recent years and an evolving cybersecurity threat landscape.
Proposal for a revised Directive on Security of Network and Information Systems is accompanied by an impact assessment, which was submitted to the Regulatory Scrutiny Board (RSB) on 23 October 2020 and received a positive opinion with comments by the RSB on 20 November 2020.

A new Cybersecurity Strategy

On 16 December 2020, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented a new EU Cybersecurity Strategy.

The Strategy covers the security of essential services such as hospitals, energy grids and railways and ever-increasing number of connected objects in our homes, offices and factories, building collective capabilities to respond to major cyberattacks and working with partners around the world to ensure international security and stability in cyberspace. It outlines how a Joint Cyber Unit can ensure the most effective response to cyber threats using the collective resources and expertise available to the EU and Member States.

The EU Cybersecurity Act

The Cybersecurity Act (in force since June 2019) strengthens the role of ENISA: the agency now has a permanent mandate, and got empowered to contribute to stepping up both operational cooperation and crisis management across the EU. It also has larger financial and human resources than before.

#1 FILE TRANSFER SOLUTION FOR ICS

SECLAB + KUB
Deploy & Enforce your Antimalware Policy for your most Critical Assets.

Protect both form malware and USB or Netword-based attacks.

ICS CYBERSECURITY – 2020
Electronic AirGap Technology by Seclab

  • Complying with laws & security requirements for Operators of Essential Services;
  • Ensuring your antimalware policy is applied on all your industrial assets;
  • Receiving genuine software updates from your vendors on your critical networks;
  • Doing remote maintenance, monitoring and cyber-supervision.

White Paper : The best way to protect your OT network.

The technology is called Electronic Air Gap, and the product Secure Xchange™. The robustness of our solution has been proven by our customers using the most sophisticated test systems, including those used by NATO.

Secure Xchange allows you to give your users full bi-directional communications between systems on the IT and OT networks, while at the same time providing the same total protection against network-layer attacks that the data diode vendors provide.


 

The Secure Xchange Story

Is there any way that you can secure your OT network, yet still allow interactive access to applications, databases and protocols?


ANSSI – Recommandations relatives à l’interconnexion d’un système d’information à Internet.
As a national authority (France), ANSSI reports to the General Secretary for Defence and National Security (SGDSN). SGDSN assists the Prime Minister in fulfilling his responsibilities in terms of national defence and security.


Les recommandations R6, R8 et R9 concernent la nécessité de cloisonner les systèmes.
R6 : Les chaînes de traitement distinctes doivent être construites et cloisonnées physiquement de préférence.
R8 : Procéder à une rupture protocolaire des flux.

Les solutions Seclab (Electronic Air Gap) répondent à cette exigence de cloisonnement des systèmes.


Banque de France – ACPR

Risque informatique et cybersécurité dans le domaine des banques et établissements financiers.