The highest priority items that required protection in the hospital campus included:
• Protecting the high voltage power supply systems (securing the IEC61850 protocol)
• Securing critical BMS systems (using DPI for ModBus and BACnet protocols): HVAC, electrical, elevators and water/wastewater systems; monitoring the safe usage and storage of medical gases; and monitoring the temperature control systems in cold-storage appliances used for medicine, experiment specimens, organs and corpses.
• Monitoring various HazMat sensors
Most of the challenges are due to the way the hospital campus and its data networks evolved over the years, as a patchwork of disparate systems and no segmentation between critical systems:
• OT and IT systems that share the same LAN, with only nominal firewall protection
• Lack of segmentation between facilities and systems
• Separate operational—but not security— monitoring interfaces for different systems
• No procedures in place for patching or hardening devices, leaving the hospital to rely on vendors for initiating perdevice maintenance
• No system for securing & logging maintenance operations.
iSID’s Map View graphically displays all assets, business processes and connections, and enables users to drill down to each asset’s properties and threats