viernes, 5 junio 2020
Visitas totales a la web: 85799855

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Changing Requirements and Security Concerns During COVID-19

Peter Fretty

Successfully pivoting and working remote means understanding and addressing qualifications and security concerns

Operating within this temporary new norm isn’t easy for anyone. And, numerous considerations exist for manufacturers keeping the lights on during today’s new norm. This is true whether the business is pivoting to help address urgent needs resulting from the ongoing pandemic or actively leveraging a mix of on-premise and remote technologies to effectively operate.

While digital technology has proven empowering as increasingly more manufacturers leverage remote technology, navigating the new broader threat landscape is rightfully a viable concern. And, as a result, manufacturers need to plan and properly secure devices that are fast becoming more complex machines with complex functions, explains Ellen Boehm, senior director of IoT product management at Keyfactor.

“Any new connected device expands IoT attack vectors; cyber-attackers are exploiting the global crisis, and hardening device security is critical. In the case of connected medical devices, security risks can be life impacting,” says Boehm. “The pandemic is changing the way we work today, but it will also shift the industry moving forward. Manufacturers must pivot their capabilities and the way they design, develop and test remotely; these new processes may mean more automation on factory floors and the introduction of smart control systems that reduce human interaction. This is the reality today, and companies will have to accept it as a long-term scenario.”

Andy Riley, executive director at Nuspire tells IndustryWeek, the move to broader mobile device and remote access usage during this pandemic will highlight the continued erosion of the network perimeter and focus attention on endpoint security. “Companies are sure to find gaps in their remote access and mobile device strategies through this increased attention resulting in improved configuration standards that will provide benefits well after the emergent operations period is over,” he says.

Unfortunately, unsavory characters recognize the opportunity to exploit the current environment. And, as such, COVID-19 phishing emails are everywhere. According to the latest Bitdefender research, the curve of coronavirus-themed cyber threats has not flattened, and the manufacturing vertical is one of the hardest hit.

“The global daily evolution of COVID-themed threats shows consistent effort from cybercriminals and a continued interest in exploiting fear and misinformation about the global pandemic to get victims to click on malicious links, open malicious attachments, or even download and install malware,” report authors write. “Coronavirus-themed threats will likely continue under the form of spear phishing emails, fraudulent URLs and event malicious applications, all exploiting fear and misinformation in order to trick victims into unwillingly giving away personal, sensitive or financial information.”

Pivoting to medical?

Other considerations exist for those manufacturers now entrenched in creating medical grade devices or personal protection equipment. After all, equipping a non-medical factory to manufacture medical devices is a serious undertaking, according to Deborah Jennings-Conner, Director of Global Life & Health Sciences, Regulatory & Testing Assurance at UL. 

“The FDA governs this through the Quality System Regulation QSR CFR 21 part 820 which is a framework of basic requirements for manufacturers to follow.  Having a sound quality management system (QMS) is key to ensure that the products produced which enter the US market are safe and effective medical devices as cleared by the FDA,” says Jennings-Conner.  “Personnel should be adequately trained on device defects that could occur from improper job performance. Design controls are one of the major causes of device recalls and the manufacturer must ensure the device design is correctly translated into production specifications and produced according to plan.  Design changes pertaining to the product, components, packaging, labeling, or similar, cannot arbitrarily be changed mid-production.  Procedures covering processes from purchasing to production, to dealing with non-conforming products from the production line are a few examples of areas must be documented and maintained.  Under the Emergency Use Authorizations (EUAs) during the COVID-19 public health emergency, the FDA may issue guidance allowing flexibility in demonstrating full QMS compliance in order to help expand the availability of critical medical equipment and their accessories during this pandemic.”

According to Conner-Jennings, production and process controls are key areas a manufacturer must not take lightly. “Establish procedures and implement processes to ensure the product produced meets the design specifications. Substitution of components not approved by the design, making software changes that have not been validated, and allowing non-conforming finished products to be shipped, are examples of a manufacturer’s inability to produce a product that meets its predetermined design specifications and which may not be safe and effective in the field,” she says. “These critical non-conformances should not occur within a well-designed medical device manufacturing process and could lead to adverse events that are required to be reported to the FDA.”

Security Best Practices During the New Norm

  • Focus on Phishing. User awareness training on phishing is crucial, explains Riley. “Organizations will be working with new suppliers, which opens the door to additional phishing opportunities,” he says. “Employees will be receiving emails and communication from unfamiliar sources making them more susceptible to interacting with malicious links, documents, or passing along sensitive information.”
  • Reinforce protocols. Remember working remotely is new for many team members, and in many instances, it means incorporating new devices into the daily realm. Protecting the business starts with updating, patching and ensuring the use of strong (not default) passwords. “New machines may be brought in that IT staff is unfamiliar with. IT staff will need to research these devices to fully understand what they are vulnerable to and what exactly they are introducing to their networks,” says Riley.  
  • Vulnerability scanning: Vulnerability scanning is crucial whenever introducing new devices to the network – whether its IT or OT. It is possible that there are no vendor patches available to fix issues and security personnel must understand the risk associated with any device, explains Riley. “Security teams can consider DMZing any equipment that are a higher risk to minimize the ability for attackers to laterally move throughout the network or to spread malware,” he says. 
  • Tighten settings. Whether remote operation requires new equipment or reimagining the use of existing equipment, remote operation often requires external facing settings. However, Riley recommends that security teams speak with product vendors to receive trusted IP address ranges and secure devices to only allow external communication from those devices.
Fecha de publicaciónmayo 01, 2020

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos

Recomendado

Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

UME, para servir

Uno se pregunta, al ver las estadísticas de bajas, por qué no funcionarán los gobernantes con la misma prontitud y eficacia que los militares. Circula un video en el que un general, a pesar de la mascarilla, explica claramente el funcionamiento de las Unidades militares; una perfecta organización en la que un estado mayor planea y dirige las operaciones en curso, mientras otro va programando las operaciones futuras. Todo un engranaje funcionando con eficacia, en silencio y sin alardes, donde cada elemento sabe lo que tiene que hacer y cómo hacerlo, sacando el máximo rendimiento de sus escasos medios, y a pesar de lo imprevisto y desconocido de un enemigo que dio la cara cuando ya estaba dentro.

La increíble historia de los 5 amigos que han traído a España los robots antiCovid-19

Cinco amigos empezaron a pensar el 13 de marzo qué podían hacer para combatir al coronavirus, y...

Últimas noticias

When store workers are forced to turn sheriff

In Michigan, a Family Dollar security officer was shot and killed after telling a customer to wear...

Protección de datos y seguridad

La seguridad es un elemento necesario, pero no suficiente, para la garantizar los derechos y libertades de las personas con relación a...

Vitalia Home crea un protocolo de seguridad para recuperar las visitas a las residencias de mayores

Residencias de mayores: Vitalia Home crea un protocolo de seguridad para recuperar las visitas | Coronavirus España Las residencias...

La doctrina Anti Acceso-Denegación de Área (A2/AC): Una nueva aproximación a la Defensa de Costas

1. La aparición en el volumen 49 de la Revista Parameters del Ejército de los EEUU de sendos artículos sobre lo que...