ICS, MedTech, and Certified Software Updates
2022-04-26 Stefan Bamberg
As commonly known, industrial control systems are used for managing, directing, and regulating the behavior of automated industrial processes. They can be found in most every industry sector, from energy and government facilities to critical manufacturing and transportation systems. ICSs are used to continuously control a myriad of devices such as sensors, valves, pumps, and various types of motors and collect data from these external devices, create reports, trigger alarms, and send notifications to alert other devices, users, or processes.
At the core of the ICS is software, which enables the required functions and applications of the device. The software can also serve as a key differentiator from competitors, providing a host of operational features that can be licensed and turned on and off as needed. As such, not only should proprietary software be protected against theft (illicit copying), reverse engineering, and counterfeiting, but also against malicious tampering, manipulation, and even sabotage that might damage equipment and even put human lives at risk. Furthermore, creative software licensing strategies can help reduce production costs and empower producers to launch new business models and expand their portfolios with minimal effort. You can read more about how Wibu-Systems’ CodeMeter technology can enable both software protection and licensing in ICSs in the white paper, CodeMeter in the Automation Industry.
As we noted in a previous blog post, advances in ICS technology in the cloud have vastly increased the speed of data communication and the subsequent analysis of process performance, more efficient management of industrial system configurations, improved diagnostics and troubleshooting, and scalability. These advantages have become prominent in the medical device industry as well, and ICSs have become a critical component in modern, connected healthcare devices. Connected healthcare has transformed the industry with remote patient monitoring tools, wearable technology, telehealth, and other digital tools. The benefits to both patients and providers have been found to be more accurate diagnoses, fewer mistakes, and lower costs of care.
But not coincidently, at the same time the industry has seen an increased risk of IoT-related security incidents. A recent white paper from Medigate and CrowdStrike discovered that over 80 percent of healthcare organizations reported facing IoT security incidents in the past 18 months.
Further research presented in a recent report by Claroty found that healthcare IoT, IT, and medical device vulnerability disclosures have increased in recent years, signaling a need for better ICS security. Researchers found that ICS vulnerability disclosures grew by 110 percent over the last four years, with a 25 percent increase in the latter half of 2021 alone. These are not insignificant statistics and one of the main reasons why Wibu-Systems has introduced its CodeMeter protection and licensing technology into the medical device field, working with customers like Dentsply-Sirona, Agfa Healthcare, Fritz Stefan, and CUSTO MED.
One particular area of interest is CodeMeter’s ability to track and check the integrity and authenticity of software updates on medical devices. Software updates are a critical issue in the industry, as manufacturers need to be prepared to immediately respond to software bugs as they occur to eliminate any potential negative impact on patients. Required updates must be rolled out in a way that the integrity and authenticity of both the updates and the target software are protected and verified. Device makers need a way to be sure that their diagnostic or other medical devices are running only with the software and updates certified and released for them.
With Wibu-Systems’ CodeMeter technology, developers can protect and license their work, check its integrity and authenticity, or even track software updates in the field. A vendor can determine that all updates protected with CodeMeter are installed in full and in the right order. An internal counter ensures that a downloaded update can only be used once, with the software it was meant for, and not shared with other unauthorized users.
If users should miss a critical update, CodeMeter technology identifies which versions are actually in use: The most recent, required version or an older, possibly faulty version that should be replaced as soon as possible. As an added benefit, the system checks whether the software was certified for the market or region it is used in.
Wibu-Systems will demonstrate this important capability at MedtecLive with T4M, May 3 – 5, 2022 in Stuttgart, Germany, in the VDMA exhibit in hall 10, booth 124a. You can learn more about the event here.
Contributor
Stefan Bamberg
Senior Key Account & Partner Manager
After studying computer science at the Karlsruhe Institute of Technology, he worked in traffic simulation R&D before switching over to IT project management and key account management for large ICT companies. Since 2012, he is active in the Key Account Division of our Wibu-Systems sales force.