Apply Now to Attend Nexus Conference 2025
Claroty Nexus Logo
Topics:
See all in Cyber Resilience See all in Articles
See all in Videos
See all in Podcasts
florence-hudson-picture_edit.jpg
Healthcare
Internet of Things
Risk Management
Cyber Resilience

Nexus Podcast: Florence Hudson on the IEEE/UL 2933 Clinical IOT Cybersecurity Standard

Michael Mimoso
/
Apr 1, 2025

Subscribe and listen to the Nexus podcast on your favorite platform.

The prevalence of connected clinical IoT devices such as wearable patient monitoring systems that measure and report on anything from glucose levels to heart rates means there’s a level of maturity to these deployments. 

While these devices are crucial to optimal patient care, their maturity doesn’t necessarily include cybersecurity. Many of these devices lack, or were not designed with, security features such as authentication and data protection in mind. 

This has brought forward a call for security and interoperability standards such as the IEEE/UL 2933 Standard and Framework for Clinical IoT Data and Device Interoperability with TIPPSS. Approved in September 2024, it serves as a framework based on the TIPPSS (trust, identity, privacy, protection, safety, and security) principles in order to improve and secure data exchanges between devices.

On this episode of the Nexus Podcast, Florence Hudson, the standard’s working group chair and founder and CEO of FDHint, described how the standard was born, who was involved, and what the ultimate goal is for adoption. 

“We started this whole effort in 2015, to give you a feel for how long it takes to develop some of these standards,” Hudson explained, recalling discussions with peers about a lack of end-to-end security and trust in an increasingly connected world as IoT emerged as an enterprise technology.

“We started talking about the challenges and all the places that we have to worry about this: connected vehicles, supply chain, water systems, smart grids, healthcare,” Hudson said. “We said, ‘Let's do healthcare first because if you hack an implanted medical device, you could immediately kill a human. So that has an immediate value proposition. And then our vision was to bring TIPPS across all the cyber physical systems. So we did some initial work and then started the working group in 2019.”

The TIPPSS principles are key here; they establish a framework for trust between devices as they relay private patient information between devices and centralized systems. Devices built according to the standard aim for security and resilience, and must meet and maintain a security baseline anchored on a risk-based approach that includes secure development principles. 

Other security foundations are accounted for, including the protection of data in transit, secure end-to-end communications, vulnerability management, integration with other facets of the cybersecurity ecosystem, and event handling.

“I want (the standard) to be in the fabric of what we do in connected healthcare care and eventually in all other domains too, like the smart grid with programmable logic controllers, all the way down to the critical pieces of the system,” Hudson said, adding that her working group is essentially in an advocacy phase now trying to bring awareness of the standards to OEMs, CISOs, others in the C-suite, developers, chipmakers, and more. “We really want to see everyone be aware of it. We want it to be a part of the culture.”

Healthcare
Internet of Things
Risk Management
Cyber Resilience
Michael Mimoso
Editorial Director

Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.

Stay in the know Get the Nexus Connect Newsletter
Subscribe
Listen on Apple Podcasts. Listen on Spotify Podcasts.
Share
LinkedIn Twitter Facebook Email
Featured Articles
Considerations for Medical Device Vulnerability Remediation Technical Debt in OT Environments: How It's Different and Why it Matters The Purdue Model's Risky Blindspot
Featured Videos
Browse by Topics
Cyber Resilience Cybersecurity Insurance Federal Food & Beverage Healthcare Industrial Internet of Things Nexus Conference Operational Resilience Operational Technology Ransomware Risk Management Technical Debt Vulnerability Management Zero Trust
You might also like… Read more
On this episode of the Claroty Nexus Podcast, Mike Holcomb, global lead for ICS and OT cybersecurity at engineering and construction solution provider Fluor, discusses his advocacy and efforts to educate engineers and IT cybersecurity professionals in the nuances of protecting operational technology and industrial control systems.
Operational Technology
Operational Resilience
Vulnerability Management
Industrial

Nexus Podcast: Mike Holcomb on Starting and Succeeding in OT Cybersecurity

Michael Mimoso
Ron Fabela joins the Nexus podcast to discuss his research into low-skilled threat actors targeting operational technology and industrial control systems. Many of these groups operate as hacktivists and carry out less sophisticated defacements and intrusions. While less of a risk, these incidents are still a drain on human resources required to investigate them and decided on mitigation strategies.
Industrial
Vulnerability Management
Risk Management
Operational Technology

Nexus Podcast: Ron Fabela on Low-Skilled OT/ICS Threat Actors

Michael Mimoso
On the latest episode of the Claroty Nexus Podcast, Munish Walther-Puri, adjunct professor at the Center Global Affairs at New York University, describes a homegrown scale OT cybersecurity incidents called the Infrastructure Cyber Incident Scale, which takes into account an incident's magnitude, intensity, and duration.
Industrial
Operational Resilience
Operational Technology
Risk Management

Nexus Podcast: Munish Walther-Puri on Developing a Scale for OT Cybersecurity Incidents

Michael Mimoso
Brian Foster, senior advisor for grid security at Southern California Edison, joins the Nexus Podcast to discuss his presentation delivered at the S4 Conference on the risks of a hyperconnected grid. Adding a Wi-Fi connection to vulnerable smart meters that are enrolled by customers on a massive scale may allow attackers able to compromise centralized command and control of these devices to issue commands at scale that could result in catastrophic damage.
Industrial
Internet of Things
Operational Technology
Cyber Resilience

Nexus Podcast: Brian Foster on the Risks of a Hyperconnected Power Grid

Michael Mimoso
Matthew Rogers, ICS Cybersecurity Strategy & R&D Lead at CISA, joins the Nexus Podcast to discuss the agency's and its international partners' release of a procurement guide for operational technology (OT) owners and operators . The guide describes 12 OT cybersecurity elements that buyers should be looking for, and hopefully influencing automation and control system vendors to implement. Rogers hopes this initiative not only gives OT asset owners some agency during procurement, but also to creates a market-influenced demand among leading vendors to integrate these security elements by default into OT products.
Cyber Resilience
Operational Technology
Industrial

Nexus Podcast: CISA on Secure-by-Demand for OT

Michael Mimoso
On this episode of the Nexus Podcast, Team82 researcher Noam Moshe provides some technical details on the IOCONTROL malware, a Linux-based backdoor used to infect critical infrastructure around the world. IOCONTROL has a modular architecture that allows it to be configured for IoT, OT, and SCADA devices.
Internet of Things
Operational Technology

Nexus Podcast: Noam Moshe on the IOCONTROL Malware

Michael Mimoso
Team82’s Noam Moshe discusses state actor targeting of OT, why it’s so challenging to develop ransomware for OT and industrial control systems, and the mitigation strategies available to defenders of cyber-physical systems.
Cyber Resilience
Internet of Things

Nexus Podcast: Team82 on Attacking the Insecure IoT Cloud

Michael Mimoso
On the Claroty Nexus Podcast, Volexity founder Steven Adair explains details on his research team's disclosure of the Nearest Neighbor Attack. The attack introduced a new tactic used by a prolific advanced persistent threat group, Russia-linked APT 28, that put a new spotlight on the security of Wi-Fi, and the risk to users and devices connected to those networks.
Cyber Resilience
Vulnerability Management
Risk Management

Nexus Podcast: Volexity’s Steven Adair on the Nearest Neighbor Attack

Michael Mimoso
In this episode of the Nexus Podcast. Runsafe Security CEO and cofounder Joe Saunders examines the motivations of these adversaries, the targeting of memory-based vulnerabilities in embedded systems prevalent in OT and healthcare, and how initiatives such as secure-by-design/default/demand can make a dent in ensuring the resilience of critical infrastructure.
Cyber Resilience
Industrial
Healthcare

Nexus Podcast: Joe Saunders on Advanced Attacks Against Critical Infrastructure

Michael Mimoso
Claroty Chief Strategy Officer Grant Geyer recaps and provides important context to the results of a Claroty survey looking at the impact of business disruptions resulting from cyberattacks on cyber-physical systems. The survey queried 1,100 cybersecurity leaders and practitioners globally on questions about the disruptive impact of attacks on operational technology, connected medical devices and systems, building automation systems, and the internet of things.
Industrial
Healthcare
Ransomware
Cyber Resilience
Operational Resilience
Operational Technology

Nexus Podcast: Grant Geyer on the Business Impact of Disruptions from Cyberattacks

Michael Mimoso
In this episode of the Nexus Podcast, Alethe Denis, a senior security consultant at Bishop Fox, joins to discuss the ongoing effectiveness of open-source intelligence analysis and social engineering tactics as a precursor to larger intrusions against critical infrastructure.
Cyber Resilience
Healthcare
Industrial
Risk Management

Nexus Podcast: Alethe Denis on Social Engineering, Red-Teaming

Michael Mimoso
On this episode of the Nexus Podcast, Alon Dankner of the Technion Institute in Israel explains his research into the Siemens S7 protocol and PLCs. A vulnerability uncovered during research allows an attacker to expose and steal private cryptographic keys by leveraging a severe vulnerability and configuration error.
Operational Technology

Nexus Podcast: Alon Dankner on Extracting Private Crypto Keys from PLCs

Michael Mimoso
Latest on Nexus Podcast
See all episodes
The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.
florence-hudson-picture_edit.jpg
Healthcare
Internet of Things
Risk Management
Cyber Resilience

Nexus Podcast: Florence Hudson on the IEEE/UL 2933 Clinical IOT Cybersecurity Standard
On this episode of the Claroty Nexus Podcast, Mike Holcomb, global lead for ICS and OT cybersecurity at engineering and construction solution provider Fluor, discusses his advocacy and efforts to educate engineers and IT cybersecurity professionals in the nuances of protecting operational technology and industrial control systems.
Operational Technology
Operational Resilience
Vulnerability Management
Industrial

Nexus Podcast: Mike Holcomb on Starting and Succeeding in OT Cybersecurity
On the latest episode of the Claroty Nexus Podcast, Munish Walther-Puri, adjunct professor at the Center Global Affairs at New York University, describes a homegrown scale OT cybersecurity incidents called the Infrastructure Cyber Incident Scale, which takes into account an incident's magnitude, intensity, and duration.
Industrial
Operational Resilience
Operational Technology
Risk Management

Nexus Podcast: Munish Walther-Puri on Developing a Scale for OT Cybersecurity Incidents