Wi-Fi Alliance WPA3 Launch Improves Healthcare Network Security

January 11, 2018 - Wi-Fi Alliance announced security enhancements and new features for its Wi-Fi Protected Access (WPA) Wi-Fi CERTIFIED technologies. These upgrades will improve healthcare network security by refining configuration, authentication, and encryption to keep up with evolving security threats.

The upgrades include continued improvements on WPA2 as well as the launch of WPA3, which will simplify the process of configuring device security without compromising network security.

“Wi-Fi security technologies may live for decades, so it’s important they are continually updated to ensure they meet the needs of the Wi-Fi industry,” SAR Insight & Consulting’s Joe Hoffman said in a statement. “Wi-Fi is evolving to maintain its high-level of security as industry demands increase.”  

WPA is a standard that provides security as different devices are sending and receiving data over a Wi-Fi connection. The standard prevents hackers from intercepting data through the wireless connection. WPA2 uses the four-way handshake to authenticate data exchange by facilitating the process of creating encryption keys. 

Although WPA3 is being released, Wi-Fi alliance will continue to support and upgrade WPA2 as many organizations will still be using it for the foreseeable future. The new WPA2 testing upgrades will reduce vulnerabilities caused by network misconfiguration and use centralized authentication services to safeguard managed networks.

“Security is a foundation of Wi-Fi Alliance certification programs, and we are excited to introduce new features to the Wi-Fi CERTIFIED family of security solutions,” Wi-Fi Alliance President and CEO Edgar Figueroa said in a statement. “The Wi-Fi CERTIFIED designation means Wi-Fi devices meet the highest standards for interoperability and security protections.”

WPA3 brings several new features to wireless security. WPA3 will adhere to the security demands of modern devices including Internet of Things (IoT) and connected medical devices. These devices typically don’t have display interfaces and WPA3 will simplify the process of configuring security for those devices.

WPA3 will also protect users whose passwords are considered weak and don’t abide by complexity regulations. The standard will do this by blocking attacks targeted at weak passwords by disabling the authentication process after failed attempted logins.

Healthcare network access through the public internet will also be more secure as user privacy in open networks is strengthened through individualized encryption with WPA3.

A 192-bit security suite protects Wi-Fi networks with high security requirements and is aligned with the Commercial National Security Algorithm (CNS) Suite from the Committee on National Security Systems (CNSS).

Evolving security threats call for change in network security standards, which is why WPA3 has been so highly anticipated. WPA2 while still useful, has several problems that WPA3 hopes to remedy, according to Github.

It’s too easy for anyone within range of the network to kick a user off with a DEAUTH attack without sending a significant amount of information to the network, which makes it hard to detect. Passwords can also be cracked offline if a cyberattacker observes an authorized user connecting to the network. Once the password is compromised, the cyberattacker can then spoof the traffic of anyone on the network.

Many organizations have security solutions and protocols in place to detect these kinds of threats, but WPA3 will hopefully solve these problems so organizations can focus on more advanced and informative security strategies.

The US Department of Commerce and the Department of Homeland Security also recently recognized the need to evolve network security for defending against attacks against connected medical and IoT devices. This is a key concern as IT infrastructure technology becomes more advanced.

A draft report from the Departments released earlier this week emphasized the need to embrace “innovation in the infrastructure for dynamic adaptation of evolving threats,” as well as “promote innovation at the edge of the network.”

IoT devices are still new to healthcare organizations and cannot be secure the same ways as more traditional devices like laptops and smartphones. This is especially true as more users are communicating data over the public internet. WPA3 will help organizations more confidently and easily authenticate users and protect their network against outside threats.