The third annual Security of Things® Forum (SECOT) in Cambridge, Massachusetts fostered discussion on a variety of cyber-security related topics ranging from a standards-based approach to security connected devices to connected healthcare platforms. Even the Department of Homeland Security weighed in on its own efforts to influence the next generation of connected networked devices by developing strategic principles for developers to consider when addressing the Internet of Things.
Keynote speaker Dr. Kevin Fu of the University of Michigan spoke specifically about both the benefits and security problems in networked medical devices. Dr. Fu noted that pacemakers, for example, require direct contact from a sterile needle to adjust or maintain them, which creates an infection risk; and thus a wirelessly controlled pacemaker therefore can offer both the benefits of easier access and control, but also the security risk of being accessible—and therefore hackable—via a network. Moreover, a password protected pacemaker cannot simply lock out the user or attending physician because they fumbled the password at a critical moment.
While cyber-security for medical devices is a complex problem, especially in view of the aging infrastructure of most healthcare systems, Dr. Fu concludes that overall “patients prescribed an implant are far safer with those devices than without” despite even “major security problems.” In fact, he believes that most security flaws can be addressed by practicing basic security hygiene, addressing the “low lying fruit” and designing critical systems to “fail gracefully” by localizing breaches.
A second session of the SECOT Forum occurred on October 27, 2016 in Washington, DC. Speakers included: Suzanne Schwartz, FDA Director of Emergency Preparedness/Operations and Medical Countermeasures; Beau Woods, Deputy Director of the Cyber Statecraft Initiative in the Brent Scowcroft Center on International Security; and keynote speaker Ralph Langer, Managing Principal of Langer Communications.