Poor cybersecurity in Internet of Things (IoT) medical devices potentially poses risks to both the well-being of patients as well as to the infrastructure that keeps hospitals running.
The Royal Academy of Engineering worked alongside the Petras Internet of Things research hub to produce a report on IoT, cyber-safety, and reliance — and the message is that more work needs to be done to improve the security of connected systems.
Now that we’ve begun the new year, it may be the best time to revisit Internet of Things (IoT) legislation (even though the relevant bills have been on the Hill since the summer).
A recently introduced bill addresses perceived vulnerabilities in the security of IoT devices sold to the federal government, and medical devices that connect to the Internet. IoT device manufacturers would also have responsibilities to ensure security over the life of the devices. The counter-argument to this legislation, however, is that disclosure and certification requirements could create additional liability for device manufacturers.
Today, each one of us is knowingly or unknowingly a protagonist in a digitally connected world. Our every move is recorded. However, instead of beaming these mundane details out to the world, our information is being used by marketers and organizations who analyse and dissect it to tailor-make their goods and services for us.
Some of this is happening with our consent.
For instance, at any given time, we have Apple’s Siri or Amazon’s Alexa with Echo or Google’s virtual assistant listening in to our conversations to do our bidding at our call.
While medical equipment has long presented thorny security problems, Internet of Things devices in hospitals bring entirely new, and often daunting, cyberthreats.
Take Mirai malware as just the latest example. In late 2017, cybersecurity experts discovered a new variant of Mirai, which transforms Linux networked devices into remote-controlled bots that can be used as part of a botnet in major network attacks. This new variant was designed specially to attack Internet of Things devices.
“The attack is a distributed denial of service attack, meaning the malware now can commandeer previously immune devices and use them to target large amounts of traffic at other devices, causing them to fail due to resource exhaustion,” explained Mike Ahmadi, global director of IoT security at DigiCert, a cybersecurity company that specializes in digital certificates, SSL, encryption and the IoT. “What is particularly onerous is that there are an exponentially larger number of devices – potentially billions – now susceptible to the malware, dramatically increasing the number of potential attacks.”
A tether or a battery? The growth of the Internet of Things (IoT) is limited by these two unsatisfying options. Have you ever wondered what provides power to all of those hotel room card key locks? It’s batteries that die and have to be changed. Most video surveillance systems are tethered, mobile phones use batteries, RFID readers are tethered, drones usage is limited by battery life, and so on. Why are smart thermostats and doorbells selling so well? It’s because the power supply is already there. Show me a source of power and I’ll show you a great IoT application.
Try to imagine what the world would be like without these constraints. Of course, we’d all love our phones to be fully charged all of the time, but wireless power has implications well beyond that. Imagine lightweight powerful lawn mowers and yard tools that just work; drones that could stay aloft indefinitely; industrial sensors that could be attached to anything, anywhere; or security systems that could be deployed quickly and easily. IoT devices would crop up everywhere, helping us in ways that we haven’t even thought of yet.
There are innumerable ways to die and now, a US government agency wants to discuss some new, internet-connected ones. The Consumer Product Safety Commission is now accepting public comments on “potential safety issues and hazards associated with internet-connected consumer products.” In short, please tell the government about your ideas for Final Destination-style, internet-of-things-related deaths.