Poor cybersecurity in Internet of Things (IoT) medical devices potentially poses risks to both the well-being of patients as well as to the infrastructure that keeps hospitals running.
The Royal Academy of Engineering worked alongside the Petras Internet of Things research hub to produce a report on IoT, cyber-safety, and reliance — and the message is that more work needs to be done to improve the security of connected systems.
Now that we’ve begun the new year, it may be the best time to revisit Internet of Things (IoT) legislation (even though the relevant bills have been on the Hill since the summer).
A recently introduced bill addresses perceived vulnerabilities in the security of IoT devices sold to the federal government, and medical devices that connect to the Internet. IoT device manufacturers would also have responsibilities to ensure security over the life of the devices. The counter-argument to this legislation, however, is that disclosure and certification requirements could create additional liability for device manufacturers.
Today, each one of us is knowingly or unknowingly a protagonist in a digitally connected world. Our every move is recorded. However, instead of beaming these mundane details out to the world, our information is being used by marketers and organizations who analyse and dissect it to tailor-make their goods and services for us.
Some of this is happening with our consent.
For instance, at any given time, we have Apple’s Siri or Amazon’s Alexa with Echo or Google’s virtual assistant listening in to our conversations to do our bidding at our call.
While medical equipment has long presented thorny security problems, Internet of Things devices in hospitals bring entirely new, and often daunting, cyberthreats.
Take Mirai malware as just the latest example. In late 2017, cybersecurity experts discovered a new variant of Mirai, which transforms Linux networked devices into remote-controlled bots that can be used as part of a botnet in major network attacks. This new variant was designed specially to attack Internet of Things devices.
“The attack is a distributed denial of service attack, meaning the malware now can commandeer previously immune devices and use them to target large amounts of traffic at other devices, causing them to fail due to resource exhaustion,” explained Mike Ahmadi, global director of IoT security at DigiCert, a cybersecurity company that specializes in digital certificates, SSL, encryption and the IoT. “What is particularly onerous is that there are an exponentially larger number of devices – potentially billions – now susceptible to the malware, dramatically increasing the number of potential attacks.”
A tether or a battery? The growth of the Internet of Things (IoT) is limited by these two unsatisfying options. Have you ever wondered what provides power to all of those hotel room card key locks? It’s batteries that die and have to be changed. Most video surveillance systems are tethered, mobile phones use batteries, RFID readers are tethered, drones usage is limited by battery life, and so on. Why are smart thermostats and doorbells selling so well? It’s because the power supply is already there. Show me a source of power and I’ll show you a great IoT application.
Try to imagine what the world would be like without these constraints. Of course, we’d all love our phones to be fully charged all of the time, but wireless power has implications well beyond that. Imagine lightweight powerful lawn mowers and yard tools that just work; drones that could stay aloft indefinitely; industrial sensors that could be attached to anything, anywhere; or security systems that could be deployed quickly and easily. IoT devices would crop up everywhere, helping us in ways that we haven’t even thought of yet.
There are innumerable ways to die and now, a US government agency wants to discuss some new, internet-connected ones. The Consumer Product Safety Commission is now accepting public comments on “potential safety issues and hazards associated with internet-connected consumer products.” In short, please tell the government about your ideas for Final Destination-style, internet-of-things-related deaths.
After years of worry, the long-anticipated backlash to the changes wrought by the Internet of Things may finally be arriving. That could be a good thing.
As pretty much everyone knows, the Internet of Things (IoT) hype has been going strong for a few years now. I’ve done my part, no doubt, covering the technology extensively for the past 9 months. As vendors and users all scramble to cash in, it often seems like nothing can stop the rise IoT.
Maybe not, but there have been rumblings of a backlash to the rise of IoT for several years. Consumer and experts worry that the IoT may not easily fulfill its heavily hyped promise, or that it will turn out to be more cumbersome than anticipated, allow serious security issues, and compromise our privacy.
It was a peaceful day in the international company’s computer operations centre until, at 13.07, the monitoring services detected that there were several simultaneous attempts to probe a non-existent workstation. Four minutes later, a VHDL server attempted to access a Google search. And, four minutes after that, external friends confirmed that they were seeing potential broadcasts from the company to known bad sites. (External friends are other companies who mutually monitor sites.) At 13.20 – 13 minutes after the first recorded incident – instructions were issued that all the company’s sites should close down their IT activities. By 13.25 all external connections, including landline telephones, were closed down and all named machines were locked down. By 13.40 all on-site networks and machines were shut down – including printers and other intelligent peripherals – and remote users were being instructed to shut down. At 13.45 all the named representatives of a pre-defined Incident Response Team (IRT) left their remote sites for the central location and by 15.50 it was clear that all remote users were shut down.
Internet of Things product manufacturers must get their act together and secure their devices or they risk creating new ways for wrongdoers to commit crimes, a senior police officer has warned.
“All new technologies, all changes in the way that society is ordered — particularly if it is technology — always has a crime harvest. So, when cars were invented, people started drink-driving and stealing cars and it’s exactly the same with the Internet of Things,” said chief constable Michael Barton, head of the Durham Constabulary.
Everyone’s heard of the IoT – smart thermostats, Internet-connected refrigerators, connected lightbulbs – but there’s a subset called industrial IoT that has a much more significant day-to-day impact on businesses, safety and even lives.
The term IIoT refers to the Industrial Internet of Things. In broad strokes, it’s the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy and industrial sectors.