Documentos de Académico
Documentos de Profesional
Documentos de Cultura
INTERNET OF THINGS
REWARDS AND RISKS
Jason Healey, Neal Pollard, and
Beau Woods
Atlantic Council
BRENT SCOWCROFT CENTER in partnership with
ON INTERNATIONAL SECURITY
2015 The Atlantic Council of the United States. All rights reserved. No part of this publication may be reproduced or
transmitted in any form or by any means without permission in writing from the Atlantic Council, except in the case of brief
quotations in news articles, critical articles, or reviews. Please direct inquiries to:
Atlantic Council
1030 15th Street, NW, 12th Floor
Washington, DC 20005
ISBN: 978-1-61977-981-5
Publication design: Krystal Ferguson; Photo courtesy of Intel Security.
This report is written and published in accordance with the Atlantic Council Policy on Intellectual Independence. The authors
are solely responsible for its analysis and recommendations. The Atlantic Council and its funders do not determine, nor do they
necessarily endorse or advocate for, any of this reports conclusions.
March 2015
TABLE OF CONTENTS
Executive Summary......................................................................................................................................... 7
1. Build Security into Devices from the Outset, Rather than as an Afterthought............... 16
Conclusion......................................................................................................................................................... 19
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
EXECUTIVE SUMMARY
AT L A N T I C C O U N C I L 7
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
The current focus in medical device Some medical device makers continue to push
development and production is on old technologies and resist innovation because
manufacturers preferences and patients needs. they know regulators will approve the old
Industry and government should also focus on technology. A more streamlined regulatory
implementing an overarching set of security approval process could remedy this problem.
standards or best practices for networked An improved process should encourage security
devices to address underlying risks. by design, as well as the ability to patch systems
after they are deployed.
Several recommendations will help foster
innovation while minimizing security risks. This Lastly, this report recommends an independent
report makes the case that industry must build voice for the public, especially patients and their
security into devices from the outset, rather families, to strike a better balance between
than as an afterthought. As McAfees then-CTO effectiveness, usability, and security when
Stuart McClure testified before the US House devices are implemented and operated.
Committee on Homeland Security in 2012,
Cybersecurity has to be baked into the
equipment, systems and networks at the very
start of the design process.3
8 AT L A N T I C C O U N C I L
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
Across the board, these powerful and Though the direct costs associated with the
customizable medical technologies offer the development, testing, and production of
patient improved outcomes and quality of life. medical devices are high, they hold the promise
Medical staff, or even the users themselves, can of helping to cut skyrocketing medical costs. It
monitor their health more responsively, receive is hard not to be beguiled by the promise of
feedback and alerts more quickly, make easier health monitoring and self-treatment
adjustments less intrusively, and deliver benefits
more precisely. 2 Intel, The Internet of Things and Healthcare Policy Principles,
http://www.intel.com/content/dam/www/public/us/en/
documents/white-papers/iot-healthcare-policy-principles-paper.
pdf.
1 Michael Compton and Kevin Mickelberg, Connecting 3 Intel Newsroom, The World Agrees: Technology Inspires
Cybersecurity with the Internet of Things, Optimism for Healthcare, December 9, 2013, http://newsroom.
PricewaterhouseCoopers, October 15, 2014, http://usblogs.pwc. intel.com/community/intel_newsroom/blog/2013/12/09/
com/cybersecurity/connecting-cybersecurity-with-the-internet- the-world-agrees-technology-inspires-optimism-for-healthcare.
of-things/. 4 Ibid.
Jason Healey is the Director of the Atlantic Councils Cyber Statecraft Initiative at the Brent Scowcroft Center on
International Security. Neal Pollard is a Director at PricewaterhouseCoopers and Senior Fellow at the Cyber Statecraft
Initiative. Beau Woods is the CEO of Stratigos Security.
AT L A N T I C C O U N C I L 9
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
using devices like insulin pumps, which security gaps in the integration of operational
provide cheaper alternatives to an overtaxed technology (e.g., medical devices), consumer
medical system. If used as tools of preventive technology (e.g., smartphones), and networked
medicine, they can also decrease the rate information technology (e.g., hospital networks).
of hospitalization.
Malicious actors could soon have the same hold
The US National Institute of Standards and here as they do elsewhere so that we could
Technology, quoting one estimate by General soon see a booming market in medical zero-day
Electric, says deploying cyber-physical systems exploits, a security hole known to the attackers
could save $63 billion in healthcare costs over and for which there is no defense. This is what
fifteen years, with a 15-30 percent reduction in the future will look like if security officials and
hospital equipment costs and a 15-20 percent healthcare organizations do not take the correct
increase in patient throughput. 5 steps today.
10 AT L A N T I C C O U N C I L
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
media, might stop an entire class of promising Since the IoT is still in its infancy, no one yet
technologies from ever becoming a reality. knows all the ways this information can be used
for malicious purposes. For example, one could
Networked medical devices are vulnerable to imagine how many unethical gamblers would
more than just criminal intent. Like any other want access to key athletes medical or health
technology, they are prone to failure. The data before or during sporting events. What if
complexity of connecting IT to consumer or extortionists took over devices or medical
operational technology which controls physical equipment until the patient or hospital paid a
processes, such as pumps, creates exponential hefty ransom? Who knows what other examples
opportunities for flaws in design, we cant yet imagine?
implementation, or operation, any of which can
lead to accidental failure. This is as true for Given the potentially fatal consequences of a
pacemakers as it is for point-of-sale terminals medical device malfunctioning, theres little
and toastersyet given the potentially fatal room for failure when it comes to these devices
consequences of a medical device compared to other networked devices.
malfunctioning, theres little room for failure
when it comes to these devices compared to Intentional disruption is also a concern,
other networked technologies. Should any because networked medical devices face the
high-profile failures take place, societies could same technological vulnerabilities as any other
easily turn their backs on networked medical networked technology.
devices, delaying their deployment for years
Hacktivists, thieves, spies, extortionists, and
or decades.
even terrorists seek to exploit vulnerabilities in
A second immediate concern is protecting IT to commit crimes and cause havoc. However,
patient privacy and the sensitive health data when a networked device is literally plugged
inside these devices. into someone, the consequences of cybercrime
committed using that device might be
Vulnerabilities in a networked medical device particularly personal and threatening. Both
pose obvious privacy risks, since these devices Hollywood and the real world offer scenarios
access patients most personal biological data. showing the potentially lethal consequences
The devices wireless networking function is of terrorists or madmen hacking into
central to their effectiveness, though as with pacemakers or insulin pumps. 8 A James Bond
any wireless network, users and technicians movie featuring such attacks surely cannot
must ensure that they dont transmit be far behind.
unencrypted personal data across open
networks. Additionally, if these devices interface The US Department of Homeland Security
with medical billing records, then patients risk (DHS) is investigating two dozen cases of
losing both medical and financial information. suspected cybersecurity flaws in medical
devices that criminals could exploit, such as
According to the Identity Theft Resource forcing an insulin pump to overdose a patient,
Center, 44 percent of all registered data or instructing a heart implant to deliver a
breaches in 2013 targeted medical companies.6 deadly jolt of electricity.9
Furthermore, the number of information
security breaches reported by healthcare Even though almost half of respondents polled
providers soared by 60 percent from 2013 by PwC had integrated medical devices into
to 2014more than double the increase seen their enterprise IT, they had not been as quick in
in other industrieswith financial losses up
by a stunning 282 percent, according to 8 See for example Homeland episode no. 10, Heartbroken, which
PwCs Global State of Information Security originally aired on Showtime on December 2, 2012, and Daniel
Survey 2015.7 Halperin et al., Pacemakers and Implantable Cardiac
Defibrillators: Software Radio Attacks and Zero-Power Defenses,
IEEE, 2008, http://www.secure-medicine.org/public/
6 Meg Whitman, 10 Big Tech Trends in Healthcare, HP Matter, publications/icd-study.pdf.
January 7, 2015, https://www.linkedin.com/pulse/10-big-tech- 9 Jim Finkle, U.S. Government Probes Medical Devices for Possible
trends-healthcare-meg-whitman. Cyber Flaws, Reuters, October 22, 2014, http://www.reuters.
7 PricewaterhouseCoopers, PwC Global State of Information com/article/2014/10/22/us-cybersecurity-medicaldevices-
Security Survey 2015, September 30, 2014, http://www.pwc. insight-idUSKCN0IB0DQ20141022?utm_
com/gx/en/consulting-services/information-security-survey/ content=buffer9c60e&utm_medium=social&utm_source=twitter.
download.jhtml. com&utm_campaign=buffer.
AT L A N T I C C O U N C I L 11
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
ensuring the security of these connected and industrial control systems, like the
devices. More than one-third (37 percent) said sophisticated Stuxnet virus which targeted
they had contacted device manufacturers to Irans nuclear program.
learn more about the equipments security
capabilities and risks, and only 59 percent had
performed even a rudimentary risk assessment
of the devices or technologies. Only 56 percent BOX 1. REWARDS AND RISKS IN
had implemented security controls, CONTEXT: BIOINSTRUMENTATION
demonstrating a lack of foresight that can have
real consequences.10 Great Lakes NeuroTechnologies, a company
based in Cleveland, Ohio, developed
Two prominent security researchers, Jay bioinstrumentation products to better
Radcliffe and Barnaby Jack, have exposed flaws measure health. One set of these products
in insulin pumps, which are one of the more tracks how symptoms change in response to
widely deployed networked medical devices. In treatment for patients with Parkinsons
2011, Radcliffe discovered that access to an disease through physiological monitors and
insulin pumps serial number would allow him to patient-centered diagnostic and therapy
remotely communicate with the device from up systems integrated with wireless, remote, and
to one hundred and fifty feet away. As these web-based applications, according to the
devices have little to no security, he could turn company.
off the pump or cause an insulin overdose with
just $20 worth of equipment. Jack soon Of course, these Internet-enabled devices
improved upon Radcliffes hack by finding a are at risk of an attack, but the results
way to compromise an insulin pump even demonstrate the upsides of improved
without the serial number, and expanding the outcomes at reduced cost:
range to three hundred feet. This would let a
Clinicians use the real-time data collected
hacker scan for any nearby devices instead
by IoT-enabled devices to help optimize
of having to target a specific device identified
their patients treatment and observe their
in advance.
response to treatment.
As dramatic as these risks are, scant evidence
exists that criminals or terrorists are motivated Pharmaceutical companies working
or able to exploit them. In the report referenced on developing new therapies...use the
earlier, DHS acknowledged it is not aware of any information gathered through [these
criminals or terrorists trying to exploit the networked] devices to aggregate patient
vulnerabilities the department is investigating. data from multiple locations around the
This should not, however, be reassuring. That world for clinical studies.
these attack tools have not been widespread
The Internet of Things also helps
could just mean they have not yet appeared
Parkinsons patients get affordable access
in the black market for sale. They almost
to quality care via telemedicine.
certainly will.
Source: Jasper, Great Lakes NeuroTechnologies Turns to
Even more dangerous than the potential for Jasper to Automate Telemedicine for Parkinsons Disease
targeted killingsthough also far less likely IoT Enables Connectivity for Remote Sensing to Optimize
is the threat of widespread disruption. Patient Treatment, https://www.jasper.com/sites/default/
files/downloads/GL-NeuroTechnologies-IoT-Success-Story.
Theoretically, a piece of targeted malware could pdf.
spread across the Internet, and only take action
when it confirmed it was in a medical device.
Such malware could affect everyone with a
vulnerable device. This far-fetched but possible
scenario has materialized in business IT systems
12 AT L A N T I C C O U N C I L
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
Insulin pumps, among the most widely Large devices are typically more standardized,
embedded devices, illustrate the balance with commodity off-the-shelf hardware and
between the benefits and risks of networked software components not much different
medical devices. Convenient and effective, from what might be on the doctors desk.
they undoubtedly improve peoples lives. An MRI, for instance, might run a UNIX
One user, Melissa Ford, explains: subsystem on the device, with a Windows
front-end for controlling and viewing images.
My insulin pump allows me to be a person Smaller devices tend to be more specialized.
with diabetes, not an autoimmune disorder For example, since a pacemaker needs an
with a pet human. For 7 years now, an extremely long battery life and a low-
insulin pump has given me the freedom to consumption processor, it would more likely
do the things I couldnt have done as use a custom operating environment.
confidently on injections. I eat just about
whatever I want, when I am hungry; I drink The communication technology may be more
alcohol in moderation; I travel at will; and I standard than other components of the device.
exercise to good effect. I can spend long A bedside infusion pump might link to the
hours in the library or at the pub. Reduced hospitals WiFi and connect to a system at the
diabetes-related frustration and depression nurses station, which in turn is linked over the
freed me to discuss things other than my local network to the hospitals medical records
blood sugarscampus events I had system. A pacemaker is more likely to use a
attended, what I was learning in my shorter-range technology such as Bluetooth,
classes, and fun with friends.11 the same technology that connects a mobile
phone to a wireless earpiece or a tablet to a
wireless keyboard.
AT L A N T I C C O U N C I L 13
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
Other manufacturers stress security by avoiding 14 For evidence that the concern is not true, refer to FDA guidance
such hard-coded credentials, but at the risk of and communications such as http://www.fda.gov/
RegulatoryInformation/Guidances/ucm077812.htm; http://
www.fda.gov/MedicalDevices/Safety/AlertsandNotices/
ucm189111.htm; and http://www.fda.gov/
13 US-CERT, Vulnerability Summary for the Week of August 11, RegulatoryInformation/Guidances/ucm356186.htm.
2014, August 2014, https://www.us-cert.gov/ncas/bulletins/
SB14-230.
14 AT L A N T I C C O U N C I L
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
AT L A N T I C C O U N C I L 15
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
1 Build Security into Devices from the Since many medical device manufacturers write
Outset, Rather than as an Afterthought their own in-house codeand they are not
software specialiststheir customized code is
Medical device manufacturers must adopt a more likely to be inefficient, specific to each
secure-by-design approach to research company or project, or full of security holes just
and development. waiting to be discovered. Such small software
operations also tend to make it difficult to find
In the past, security has always been an and patch those bugs.
afterthought. Because of that approach,
security experts have had to deal with the This project could be a rare opportunity in
reckless shortcuts developers have taken to try which innovation, privacy, and security would
to cram security in after the fact. Adding be fully aligned, as it could reduce costs for
security features to products after their initial manufacturers and accelerate innovation,
rollout is a losing battle. It is simply too costly all while allowing for better security. As
and ineffective to try to secure systems already security threats and other bugs are found,
in the possession of the end user. the fixes would be made available to the
entire community.
As Stuart McClure, McAfees then-Executive
Vice President and Worldwide Technology Even the best secure-by-design products will
Officer explained to the US House Committee still have bugs. The medical device industry
on Homeland Security, Cybersecurity has to be should therefore adopt another best practice
baked into the equipment, systems and from other technology sectors and cooperate
networks at the very start of the design with computer security researchers. A
process. 15 Admittedly, to get security right in grassroots organization of security researchers
the design process upfront is an investment called I Am The Cavalry is an excellent
both in time and resources. But by prioritizing example of collaboration between security
security in its approach to product design researchers and companies, creating public
today, the medical device industry will reap awareness around areas where IT security
dividends tomorrow. affects public safety and human life, especially
networked medical devices.
Maximizing the benefits of networked medical
devices requires careful balance between the All too often, companies see such hackers as
control that a secure-by-design approach might adversaries or villainous criminals looking for
impose on devices and the flexibility needed by flaws in their products. Instead, many are driven
practitioners and patients in the field. by simple curiosity or public mindedness.
Sometimes, flexibility, and adaptation in the
field breeds security vulnerabilities, as device So-called bug-bounty programs offer modest
operators change configurations or security financial rewards to these researchers who
features, or combine technologies. A secure- provide low-cost security testing for the
by-design approach might include mitigating software. An industry-wide bug-bounty
approaches such as automated logging and program for medical devices, perhaps even
monitoring of device modifications in the initially co-funded by a partnership between
field, to identify vulnerabilities and better government and industry, might drastically
manage them. improve security at a low cost.
16 AT L A N T I C C O U N C I L
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
16 Quote from participant at Atlantic Council workshop on 18 Angeliki Valsamidou, Update on the European Proposal for a
networked medical devices held on June 27, 2014. Medical Devices Regulation, Inside Medical Devices, May 30, 2014,
17 NIST, Cybersecurity Center Invites Feedback on Securing Medical http://www.insidemedicaldevices.com/2014/05/30/european-
Devices, December 22, 2014, http://www.nist.gov/itl/pumps- parliament-adopts-resolution-on-the-proposal-for-a-medical-
122214.cfm. devices-regulation.
AT L A N T I C C O U N C I L 17
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
18 AT L A N T I C C O U N C I L
THE HEALTHCARE INTERNET OF THINGS REWARDS AND RISKS
CONCLUSION
Networked medical devices have bridged the
human-machine interface, delivering the most
personal of benefits. They literally embed the
Internet into peoples lives, improving medical
outcomes, offering better quality of life, and
lowering healthcare costs. They also potentially
introduce security flaws along with those
benefits. However, these flaws can be managed
and even reduced with a handful of steps: a
focus on security by design; better collaboration
among industry, manufacturers, regulators, and
medical practitioners; a change in the
regulatory approval paradigm; and encouraging
feedback from patients and families who
directly benefit from these devices.
20 Ibid.
AT L A N T I C C O U N C I L 19
ABOUT INTEL SECURITY
McAfee is now part of Intel Security. With its Security Connected strategy, innovative approach to
hardware-enhanced security, and unique Global Threat Intelligence, Intel Security is intensely focused
on developing proactive, proven security solutions and services that protect systems, networks,
and mobile devices for business and personal use around the world. Intel Security combines the
experience and expertise of McAfee with the innovation and proven performance of Intel to make
security an essential ingredient in every architecture and on every computing platform. Intel
Securitys mission is to give everyone the confidence to live and work safely and securely in the
digital world. www.intelsecurity.com.
Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other
countries. McAfee and the McAfee logo, Intel Security are registered trademarks or trademarks
of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be
claimed as the property of others. Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard,
Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com.