Posted by David Harley on January 20, 2016.
My colleague Stephen Cobb drew my attention to an organization called I am the cavalry whose mission is ‘focused on issues where computer security intersect public safety and human life.’ And in particular, its Hippocratic Oath for Connected Medical Devices. While the idea of an oath for devices may seem to be carrying the idea of the Internet of Things a little too far, the idea is deadly serious. It’s based on a letter sent to the ‘Healthcare Stakeholder Communities’, urging them to:
In other words, to acknowledge the potential for harm to the community generated by insufficient consideration of security with regard to medical devices. The article offers a way in which
Manufacturers and others involved in the chain of care delivery may demonstrate their commitment to cyber safety by attesting to the way they fulfil this oath.
The ‘others’, according to the Oath itself, could be said to include security researchers, patients, device and policy makers, insurers and payers, physicians and care givers, standards organizations, healthcare providers, and government agencies.
I haven’t ‘taken the pledge’ on the web page. Given the ‘hands off’ relationship I have with security research nowadays, I’d feel a little precious doing that. But I can identify with several of those ‘others’ in terms of past careers and life experiences. So it’s good to see that the risks of divergence between medical technology and security are being taken seriously by somebody.