Press "Enter" to skip to content

Day: October 15, 2018

Hippocratic Oath for Connected Medical Devices, and Automotive Cyber Safety

I recently discoveredthe The Cavalry movement’s Hippocratic Oath for Connected Medical Devices, which I believe is of enormous importance not only in terms of its exact formula but also the mapping of the key vectors around data security in the IoT. The Cavalry movement started out of a series of meetings at DEFCOn nd BSides in 2013, concerned with addressing the enormous security issues emerging at the nexus of the IoT, big data, and AI. The oath:

Hippocratic Oath for Connected Medical Devices

I will revere and protect human life, and act always for the benefit of my patients. I recognize that all systems fail; inherent defects and adverse conditions are inevitable. Capabilities meant to improve or save life, may also harm or end life. Where failure impacts patient safety, care delivery must be resilient against both indiscriminate accidents and intentional adversaries. Each of the roles in a diverse care delivery ecosystem shares a common responsibility: As one who seeks to preserve and improve life, I must first do no harm.

To that end, I swear to fulfill, to the best of my ability, these principles.

  1. Cyber Safety by Design: I respect domain expertise from those that came before. I will inform design with security lifecycle, adversarial resilience, and secure supply chain practices.
  2. Third-Party Collaboration: I acknowledge that vulnerabilities will persist, despite best efforts. I will invite disclosure of potential safety or security issues, reported in good faith.
  3. Evidence Capture: I foresee unexpected outcomes. I will facilitate evidence capture, preservation, and analysis to learn from safety investigations.
  4. Resilience and Containment: I recognize failures in components and in the environment are inevitable. I will safeguard critical elements of care delivery in adverse conditions, and maintain a safe state with clear indicators when failure is unavoidable.
  5. Cyber Safety Updates: I understand that cyber safety will always change. I will support prompt, agile, and secure updates.

Importantly, The Cavalry has a similar security manifesto for cars. The Five Star Automotive Cyber Safety Program shares the same key vectors of safety by design, third party collaboration, evidence capture, security updates, and segmentation and isolation.

Internet of Things state of play

Nice infographic illustrating the current state of play in the IoT, courtesy of Goldman Sachs investment research. I like how they have organized the developmental vectors into homes, cars, wearables, cities, and industrial. Interestingly, they view the smartphone as the emergent default human interface to the IoT. I think this is already the case, but not for much longer, to be superceded by the body-as-interface. With voice and facial recognition already good enough to around 90-95% the human body is the only logical interface for human-IoT interaction. This is already emerging with the Amazon Echo and Google Home, which are based on voice recognition and are starting to roll out facial recognition based interfaces. Add the spread of clothing-embedded sensors over the next 5 years, following the acceptance trajectory of wearables, to be followed by body-embedded sensors in the next 10 years, and the trend is clear. We are in the computer now.

Internet of Things drivers [courtesy of Goldman Sachs]
Internet of Things drivers [courtesy of Goldman Sachs]