As an area that I am very close to, I decided to sum up my comments in a single post rather than scatter replies to many of the uninformed, hyperbolic statements already made on this issue.
The FDA is not lazy or incompetent on this topic. I have personally worked with the people there who are driving this topic. There is a guidance document that was put through the draft/final review cycle on a fast track for FDA work (about 15 months between the two phases, which often takes 2-4 years). http://www.fda.gov/downloads/m... They also held a workshop on the topic, and have been reaching out and supporting communications on this issue in many venues. http://www.fda.gov/MedicalDevi...
The FDA rarely is prescriptive on *how* a function should be performed. They regulate far too many types of devices used in all different kinds of situations. Their regulations need to stand for decades, so guidance documents are how they address issues that are more rapidly changing. The FDA is all about risk management, and directs manufacturers to perform risk management, document their results and submit it for review. How strongly the reviewers push back when guidance isn't followed indicates how strongly the FDA is concerned with an issue. I have been contacted more than once by companies who are getting questions on cybersecurity in their FDA submissions. If you are building a higher-risk networked medical device, you will need to follow the guidance document and produce your data or expect your approval to be delayed while you answer their questions (and thus, have to produce the data).
Having worked in the industry for many years, I really don't subscribe to the general theory that medical device companies are money greedy corporate fat cats who care only about profit at the expense of patient care. Everyone I have worked with has family members and friends who end up using these devices. I think the reluctance to embrace security in these devices is much more of a disbelief that anyone would try to actively harm a patient. I tend to use the examples of devices as vulnerable pivots to get at data in the hospital that can be monetized as my means to turn thinking in this domain.
Another challenge is that every hospital is different. Even the hospitals don't have standards that they generally use for the interconnection of devices. I have been encouraging hospital-based groups to work on the prescriptive standards so device manufactures have something to build against that they know will be salable in the end. Add to that the fact that 80% of device companies have 50 employees or less, and there is the challenge of teaching every one what they need to know.
By the way, the EHRs that these devices are being connected to aren't classified as medical devices, and are not regulated by the FDA. Despite the fact that the medical device definition includes software used to "diagnose disease."
Billy Rios is a great guy, and has done great service in this area. But the press tends to take comments in this space out of context. They love to find a line that makes it sound like the sky is falling.
Except that the planes he claimed to have hacked do not have AFDX networks on them. He claimed United 737-NG and A320s. Those are older ARINC 429 aircraft. I can't imagine the IFE has an ARINC 429 transmitter connecting it to the thrust management unit.
It was my sense that the military was examining several factors that can impact their mission and ability to meet that mission over the coming decades. This includes not only the recognized increase in regional conflicts due to displacement of people by flooding and/or changes in food supplies due to climatic changes in rainfall patterns. It also includes thinking about the predictions for ocean rising and that impact on the bases that support the military around the world - naval bases, and airfields near current sea levels aren't something that one moves in a couple of years.
And lastly, thinking about how the impact on troops and equipment might change - will there be more fighting in high heat locations? Heavy rain? What will be the impacts on availability of fuel sources and on supply chains?
The military is a huge "ship" that takes much time to turn. Looking out a few decades and postulating what might be needed is not a bad exercise. They would be soundly criticized later if they hadn't. But it is interesting that the main military supports on the right are also the main body of climate change deniers, which puts the military in a dicey political environment. They need to prepare, but carefully.
Is anyone surprised that a Rupert Murdoch owned paper decided to misrepresent what the military was doing about climate change?
This says "the design provides isolation from, or airplane electronic system security protection against, access by unauthorized sources internal to the airplane"
There is a difference between "fly by hand" and "fly without depending on the computer" -- in today's modern fly-by-wire aircraft, there are still computers/electronics between the pilot and the control surfaces even when the flight management system, auto-pilot and even primary flight controls are "down".
The question is what failure modes, considering the presence of security threats, require simple back-up systems? How would such back-up systems be invoked?
It is referred to as laches - http://en.wikipedia.org/wiki/Laches_(equity) - when a party waits well beyond the point when they knew they were being infringed, in order to allow the defendant to get in much deeper before asserting your claim. If this claim is valid (and it sounds like that is a big if) it would seem that the timing of their changes means it is highly likely they were thinking about infringement from that initial point. To allow Apple to create several generations of iPhones and then the iPad before asserting the claim sounds like a laches defense might be appropriate. (Though if I read it right, the laches defense comes after the infringement suit has been won, and in the process of arguing damages).
That said, I am not a lawyer, I don't play one on TV, and I didn't stay at a Holiday Inn Express last night. I just have spent way too many hours with patent attorneys in my career.
Why do you assume that a programmer password is needed to ensure some level of authentication? At least some of these devices are designed with a decent set of cryptographic protocols to prevent just the sort of random attacks that have been wildly speculated on this list. There is an arrogance in the security community that all companies are ignorant, out only for profit, and will blithely ignore the safety of the precise patients that they are in business to protect.
If a password was required on a programmer, the first thing that would happen in the programmers in an ER would be a post-it note on the unit with its password. Security Fail. There is a balance between fast access to these devices in an emergency, and the protections needed to ensure they are not tampered with when the patient is away from their physician. Security can be provided by ensuring that it is not possible to authenticate a programming session from a long distance, and that protections are in place to prevent hijacking of active sessions during programming. In an industry driven by safety risk assessment, there is considerable awareness of the potential threat, and mitigations in place to address it. The question was always "who would want to hack such a device" and that was answered last year. Academics in search of publicity (and the funding that follows).
By the way - the device in the original paper was an old device, removed from a patient because the battery had expired. It had been designed in the late 1990s. Significant changes have happened in the subsequent decade, but the authors chose to draw a line from that one data point and assume that designs were just the same today. That is just bad science...
Improvement? Are you implying that any manufacturer of an implantable device uses Windows. None do, that I am aware (and I am aware). You can't get 5-10 years of device life from a 15-35cc package using such an inefficient OS.
They also don't use Bluetooth, or WiFi.
Ack - this issue was "patched" in the 80's. Please keep up with technology improvements.
See the section entitled "Common Misconceptions About Pacemakers" at http://circ.ahajournals.org/cgi/content/full/105/18/2136
Circulation is one of the main Cardiology Journals
Dr. Kenneth Ellenbogen has authored one of the basic textbooks on cardiac pacing. He is one of the authorities in this business.
And, as I recall, the announcers talked about "computer generated" during that sequence. They were talking about the guy who orchestrated the whole opening ceremony, and his use of computers for this sequence. Admittedly, they did not clearly state "this is not really happening".
Would have to go back and re-listen to that on the DVR to get exactly what was said.
My 1080p Front Projector (Sony VPL-VW100) with 9' diagonal screen will be quite happy with a 1080p game console.:) My looming issue will be switching multiple HDMI sources -- I would love to get a good Home Theater Processor that will switch HDMI video and decode digital audio from the HDMI stream. The PJ only has two digital inputs, and they are taken....
Slashdot Mirror
As an area that I am very close to, I decided to sum up my comments in a single post rather than scatter replies to many of the uninformed, hyperbolic statements already made on this issue.
The FDA is not lazy or incompetent on this topic. I have personally worked with the people there who are driving this topic. There is a guidance document that was put through the draft/final review cycle on a fast track for FDA work (about 15 months between the two phases, which often takes 2-4 years).
http://www.fda.gov/downloads/m...
They also held a workshop on the topic, and have been reaching out and supporting communications on this issue in many venues.
http://www.fda.gov/MedicalDevi...
The FDA rarely is prescriptive on *how* a function should be performed. They regulate far too many types of devices used in all different kinds of situations. Their regulations need to stand for decades, so guidance documents are how they address issues that are more rapidly changing. The FDA is all about risk management, and directs manufacturers to perform risk management, document their results and submit it for review. How strongly the reviewers push back when guidance isn't followed indicates how strongly the FDA is concerned with an issue. I have been contacted more than once by companies who are getting questions on cybersecurity in their FDA submissions. If you are building a higher-risk networked medical device, you will need to follow the guidance document and produce your data or expect your approval to be delayed while you answer their questions (and thus, have to produce the data).
Having worked in the industry for many years, I really don't subscribe to the general theory that medical device companies are money greedy corporate fat cats who care only about profit at the expense of patient care. Everyone I have worked with has family members and friends who end up using these devices. I think the reluctance to embrace security in these devices is much more of a disbelief that anyone would try to actively harm a patient. I tend to use the examples of devices as vulnerable pivots to get at data in the hospital that can be monetized as my means to turn thinking in this domain.
Another challenge is that every hospital is different. Even the hospitals don't have standards that they generally use for the interconnection of devices. I have been encouraging hospital-based groups to work on the prescriptive standards so device manufactures have something to build against that they know will be salable in the end. Add to that the fact that 80% of device companies have 50 employees or less, and there is the challenge of teaching every one what they need to know.
By the way, the EHRs that these devices are being connected to aren't classified as medical devices, and are not regulated by the FDA. Despite the fact that the medical device definition includes software used to "diagnose disease."
Billy Rios is a great guy, and has done great service in this area. But the press tends to take comments in this space out of context. They love to find a line that makes it sound like the sky is falling.
Pivots.
http://www.securityweek.com/me...
Except that the planes he claimed to have hacked do not have AFDX networks on them. He claimed United 737-NG and A320s. Those are older ARINC 429 aircraft. I can't imagine the IFE has an ARINC 429 transmitter connecting it to the thrust management unit.
It was my sense that the military was examining several factors that can impact their mission and ability to meet that mission over the coming decades. This includes not only the recognized increase in regional conflicts due to displacement of people by flooding and/or changes in food supplies due to climatic changes in rainfall patterns. It also includes thinking about the predictions for ocean rising and that impact on the bases that support the military around the world - naval bases, and airfields near current sea levels aren't something that one moves in a couple of years.
And lastly, thinking about how the impact on troops and equipment might change - will there be more fighting in high heat locations? Heavy rain? What will be the impacts on availability of fuel sources and on supply chains?
The military is a huge "ship" that takes much time to turn. Looking out a few decades and postulating what might be needed is not a bad exercise. They would be soundly criticized later if they hadn't. But it is interesting that the main military supports on the right are also the main body of climate change deniers, which puts the military in a dicey political environment. They need to prepare, but carefully.
Is anyone surprised that a Rupert Murdoch owned paper decided to misrepresent what the military was doing about climate change?
Define "physically separate"
That is not how I read the following FAA Special Conditions:
https://www.federalregister.go...
This says "the design provides isolation from, or airplane electronic system security protection against, access by unauthorized sources internal to the airplane"
There is a difference between "fly by hand" and "fly without depending on the computer" -- in today's modern fly-by-wire aircraft, there are still computers/electronics between the pilot and the control surfaces even when the flight management system, auto-pilot and even primary flight controls are "down".
The question is what failure modes, considering the presence of security threats, require simple back-up systems? How would such back-up systems be invoked?
It is referred to as laches - http://en.wikipedia.org/wiki/Laches_(equity) - when a party waits well beyond the point when they knew they were being infringed, in order to allow the defendant to get in much deeper before asserting your claim. If this claim is valid (and it sounds like that is a big if) it would seem that the timing of their changes means it is highly likely they were thinking about infringement from that initial point. To allow Apple to create several generations of iPhones and then the iPad before asserting the claim sounds like a laches defense might be appropriate. (Though if I read it right, the laches defense comes after the infringement suit has been won, and in the process of arguing damages).
That said, I am not a lawyer, I don't play one on TV, and I didn't stay at a Holiday Inn Express last night. I just have spent way too many hours with patent attorneys in my career.
Why do you assume that a programmer password is needed to ensure some level of authentication? At least some of these devices are designed with a decent set of cryptographic protocols to prevent just the sort of random attacks that have been wildly speculated on this list. There is an arrogance in the security community that all companies are ignorant, out only for profit, and will blithely ignore the safety of the precise patients that they are in business to protect.
If a password was required on a programmer, the first thing that would happen in the programmers in an ER would be a post-it note on the unit with its password. Security Fail. There is a balance between fast access to these devices in an emergency, and the protections needed to ensure they are not tampered with when the patient is away from their physician. Security can be provided by ensuring that it is not possible to authenticate a programming session from a long distance, and that protections are in place to prevent hijacking of active sessions during programming. In an industry driven by safety risk assessment, there is considerable awareness of the potential threat, and mitigations in place to address it. The question was always "who would want to hack such a device" and that was answered last year. Academics in search of publicity (and the funding that follows).
By the way - the device in the original paper was an old device, removed from a patient because the battery had expired. It had been designed in the late 1990s. Significant changes have happened in the subsequent decade, but the authors chose to draw a line from that one data point and assume that designs were just the same today. That is just bad science...
Improvement? Are you implying that any manufacturer of an implantable device uses Windows. None do, that I am aware (and I am aware). You can't get 5-10 years of device life from a 15-35cc package using such an inefficient OS. They also don't use Bluetooth, or WiFi.
Ack - this issue was "patched" in the 80's. Please keep up with technology improvements. See the section entitled "Common Misconceptions About Pacemakers" at http://circ.ahajournals.org/cgi/content/full/105/18/2136 Circulation is one of the main Cardiology Journals Dr. Kenneth Ellenbogen has authored one of the basic textbooks on cardiac pacing. He is one of the authorities in this business.
And, as I recall, the announcers talked about "computer generated" during that sequence. They were talking about the guy who orchestrated the whole opening ceremony, and his use of computers for this sequence. Admittedly, they did not clearly state "this is not really happening". Would have to go back and re-listen to that on the DVR to get exactly what was said.
According to High-Def Digest, the photos of the HD-DVD add-on for the Xbox 360 does not have an HDMI output. 1080p over component only is problematic - particularly if the movie studios turn on content protection. So, having 1080p output without the digital path to the display is not such bit thunder, IMHO.... See http://www.highdefdigest.com/news/show/Microsoft/X box_360/High-Def_DVD_Gaming/No_HDMI_for_Xbox_360_H D_DVD_Add-On/248
My 1080p Front Projector (Sony VPL-VW100) with 9' diagonal screen will be quite happy with a 1080p game console. :) My looming issue will be switching multiple HDMI sources -- I would love to get a good Home Theater Processor that will switch HDMI video and decode digital audio from the HDMI stream. The PJ only has two digital inputs, and they are taken....