CPS, security and the first step towards a new private cloud standard….

The value short provided by CPS is the implementation of a wearable technology set that helps monitor our lives. For example while when I am home my dog is probably the best you need to get out and walk device ever, knowing I have 2000 more steps to reach my goal for the day is also a great motivator. (The FitBit however isn’t cute and bouncing trying to get me ready for a walk).

Now the reality is this. There are medical devices that can be implanted into you or me. These devices will connect and provide information about our health and monitor the condition our doctors are worried about. You don’t want someone being able to hack that. I said that people could hack devices during a talk with some High School Technology students. To a person they all said “no one would do that.”

All the students argued that medical professionals wouldn’t share information about your health with anyone else. I agreed. They wouldn’t. But it isn’t medical professionals that you have to worry about. Say you are the CEO of a multi-national company and you are about to take a merger public. You also are oh say about to announce that you have to step down due to an illness. Your stock will plummet and derail the merger if your health information gets out. So why wouldn’t a hacker go after that medical device?

I realize that I have a biased opinion of human beings to a degree. I accept that, but I also know that for every 10 good people there is a person willing to cut the corners. For every 20 good people there is 1 person willing to go beyond the corner. It’s the one willing to go beyond the corner that I worry about.

First of all these connected medical devices are going to change the world. Problems that in the past would require monitoring can now be automated. It is a great thing. Personally I think there needs to be some strong standards consideration going forward.

First we have the concept of private cloud. Private clouds exist at three, even four distinct levels. I think we need to begin to evaluate how we secure the data at each leave.

  • Personal Cloud (my private cloud that normally is within 20 feet of my personal cell phone)
  • My home cloud (that cloud of data, resources and tools in my home)
  • My car cloud (which should be smart enough to connect to the other two automatically but over time I may have storage and resources in my car that I consume all day long)
  • The we have the traditional managed or hosted and on premise private clouds.

The first thing is this. If, I wish to cause a problem for you specifically and specifically your medical device the quick and easy way is to launch a DOS or Denial of Service attack. I can do this with Bluetooth and Wi-Fi connected devices. You flood the area where the device is with too many packets for the system to handle.

So the first (and frankly the one one that will be in this particular blog) is the call for secure Bluetooth connectivity. S-BT would use the Low Power Bluetooth connection but would only accept inputs and outputs from two devices. Pairing would be off for both devices and outside of the other device in the chain the secure connection wouldn’t recognize any other Bluetooth devices. This solves the medical issue of collecting information and making sure the device itself cannot be compromised.

More to come…

.doc

Proud FitBit Wearer!