Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Hacking and the Internet of Things | @ThingsExpo #IoT #M2M #API #RTC #InternetOfThings
Medical devices are just one of many examples of how the Internet of Things is changing the game

Hacking and the Internet of Things - It's Not Just About the Data

FDA tells hospitals to stop using a pump that is vulnerable to hackers.'.This headline was all over the internet and news this weekend, with the pump in question being a medical infusion pump that automatically administers dosages of medication to patients in a hospital. A vulnerability was identified that would give ‘hackers the ability to access the pump remotely through a hospital's network,' according to the FDA. A hacker would be able to take remote control of the device and change the dosage of medication being administered. As part of the reporting, many of the cable news shows started showing a clip from the Showtime TV show Homeland. In the episode, terrorists hack into the Vice President's pacemaker, force his heart rate to increase, and effectively assassinate him via remote control.

My wife and I had recently seen that episode while binge watching the show (yes, I know it's been on four seasons already, we are a little behind). That particular episode had hit a little close to home. In the spirit of full disclosure, I have a pacemaker which I discussed this last year in an article on Information Week ‘Internet of Things - It's All About the Ecosystem'. As we watched the episode, my wife had turned to me then and asked, "That can't really happen, can it?" At a personal level, fortunately not, as my particular device is ‘old technology' and does not connect to a network. However, I did explain that newer medical devices, being fully functioning members of the Internet of Things universe, are a different story.

It's not just about the data anymore
Medical devices are just one of many examples of how the Internet of Things is changing the game. The game I'm talking about is the hacking game. Normally, when we hear about hackers in the news, it's on a large macro scale. Huge amounts of data stolen from large corporations, or even the government, with the recent hack of the U.S. Office of Personnel where the information of over 21 million people were breached. Hackers attack a single location to retrieve large amounts of information, but the medical device risks discussed above are different. Those risks are on a micro scale, targeting an individual device, more so, targeting an individual. In this paradigm, the hacker is starting with a large amount of devices, looking for a single location.

Medical devices are not the only Internet of Things devices making news about this potential risk. Some recent examples include:

  • Baby Monitors - Baby monitors are now wireless and have webcams built in. In April of this year, two separate incidents were reported by parents of someone remotely accessing their monitors, and tracking the parent's movements in the baby's room. One couple reported hearing a man's voice saying "Wake up baby, daddy;s coming for you". (Ed, this is terrifying....)
  • Smart Cars - Cars are probably one of the bigger ‘Things' in the Internet of Things. Remote and wireless access to various features is becoming very popular. Then in July, a hacker remotely accessed a Jeep while it was traveling at 70 mph, with the drivers foreknowledge. Without the driver touching controls, air conditioning came on, radio changed stations, and a picture of the hackers appeared on the video display of the vehicle. It should be noted, Chrysler has now issued a recall of 1.4M vehicles as result of that event.

No, the sky is not falling
While some of these stories, and the possibilities they discuss can be disturbing, this is not meant to be an "The Internet of Things will be the downfall of humanity' type of discussion. I will leave that to the groups discussing things like how AI will destroy us all. I bring it up to point out that the Internet of Things is a disruptive technology. Like any disruptive technology, it can turn existing viewpoints and paradigms on their head. We need to be prepared for that. The Internet of Things is not going anywhere anytime soon. One respected industry analyst predicts that there will be 4.9 billion (with a B) connected ‘Things' by the end of this year; that is up 30% from last year. They further predict that the number of ‘Things' will exceed 25 billion in another 5 years. No matter how you view it, that's a lot of devices, in our homes, in our workplace, on our bodies.

As technologists, we need to look at security from a different perspective. We have to think about the potential hackers differently. In the old paradigm, it was protect the data, protect the boundaries of the data centers. That is still valid and needs to be done. In addition, we need to look at protecting the individual device and its functions. Hackers may no longer just target a single point to get lots of data. They may target lots of devices just to get access to individual points. Why? Motives could be many, ranging from non-malicious ‘proving they can' types of attacks, to malicious intent to cause harm. When designing and implementing security on these devices, we must look at it through both lens.

Users also need to be educated in the proper use of the devices they have. Last year for example, there was a website that made national news. They linked to over 73,000 security webcams worldwide. How were they able to do that? Each one of the cameras were still running with the default username/password they were shipped with. They effectively left the car parked, unlocked, with the keys in the ignition.

No technology negates the need for good planning and design
The Internet of Things is bringing us wonderful capabilities, services, and conveniences, some of which we may not even recognize. As with any disruptive technology, there are tradeoffs and risks associated with those conveniences. As technologists, it is up to us to help plan and design for those risks, mitigate and educate. Security in the world of technology is always a delicate balancing act between access, usability, and protection. The risks just must be understood and appropriate measures must be taken to ensure the proper balance is maintained.

This post is brought to you by The CIO Agenda.

KPMG LLP is a Delaware limited liability partnership and is the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. The KPMG name, logo and "cutting through complexity" are registered trademarks or trademarks of KPMG International. The views and opinions expressed herein are those of the authors and do not necessarily represent the views and opinions of KPMG LLP.

About Ed Featherston
Ed Featherston is VP, Principal Architect at Cloud Technology Partners. He brings 35 years of technology experience in designing, building, and implementing large complex solutions. He has significant expertise in systems integration, Internet/intranet, and cloud technologies. He has delivered projects in various industries, including financial services, pharmacy, government and retail.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicat...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even cod...
Blockchain. A day doesn’t seem to go by without seeing articles and discussions about the technology. According to PwC executive Seamus Cushley, approximately $1.4B has been invested in blockchain just last year. In Gartner’s recent hype cycle for emerging technologies, blockchai...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSy...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE