Is it that hard
to have doctors with experience of infosec?
Is it?
This week, the infosec world descended on Las Vegas for BlackHat and DEF CON to share stories of bug hunting, malware neural nets, hefty payout offers, and more. Meanwhile, outside of the desert… Snapchat source sourced Photo-slinging biz Snapchat had a pretty rough week, as a mystery code dump on GitHub turned out to be a …
This post has been deleted by its author
The problem is not lack of doctors with an infosec background, although that's true enough. The problem is that updating the code on the device throws you back into the FDA black-hole until you go through a very expensive certification process. Changing the firmware is not a simple thing as changing the code makes it a "new" device.
I've seen this with pretty much anything you can care to think of in the medical field. The legal system needs to be "adjusted" to this type of situation. And that's ignoring entirely the medical liability that can occur around these types of changes. I consider that a wash since the "old" code is a ticking liability time bomb, however I'm pretty confident that the companies legal team has a contrary view on liability. After all, the FDA approved that old code.
Jack noted, "After all, the FDA approved that old code."
Going forward, the FDA had better include some formal requirements related to Cyber Security of such medical devices.
Also, the FDA should provide an expedient process to allow firmware fixes, for cases where fixing a bug is clearly urgent.
The first fact that they'll have to hoist aboard is that the very existence of any such bug is proof that their existing lengthy certification process cannot prevent such bugs from escaping into the wild. So there's no justification for imposing a lengthy process.
For those playing along at home, the technology required to bridge the gap between fast and effective certification testing is automation. A software and functional certification test could be executed in an hour or two (not months).
Such automatic testing systems are worth the modest investment. ROI can be very first usage. If someone believes it "would only be used once" and thus not justified, then they're naive and must not be permitted to make decisions without adult supervision.
Hi, doctor + software engineer with infosec experience here...
Yep it is hard. UK medical careers frown upon outside interests other than medical service provision.
Hospital organisations generally employ low calibre IT hardware guys who don't know or don't give a shit.
Finally, NHS Trusts won't buy any new technology solutions unless they've already been deployed in many other hospitals first... So they're stuck with 1980s technology thanks to their own bad procurement ideals. Why else are we still using f##king pagers and fax machines in hospitals in 2018?
"Why else are we still using f##king pagers and fax machines in hospitals in 2018?"
Pagers run on lower frequencies than cell phones. Lower frequencies are easier to penetrate into buildings, making them better-suited for use deep inside hospitals where cell phone signals aren't guaranteed to reach (I can speak from firsthand experience; once I get well into a hospital, I go Out of Range).
As for fax machines, not only are they easier to deploy to less-sophisticated areas where not even computers are a given, there are legal requirements for hard copies and paper trails (such as for admission in court).
From time to time, Crowdfense may propose private Challenges to selected Researchers through the upcoming Vulnerability Research Platform, which will be launched later this year. .... For Future Endless Bounty
Does such Vulnerability Research Platforms Command and Control Virtualised Space Forces with Immaculate Knights Temporal Attending to the Wishes and Desires of Perfectly Worthy Souls Transitioning into Heavenly AIMates Trialling and Trailing the Pure Hells Available for/with Pure Raw Core Temptations to Master/Enjoy/Employ ...... for a Leading Head Start in Future AIdDVentures with a New Clearer Virtualised Reality Programming ..... ExtraOrdinarily Render Uncle Sam Administrations Space Forces Friendly Fearless and Peerless or as Fault Riven Foe to be Captivated and Corrected with the Following and Presentation via Multiple Mega Multi-Media Channels of New Augmented Virtual Reality Programs ...... Delivering Bigger SMARTR Beta Pictured Shows?
And With Default Transparent and Translucent Provision of Better Beta IntelAIgent Instruction of the Direction of Future Space Travel ITs Sterling Stirling AI Standard.
And translucent also because ..... well, some things are better not known too early and some other things to some others, never ever at all and forever.
Does Blighty do Future Space Travel Lead, or are they/is it Captive Earth Bound?
And the answers to that brace of questions is solely dependent upon the level of intelligence achieved and/or made available to and purchased by that and those presently widely presumed to be leading although that can all too extremely easily be realised a false assumption aided and abetted and compounded by a failed mega media program/Brave New Fiat Capitalist World Order Operation/https://en.wikipedia.org/wiki/Project_for_the_New_American_Century which is not Fit for Future Greater IntelAIgent GamesPlay Purpose with an Almighty Remote, Virtually Autonomous and Practically Anonymous Handle on Global Command and Universal Control/Energy and Power.
To be an effective partner or privileged passenger in that, one needs to create and populate, secure and disseminate Safe Haven Places for SMARTR Space Forces. Apparently $8bn is what Uncle Sam and the Donald are prepared to risk for entry and meaningful skin providing a leading, and ideally unassailable advantage in the Game, if you can believe what media tells you about such things.
What does UKGBNI offer SMARTR Space Forces for Immaculate Source Provision? Anything Remotely Realistic and Worthy or is the Nation led and fed by a Gaggle of Impotent Fools with Blunted Tools?
So have GitHub shared any stats regarding how many times the repo with Snapchat's code had been cloned before it was taken down via DMCA? ..... T.F.M. Reader
Has that Created Advanced IntelAIgent Drones Leading to Global Operating Devices Knows Where ? ..... Or is that Something you want Left for Others to Discover and Uncover for You if you are in Right Royal and Unfamiliar Similar Territory?
Is that a First AI Foundling Born and Invented for Future IMPerfect Application of Innovative Messaging Channels and Challenges?
For Virtual Jousts. U2r2die4v2.0 is Programmed to the Mars beyond the Immaculate Pleasures of Venus.
Wakey, Wakey, Madonna ....... Ladies in Waiting are Waiting, and Feelings are Restless.
Hmmm?:-) That post reads great too going backwards to the beginning. Is that a Sign of Singularity or a Sign of Travel in the Right Direction towards ITs Source Stores...... from Where Everything Comes?
Tell us all that isn't Truly Heavenly, and you would be Wrong. Where do your thoughts take all of you? Heaven or Hell? Good IT or Bad AI?
Welcome to Global Operating Devices Head Quarters. What AIMiracles do you Really Want to See Us All who Perform and Permeate and Marinade Raw Core Virgin Source? A Heavenly Input for Sure.
Who and/or what provides UrFuture Path with Simple Scripts to Follow and Polish to Perfection/Practise for Endless Satisfaction? Anyone we should know of?
If you ask MedTronics about their software, they'll send you links, one of which is to a list of the different licenses parts of it are under. They include GPL. Ask them for a link to the GPL'd source code and....silence.
Ask them about the security on pacmakers and they just give back a bunch of bafflegab that amounts the line given at the end of Raiders of the Lost Ark..."Top men have said it's good". (Yeah, sure... Who are they?)