As we continue our VDC FastForward report on the Internet of Things (IoT), security continues to be a major focus point for all of the market ecosystem participants. This week, I saw an interesting article that highlights the challenges of securing mobile equipment that needs to be connected to each other and/or the cloud.
Implanted medical devices need to be connected wirelessly in order to be monitored and adjusted but, need to be protected against being hacked. The worst case a hacker or rogue organization could broadcast signals causing implanted medical devices to go haywire to the detriment of the owners.
OEMs encounter many challenges when implementing M2M features on their products. In many markets including like medical or industrial automation, safety concerns are added to the ever-present priorities of data security. If there is summation of the problem, it is that properly authenticated users and equipment have to quickly and securely connect to other devices like a defibrillator in an emergency situation. Furthermore, you don’t want the risk of any unauthorized users or devices connecting to that same defibrillator at any time.
The best solutions often use hybrid combinations of software, hardware and even cloud-based elements in order to be reliable and, at the same time, resistant to hacking. Within this medical context, the healthcare facility equipment reads the serial number of the embedded unit using RFID technology. That serial number is then looked up using cloud resources to provide the encryption key for the facilities equipment to interface with the embedded unit. Before doing so, the cloud resources would verify that the facility, equipment, and possibly even the operator were authorized. One method that could increase security would be an embedded hardware component of some type that would be a unique identifier for the facility equipment.
If you are really interested in M2M security, you don’t want to miss the upcoming VDC Webcast Engineering Best Practices for Creating Secure Devices with Chris Rommel. This will be broadcast on November 8th at 2PM ET.
On Halloween, if we still have power after hurricane Stacy, I will post the second part of this blog with a 2nd scary risk related to M2M and many popular web enabled applications.