Carrying our Insecurities with Us: The Risks of Implanted Medical Devices in Secure Spaces

Presented at Black Hat USA 2020 Virtual, Aug. 5, 2020, 10 a.m. (40 minutes).

This talk explores the contradiction of allowing increasingly smart Implanted Medical Devices (IMD) in secure spaces through the combination of policy amendments and technical mitigations. The number of IMDs in use in the United States has been steadily increasing as new technologies emerge and improve. In the context of the U.S national security workforce, current guiding policy prohibits the possession and use of many portable electronic devices (PEDs) and "smart" devices, including smart IMDs, in secure spaces. Given that these smart devices are increasingly connected by two-way communications protocols, have embedded memory, possess a number of mixed-modality transducers, and are trained to adapt to their environment and host with artificial intelligence (AI) algorithms, they represent significant concerns to the security of protected data, while also delivering increasing, and often medically necessary, benefits to their users. By analyzing the risks and benefits of various policy considerations, we conclude that there is a need to amend Intelligence Community Policy Memorandum (ICPM) 2005-700-1, Annex D, Part I to include smart IMDs to remain compliant with Intelligence Community Policy Guidance (ICPG) 110.1. Additionally, we propose a series of technical and policy mitigations applicable to these smart IMDs that balance the simultaneous constraints of medical necessity and security.

Presenters:

• Alan Michaels - Director, Electronic Systems Lab, Virginia Tech Hume Center
  Alan Michaels serves as a Research Professor and the Director for Electronic Systems research at the Virginia Tech Hume Center, whose primary mission is workforce development for the DoD and IC. He also holds courtesy appointments in Electrical & Computer Engineering and Mathematics. In aggregate, Alan has led 125 R&D efforts totaling over $114M, generated commercialized research results projected to generate $900M in revenues, and produced two startups. Prior to VT, Alan spent a decade at the Harris Corporation leading research in secure wireless communications and signal processing. Dr. Michaels earned his BS/MS/PhD in ECE, a BS/MS in Applied Maths, and an MS in Operations Research from Georgia Tech as well as an MBA from Carnegie Mellon. He has received 41 U.S. patents and written over 60 peer reviewed publications.

Links:

• https://www.blackhat.com/us-20/briefings/schedule/#carrying-our-insecurities-with-us-the-risks-of-implanted-medical-devices-in-secure-spaces-19816

Similar Presentations:

• May Contain Hackers (MCH2022) / “You give me fever, fever all through the night": Hack attacks against wireless medical devices and the virtual patient
• May Contain Hackers (MCH2022) / A Smart Light Hacking Journey
• VB2016 / Smart Outlets. Why We Need Responsible Disclosure!