Computing That Serves

Internet-Accessible Lethal Machines… What Could Possibly Go Wrong?


Thursday, December 10, 2015 - 11:00am


Seth Nielson


Dan Ventura

Internet-Accessible Lethal Machines… What Could Possibly Go Wrong?
Thursday, December 10, 2015
11:00am   1170 TMCB


It was inevitable, of course.  It was only a matter of time before medical machines would become network accessible.  Automation, a trend in medical devices that predates the contemporary Internet, practically begs for such connectivity.  Now, our hospitals are filled with lethal devices that are, theoretically, accessible from anywhere in the world.  Unfortunately, security considerations were a very low priority in design and implementation because of a wide range of weak assumptions.  

The biggest problem is that, to date, no significant attack on has been made on such devices.  It is hard, from a business perspective, to know how much money to invest in defending a territory that has never been assaulted.  In many ways it is even harder, from a technical perspective, to know how such devices should be protected.  The uncomfortable truth is, we cannot accurately predict just about anything we need to know relating to these future battles such as attack vectors or even motives.  Nevertheless, there is a growing interest in exploring these very questions amongst device manufacturers and technology venture capitalists.  This presentation sets forth some of the forces that drive medical insecurities, suggests a couple of possible cyber-attack scenarios, and some of the positive steps that at least a few companies are beginning to take.


Dr. Seth James Nielson is a Principal at Harbor Labs and an Adjunct Associate Research Scientist at Johns Hopkins University. For over fifteen years, he has seen and contributed to a wide range of the High-Tech Industry as an engineer, academic, and consultant. In the latter role, he has reviewed and evaluated source code for major software companies, firewall manufacturers, and medical device companies. Beyond the technology world, he has contributed to reports on protecting privacy in piracy investigations (e.g., by the RIAA and MPAA), provided technical guidance on DMCA litigation, and testified at trial regarding the misappropriation of trade secrets. For the past three years, he has also taught the graduate-level Network Security course at Johns Hopkins, developing his own curriculum and designing a novel network simulation environment for practical experiences. In addition to his teaching responsibilities, Dr. Nielson has also advised masters students in their capstone projects on topics including BitCoin, Heartbleed, and Twitter bot-nets.