Episode 157 digs into the security of the medical internet of things. Which, we discover, could be described more often than we’d like as an internet of things that want to kill us. Joshua Corman of the Atlantic Council and Justine Bone, CEO of MedSec, talk about the culture clash that has made medical cybersecurity such a treacherous landscape for security researchers, manufacturers, regulators, and, unfortunately, a lot of patients who remain in the dark about the security of devices they carry around inside them.
In the news roundup, Phil Khinda takes us through the likely trend in SEC cybersecurity enforcement in the new administration. Stephen Heifetz does the same for the Committee on Foreign Investment in the United States, or CFIUS.
I claim that Eli Lake’s Bloomberg story finally explains why Republicans think that Obama administration surveillance and unmasking of Trump team members needs to be investigated. Stephen calls it a distraction.
In other news, Buzzfeed gets taken down by a lawyer with a sense of humor, big claims are made for the impact of the third Wikileaks Vault7 document dump, and Donald Trump may have forgiven Apple. Finally, Jim Comey’s twitter account may have been outed; that’s the story, because the tweets themselves are anodyne in the extreme.
For those wanting to dig deeper into medical device cybersecurity, Joshua Corman recommends the following links, all referenced in the interview:
- Hippocratic Oath for Connected Medical Devices
- Safety Critical Coordinated Vulnerability Disclosure Programs
- I am the Cavalry Position on Disclosure
- US Commerce NTIA work on Safety Critical Coordinated Vulnerability Disclosure (1)
- US Commerce NTIA work on Safety Critical Coordinated Vulnerability Disclosure (2)
- 18 (and counting) points of support in US Government for Coordinated Vulnerability Disclosure
As always, the Cyberlaw Podcast welcomes feedback. Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.
The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.