Page 8 - Cyber Warnings
P. 8







followed. There would be no impetus to apply these. This is still evident as the IoT devices
continue to be compromised and used in attacks against others.

Biomedical
This area is vital as these pieces of equipment keeps people alive. A malfunction or hack of
these may have dire consequences. To secure these, providing a solid, robust security
framework would be prudent. Establishing this standard for security is not a new or novel idea.
Klonoff and Kleidermacher (2016) researched diabetes and securing the connected devices to
measure the user’s glucose level. These devices monitor blood glucose on a static and
continues level, insulin pumps, and the closed-loop artificial pancreas systems.

The researchers noted the Diabetes Technology Society (DTS) created in July 2015 the DTS
Cybersecurity for Connected Diabetes Devices project. This standard was intended to be used
with the industry, clinicians, patients, and others to gauge the applied cybersecurity. This is
merely guidance, along with the FDA’s guidance.

The FDA has put in place a set of rules regarding methods equipment manufacturers should
manage their product’s security (BBC, 2016). This was not a regulation, but a recommendation
or suggestion (Hatmaker, 2016; Smith, 2016; FDA, 2016). The enforcement value of this would
not be significant.

As these are multiple sources of guidance, the waters are still muddied at best. There is a bright
point of light with this. There is another push for a protocol focussed on the “federated
networking and computational paradigm for the Internet of Things…” (Madanapalli, 2017). This
project to form the ROOF computing standard is sponsored by IEEE and is labelled as P1931.1.

Global Influence
In an attempt to implement a global standard, an international agreement for InfoSec with 41
countries was buoyed through the participants. This was known as the Wassenaar Arrangement
(Camarda, 2016). This was not implemented.

Statutes
On the US state level, several states have recognized there needs to be statutes enacted
regarding the security. Specifically, states have focussed on legislating the autonomous
vehicles. The individual, respective states have enacted the legislation (NCSL, 2016). California,
Florida, Louisiana, and Michigan have several statutes with two (2012 and 2016), four (two in
2012 and 2016), one (2016), and six (two in 2013, and four in 2016). The U.S. states have also
introduced legislation regarding autonomous vehicles (NCSL, 2016) with 16 bills in 2015, 12 in
2014, and over 9 in 2013.

This, granted, is a momentous initial and continuing system towards securing the autonomous
vehicles. Even with this tremendous amount of effect, the same issues abounds. These statutes
and bills are per state. These are not unified. State “A” and state “B” may have statutes that are



8 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide

   3   4   5   6   7   8   9   10   11   12   13