ABSTRACT
As more devices that affect their environment come into use, their proper functioning to protect the welfare of their charges is a concern. Examples include assistive transport devices, robotics, drug delivery systems, etc. Here privacy is not the primary concern, instead it is safety. Given that there are many instances of medical devices not being developed to be secure, plus the standard of practice for security with robotics and other cyber-physical devices, the issue needs consideration. These systems are not only vulnerable to intentional attack, but can cause harm inadvertently by unexpected interaction from other systems. This paper discusses security challenges of expanded use of cyber-physical devices in assistive environments and provides suggestions to improve the security and safety of these devices in the future.
- ANSI/ISA-84.00.01-2004 Part 1 (IEC 61511-1 Mod) Functional Safety: Safety Instrumented Systems for the Process Industry SectorGoogle Scholar
- ANSI/ISA-TR99.00.01-2007-Security Technologies for Industrial Automation and Control SystemsGoogle Scholar
- ANSI/ISA-TR100.00.01-2007-Security Technologies for Industrial Automation and Control SystemsGoogle Scholar
- August, T., Tunca, T. I. 2010. Who Should be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments. Management Science. (Dec. 2010) Google ScholarDigital Library
- Baker, G. 2008. Schoolboy hacks into city's tram system. The Telegraph. (Jan 11, 2008) http://www.telegraph.co.uk/news/worldnews/1575293/Schoolboy-hacks-into-citys-tram-system.htmlGoogle Scholar
- Cheolgi, K., Sun, M., Mohan, S., Yun, H., Sha, L., Abdelzaher, T. F. 2010. A framework for the safe interoperability of medical devices in the presence of network failures. ICCPS '10: Proceedings of the 1st ACM/IEEE International Conference on Cyber-Physical Systems. (Apr. 2010) Google ScholarDigital Library
- Condon, S. 2009. Red tape keeps Conficker on medical devices. (5 May 2009) http://www.zdnet.com/news/red-tape-keeps-conficker-on-medical-devices/295270Google Scholar
- Consumer Reports. 2010. Most important factors in buying a car. Consumer Reports. (Jan. 2010) http://www.consumerreports.org/cro/cars/new-cars/news/2010/01/2010-car-brand-perceptions-survey/most-important-factors/brand-perceptions-most-important-factors.htmGoogle Scholar
- Falliere, N., Murchu L. O., Chien, E. 2011. W32.Stuxnet Dossier, version 1.4. Symantec (Feb. 2011) http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdfGoogle Scholar
- Haack, J. N., Fink, G. A., Maiden, W. M., McKinnon, A. D., Templeton, S. J., Fulp, E. W. 2011. Ant-Based Cyber Security. 8th International Conference on Information Technology: New Generations (Apr. 2011) Google ScholarDigital Library
- Halperin, D., Heydt-Benjamin, T. S., Clark, S. S., Defend, B., Morgan, W., Fu, K., Kohno, T., Maisel, W. H. 2008. Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. IEEE Symposium on Security and Privacy. (May 2008) Google ScholarDigital Library
- Halperin, D., Heydt-Benjamin, T. S., Fu, K., Kohno, T., Maisel, W. H. 2008. Security and Privacy of Implantable Medical Devices. IEEE Pervasive Computing. (Jan. 2008) Google ScholarDigital Library
- Hansen, J. A., Hansen N. M. 2010. A Taxonomy of Vulnerabilities in Implantable Medical Devices SPIMACS'10. (Oct. 2010) Google ScholarDigital Library
- Highfield, R. 2008. Hacking fears over wireless pacemakers. The Telegraph. March 13, 2008. http://www.telegraph.co.uk/science/science-news/3336025/Hacking-fears-over-wirelesspacemakers. htmlGoogle Scholar
- IPSO/Carmax. 2010. IPSO/Carmax vehicle buying decisions survey. (Dec 2010) http://www.ipsos-na.com/news-polls/pressrelease.aspx?id=4960Google Scholar
- ISA. 2010. ISASecure Program Description. (Mar. 2011) http://www.isasecure.org/Certification-Program/ISASecure-Program-Description.aspxGoogle Scholar
- Koscher K.; Czeskis A.; Roesner F.; Patel S.; Kohno T.; Checkoway S.; McCoy D.; Kantor B.; Anderson D.; Snacham H.; Savage S.. 2010. Experimental Security Analysis of a Modern Automobile. Proceedings of the IEEE Symposium and Security and Privacy. (May 2010) Google ScholarDigital Library
- Krush, W. 2008. Who's Hacking Your PACs?. Government Health IT. (May. 2008)Google Scholar
- Leveson, N. G.; Turner, C. S.. 1993. An investigation of the Therac-25 accidents. Computer. v.26-7, pp 18--41 (Jul. 1993) Google ScholarDigital Library
- Lutz, R. R., Software engineering for safety: a roadmap, Proceedings of the Conference on The Future of Software Engineering, p.213--226, June 04--11, 2000, Limerick, Ireland (Jun. 2000) Google ScholarDigital Library
- Maharana, M. K.; Swarup, K. S. 2008. Identification of Operating States of Power System Using Transient Stability Analysis. Joint International Conference on Power System Technology and IEEE Power India Conference, 2008. (Oct. 2008)Google Scholar
- Maisel, W. H., Kohno, T. 2010. Improving the Security and Privacy of Implantable Medical Devices. N Engl J Med 2010; 362:1164--1166 (Apr. 2010)Google Scholar
- Mead, N. R. 2004. Who Is Liable for Insecure Systems?. IEEE Computer. Volume 37 Issue 7. (July 2004) Google ScholarDigital Library
- Meier, B. 2010. Lifesaving Devices Can Cause Havoc at Life's End. New York Times. May 13, 2010. (May 2010)Google Scholar
- Moore, S. K. 2006. Psychiatry's Shocking New Tools. IEEE Spectrum. (Mar. 2006) Google ScholarDigital Library
- RISI. (2010) 2009 Annual Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems. Security Incidents Organization (2010) http://www.securityincidents.orgGoogle Scholar
- Ryan, D. J.; Heckman, C.;. 2003. Two views on security software liability. Let the legal system decide. IEEE Security and Privacy. (Feb. 2003) http://singularityhub.com/2010/09/08/80000-and-counting-brain-implants-on-the-rise-world-wide/ Google ScholarDigital Library
- Saenz, A. 2010. 80,000 and Counting, Brain Implants on the Rise World Wide. Singularity Hub. (Sep. 2010) http://singularityhub.com/2010/09/08/80000-and-counting-brain-implants-on-the-rise-world-wide/Google Scholar
- Schechter. S., Security that is meant to be skin deep:Using ultraviolet micropigmentation to store emergency-access keys for implantable medical devices. Technical Report SR-TR-2010-33. Microsoft Research (Apr. 2010)Google Scholar
- U. S. Department of Defense. 2010. DoD 8570.01-M, Information Assurance Workforce Improvement Program. Securing the Nation's Critical Cyber Infrastructure. (Apr. 2010) http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdfGoogle Scholar
- U. S. Department Of Health and Human Services Food and Drug Administration. 2002. General Principles of Software Validation; Final Guidance for Industry and FDA Staff (Jan. 2002)Google Scholar
- Warner, J. S., Johnston, R. G. 2003. GPS Spoofing Countermeasures. LAUR-03-6163. Los Alamos National Laboratory. (Dec. 2003) http://library.lanl.gov/cgi-bin/getfile?00852243.pdfGoogle Scholar
- Willke, B. J. 2010. Securing the Nation's Critical Cyber Infrastructure. (Apr. 2010) http://www.us-cert.gov/control_systems/icsjwg/presentations/spring2010/01%20-%20Case%20studies%20-%20Bradford%20Willke.pdfGoogle Scholar
Index Terms
- Security aspects of cyber-physical device safety in assistive environments
Recommendations
Countermeasures to Enhance Cyber-physical System Security and Safety
COMPSACW '14: Proceedings of the 2014 IEEE 38th International Computer Software and Applications Conference WorkshopsAn application of two Cyber-Physical System (CPS) security countermeasures - Intelligent Checker (IC) and Cross-correlator - for enhancing CPS safety and achieving required CPS safety integrity level is presented. ICs are smart sensors aimed at ...
Cyber-physical systems security: Limitations, issues and future trends
AbstractTypically, Cyber-Physical Systems (CPS) involve various interconnected systems, which can monitor and manipulate real objects and processes. They are closely related to Internet of Things (IoT) systems, except that CPS focuses on the ...
Dependency-based security risk assessment for cyber-physical systems
AbstractA cyber-physical attack is a security breach in cyber space that impacts on the physical environment. The number and diversity of such attacks against Cyber-Physical Systems (CPSs) are increasing at impressive rates. In times of Industry 4.0 and ...
Comments