Hey, IoT vendors. When a paediatric nurse tells you to fix security, you definitely screwed up

Jelena Milosevic says what we're all thinking

'This won't hurt... much.'

VB2017 A children's nurse told delegates at the Virus Bulletin conference in Madrid on Thursday to get a grip on Internet of Things security.

Jelena Milosevic, who developed an interest in cybersecurity over the last three years, told attendees that the healthcare sector needs to work with infosec experts and manufacturers to sort out the emerging problem of the security risk posed by internet-connected medical kit.

For one thing there is no medical need for such devices to be connected to the net 24/7, she said.

More fundamentally, government regulation is needed to mandate baseline security standards. Milosevic advocated coordinated vulnerability disclosure, a process that would mean security researchers would work with manufacturers to fix issues before going public. IoT vendors have a reputation for being slow to both acknowledge and remediate security problems.

"You can't just buy security, you have to build it," she said.

Milosevic's thinking on this parallels that of infosec luminaries such as Bruce Schneier.

Security and privacy issues have become increasingly important for hospitals. Ageing systems host troves of personal, medical and financial information that the unscrupulous might easily be able to monetise.

Privacy and the protection of computer records is sometimes put on the back-burner, and caring for the devices used in hospitals is an afterthought, meaning computers and other devices are seldom patched and frequently exposed to vulnerabilities, Milosevic argued. Criminal behaviour can go unnoticed for long periods and – without proper security controls – patient records might be manipulated. Security needs to be built from the ground up and supplemented with awareness programmes. Milosevic argued that hospitals need processes and procedures for infosec in much the same way that they need protocols for patient treatment.

Ransomware attacks against hospitals have featured prominently in national news stories on both sides of the Atlantic with the devastating effects on the operations of many NHS trusts as a result of WannaCry just the most high-profile example. There's no confirmed loss of life from WannaCry, Milosevic said, but added that the "biggest problems are those we don't yet know about".

Milosevic has worked for various hospitals in the Netherlands since 1995 and before that spent 10 years on the intensive care unit at the University Children's Hospital in Belgrade.

For the last three years Milosevic has been a member of the I Am The Cavalry and Women in Cyber security organisations. ?


Biting the hand that feeds IT ? 1998–2017

  • <s id="haujiCA"></s>
  • <kbd id="haujiCA"><legend id="haujiCA"></legend></kbd>
  • <s id="haujiCA"></s>
  • <s id="haujiCA"></s>
  • <s id="haujiCA"><legend id="haujiCA"></legend></s>
  • <kbd id="haujiCA"><legend id="haujiCA"></legend></kbd>
  • <s id="haujiCA"></s>
  • <s id="haujiCA"></s>
  • <s id="haujiCA"></s>
  • <u id="haujiCA"></u>
  • <s id="haujiCA"></s>
  • <s id="haujiCA"></s>
  • 2234581284 2018-02-17
  • 1507351283 2018-02-17
  • 4371991282 2018-02-17
  • 6759701281 2018-02-17
  • 5507351280 2018-02-17
  • 44561279 2018-02-17
  • 1884971278 2018-02-17
  • 8364991277 2018-02-17
  • 713261276 2018-02-17
  • 1284591275 2018-02-17
  • 7923611274 2018-02-17
  • 8609021273 2018-02-17
  • 7607231272 2018-02-17
  • 3146191271 2018-02-17
  • 587901270 2018-02-17
  • 5717181269 2018-02-17
  • 56591268 2018-02-17
  • 4406441267 2018-02-16
  • 4963541266 2018-02-16
  • 4699801265 2018-02-16