Internetwork Engineering Blog

Don't Go Hacking My Heart - The Speed of Tech vs the Creation of New Regulations

Written by Derrick Whisel | February 13, 2017

We are quickly entering a time in which the laws and regulations are outpaced by the exponential growth of technology. Who will be held accountable when an IMD (Implantable Medical Device) -- such as an ICD (Implantable Cardioverter Defibrillators) -- with Wi-Fi connectivity receives an erroneous data transmission from a spoofed doctor’s account changing the patient's normal heart rhythm for an abnormal one?

Or worse yet, could a hacker issue a command to send a lethal electrical shock to a heart through an ICD or a lethal dose of insulin to a diabetic wearing an IoT insulin pump? As a plethora of new IoT devices hit the market, security will be an afterthought and security patch updates even further off the radar. 

Future legal battles fought in the courtrooms will likely try to place blame, legally and ethically, on software developers. This is because of the complexity of the algorithmic decision logic programmed on IoT devices. For example, self-driving cars are set to hit the market much sooner than previously expected, with BMW, Ford, Mercedes, Nissan, Tesla and Volvo ramping up their research and development in this specific area. Uber is already in pilot with Ford and Volvo and reportedly partnering with Daimler, the parent company of Mercedes-Benz. And it won’t be long before we encounter the first vehicular deaths from a self-driving vehicle with no legislation on the books to address it.

Who makes the ethical or legal decision as to what life is more valuable in the scenario of an inevitable car crash? Would the logic be programmed to avoid risk to the passenger by hitting an oncoming obstacle, such as an unaware pedestrian preoccupied on their smartphone crossing the street. Or would it be programmed to avoid the risk of running into the pedestrian by swerving into a telephone pole?

There is massive disruption coming to the market and we’re just starting to see these trends on a regular basis. For example, IBM's Watson was first introduced to the public by competing and easily defeating two Jeopardy champions, one of which had won the most games and the other had won the most money. At the time, Watson was comprised of 3,000 Power7 Core processors and took up the space of a small data center. Today, it has been ported to the Cloud and is accessible through API plugins, making this technology much more scalable and accessible.

While using Watson to beat humans at Jeopardy may be entertaining, it’s only a small taste of what's coming our way in the battle of humans versus machines. A report completed back in 2013 by the Oxford Martin School conservatively predicted that out of the top 700 jobs listed on O*Net, close to half of them are at risk of being computerized or gone before 2034. And overseas, Japanese insurance companies have already begun replacing workers with IBM's Watson Explorer Artificial Intelligence.

A great way to put this in perspective is the old golfing con where the con tells his mark that he will bet him 10 cents on the first hole and they will double the bet each hole until they make it to the 18th. Not thinking much of it the mark says "sure, let's do it!" having no idea the bet will increase exponentially to $13,107.20 by the time they make it to the 18th hole. Sometimes it seems we don’t see the writing on the wall until it’s too late.

Who will be held responsible for new legislation and regulation on today’s exponentially growing technologies? Especially when we as humans are mostly programmed to think linearly versus exponentially, just like our politicians and lawmakers. It’s the million dollar question, and one that we still don’t seem to have an answer for.

To learn more about how the Internet of Things (IoT) will increase your security and liability vulnerabilities, contact us at www.ineteng.com/contact.

 

About the author:

Derrick Whisel has worked in IT for over 20 years, with extensive experience in project engineering, management, scoping, budgeting and design. He began his career in the military, and after being honorably discharged as an IT2 Second Class Petty Officer, moved into the private sector where he now works as a Security Solutions Specialist for Internetwork Engineering. Connect with Derrick on LinkedIn.