Cybersecurity and the future of connected devices
Joseph Carson
Before I take you on a journey to the future of connected devices, let’s briefly reflect on how we got where we are today.
During my career, I’m fortunate to have been involved in much exciting technology and digital innovations. It’s important to share some of these with you so you fully understand how amazing technology can be and what an exciting future lies ahead. That said, we must embrace technology with responsibility and security by design—everything has both positive and negative potential.
What was my first big project? The digitization of medical records
A long time ago medical records were kept in a library, on paper, in folders. It took forever to get a GP doctor’s appointment because it could take three or four weeks for the medical records to get checked out of the archives and transported to the doctor. The records were handled by various staff members as they made their journey to the doctor’s office; then they were updated manually (in horrible handwriting) and transported back to the medical archives.
This was extremely inefficient. The records were prone to human mistakes and sometimes lost. Security was lacking as the records were open to the staff who handled sensitive data and had little or no protection. There was nothing to prevent unauthorized employees from sneaking a look into the medical records, and, of course, humans by nature are curious. Access control was largely nonexistent: there was no auditing of those who had access to the archives or looked at the folders.
The digitization of medical records started in 1991. The goal was to boost efficiency and accuracy, increase security, improve privacy, reduce wasted time, and ultimately, save lives. It meant a doctor could have real-time access to patient medical records, and update them immediately for other doctors to access if authorized. It also freed up resources once used to transport the records back and forth.
This digitization project was seen as an amazing life-saving improvement that also saved time. And although embracing technology is great, it shifts the areas where security and privacy must be focused. This innovation was a huge leap toward giving doctors instant access to patients' records, a benefit that heavily depends on Identity and Access Management security controls.
Connected Ambulances
Years later, while working for the Northern Ireland Ambulance Service, another interesting project came my way. This was after Windows 95 rollouts, Metaframe and Winframe (most people today know this as Citrix Virtual Apps) deployments, and yes, the big bug that some will still remember as the famous Y2K bug that cost me long days and nights at the office. I won’t drag you through all those experiences, but there was one that saved lives and improved efficiency for the medical industry: connecting ambulances to the emergency room.
It was the early days of mobile connectivity with EDGE (Enhanced Data Rates for GSM Evolution) and GPRS (General Packet Radio Service). One major challenge hospitals faced was that when accidents occurred, the early response of the paramedics and preparation of the emergency room was critical. Minutes or seconds could be vital to saving a person’s life. An idea was conceived: why not connect ambulances to the internet and transfer patients’ vital signs to the emergency room so it would be prepped and doctors could analyze the patients’ vital health details prior to arrival?
This would mean connecting medical systems within the ambulance to mobile internet and, at the time, to either GPRS or EDGE. The devices, such as ECG monitors, defibrillators, and ventilators, were able to connect to mobile phones via a data cable.
This huge innovation ultimately meant that data could be faxed* (yes, faxed to the emergency room—the only reliable way at that time) via the mobile phone in the ambulance. ER staff would receive the data via printed fax allowing for critical early analysis of the data and extra time to prep the emergency room for the arrival of the patient.
Connecting devices to the internet had a powerful positive human impact. While the experiences I had during that time may have had limitations and security challenges, we achieved the goal of improving society and saving lives. We have always looked at improving and sustaining life, and technology can contribute both positively and negatively. My ambulance-ER connectivity experience was more than 20 years ago, and technology has now advanced significantly to the point where emergency room staff can start treating patients even before they reach the emergency room.
* fax machine: the telephonic transmission of scanned printed material (both text and images), normally to a telephone number connected to a printer or other output device.
The future of connected devices: autonomy, automation, and AI
Who thought that connecting a dump truck to the internet would be a good thing? Well, this was yet another computer that got connected to the internet with positive results. It reduced the risks to workers in the mining industry.
Long before COVID-19 forced many to work remotely, I’d seen the move to remote activities across multiple dangerous working environments, such as mineral mining, maritime industry, oil and gas, and medical.
In both the mining and maritime industries, the use of drones to check for faults or maintenance checks to locate leaks removes people from dangerous environments, improves efficiency, and enables automation. Imagine that a mineral truck driver awakes in the morning at home, goes to the vehicle simulator, and operates a large mineral truck hundreds of miles away from the safety of an office or home. Removing humans from the dangers of the hazardous working environment also results in more time at home rather than weeks away from their families.
Are you managing your remote workers as securely as possible? Delinea gives you the tools you need to help keep your remote workforce safe and secure online.
“Privileged Access Management can help save lives by enabling privileged users to access critical business systems remotely without requiring them to come into unsafe environments that could be a risk to their health.” –Joseph Carson
In the maritime industry, autonomous ships are in use in Finland, Sweden, and Norway for ferry crossings and as tugboats, or are remote-controlled vessels where the captain controls a commercial ship from a virtual bridge hundreds of miles away.
Check out this whitepaper on Autonomous Ships.
I have always enjoyed being part of innovation and turning ideas into reality. One common denominator across the journeys I’ve been fortunate to have participated in is they have all been involved in improving or saving human lives. Whether it’s taking something extremely complex, such as a ship, a vehicle, or a plane, or a simple task, such as rotating a password or improving access controls, all of these improvements have resulted in a better, safer society.
Driverless Buses
Vehicles are rapidly becoming automated—recently in Estonia, several self-driving buses were introduced to move people around the city. This is just one example of how connected devices can also be automated.
The connected future and evolution of work
In a TEDx talk a few years ago, I shared my thoughts about the convergence of virtual reality, augmented reality, and the physical world.
Check out the TEDx talk on the future of work and virtual reality in the video below. While this was some time ago, it highlights something that’s very relevant today: how our jobs will evolve and technology will enable more employees to work remotely. This means secure remote access is a critical tool that we must deploy.
Also, take a look at Delinea’s Solutions for enabling secure remote access.
Connected devices from a security perspective
The future of connected devices will only improve society. However, it also brings more security and privacy risks, so we must embrace technology responsibly and ethically, and we must consider security by design.
It is crucial that only authorized access is approved for connected devices. For the future security of these devices, this means implementing strong identity and access management with automated privileged access security controls. This will reduce the risk of connected devices being compromised or abused by cybercriminals. We must also enforce cybersecurity basics, such as good password hygiene, encrypted data where needed, access security controls, and the ability to audit who has access and who (or what) has used access, whether a device, an application, or an employee.
Finally, think about drones—for deliveries, emergency services, maintenance checks, or sensor collections for climate monitoring—and autonomous buses, trucks, and ships. As we continue to add more internet-connected devices, we must consider the security of those devices by design.
In this short video, I talk about IoT risk assessment and suggest a redefinition of connected devices to achieve clarity from a security perspective: