ABSTRACT

Invisible Insider Threat: The Risks of Implanted Medical Devices in Secure Spaces   [open pdf - 909KB]

From the Document: "A growing number of IC [Intelligence Community] employees rely on implanted medical devices-- insulin pumps, pacemakers, and the like--with embedded memory and data processing, communication, and adaptive capabilities that pose a security threat to the community's secure workspaces. Because the technology in these smart devices has far outpaced current security directives, new security-in-depth technical and policy mitigations are needed to support the use of medically critical technology while safeguarding the IC's secure spaces. This 'Research Short' addresses the question: Does the IC need to update policies aimed at mitigating the risks associated with the presence in secure IC workspaces of implanted medical devices (IMDs), such as pacemakers, insulin pumps, cochlear implants, and neurostimulators? These devices are permanently or semi-permanently inserted to replace or assist bodily functions and maintain patient health, which makes them nearly impossible to remove, disable, or pause while in a secure facility. IMDs increasingly include smart features enabling them to connect wirelessly to external equipment so patients and physicians can monitor their effectiveness in real time. Although this wireless connectivity clearly provides critical health benefits for IC employees, it also creates an unwitting insider threat to national security. Introducing smart IMDs into secure spaces increases the likelihood that users unknowingly release protected information to unauthorized, external entities--the most pervasive being a user's GPS [Global Positioning System]-derived presence in a secure facility. Two-way communications (e.g., Bluetooth) and voice-activated user interaction present even greater risks to classified information. Current IC security policies are largely unprepared to address the unavoidable risks posed by these devices."

Author:
Publisher:
Date:
2020-07-16
Series:
Copyright:
Public Domain
Retrieved From:
National Intelligence University: https://ni-u.edu/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations