On 12/2/20 at 5:37 AM, pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann) wrote:
The fact that many of these devices are extremely critical is precisely why
they're never replaced or upgraded, because they can't be taken out of
production.
I would like to have a few more examples of "Can't be taken out
of production".
One I think I can address are heart pacemakers. These are
imbedded in the patients chests. Upgrading them requires
surgery. However, they have a limited lifespan due to their
batteries running down, I think we're talking about 10 years or
so, so there is a time where upgrade is practical.
Every so often, the patient needs surgery to replace the
batteries. During this surgery, the pacemaker function is taken
over by equipment in the operating room. The questions here are:
How much more surgical risk is there for replacing the whole pacemaker?
If, as I suspect, the delta risk is zero, because replacing the
battery also involves removing the old pacemaker, then battery
replacement time is the time to perform pacemaker upgrades.
How much risk is there in delaying upgrade to the next battery replacement?
If we think about security risk, from now-vulnerable versions of
TLS, then risk perception will depend on the individual patient.
Vice President Dick Cheney was famous for being very concerned
about being attacked via his pacemaker. In his case, he might
have very well opted for early surgery to install an upgrade.
Most others, I suspect, would chose to run the risks, at least
until the first real-world attacks surface.
Can anyone else work through some examples?
Cheers - Bill
-------------------------------------------------------------------------------------
Bill Frantz | Government is not reason, it is not
eloquence, it is force; like
408-348-7900 | a fire, a troublesome servant and a fearful
master. Never for a
www.pwpconsult.com | moment should it be left to irresponsible
action. Geo Washington
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
