HI Bill, > On 2 Dec 2020, at 17:22, Bill Frantz <frantz@xxxxxxxxxxxxxx> wrote: > > On 12/2/20 at 5:37 AM, pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann) wrote: > >> The fact that many of these devices are extremely critical is precisely why >> they're never replaced or upgraded, because they can't be taken out of >> production. > > I would like to have a few more examples of "Can't be taken out of production". > > One I think I can address are heart pacemakers. These are imbedded in the patients chests. Upgrading them requires surgery. However, they have a limited lifespan due to their batteries running down, I think we're talking about 10 years or so, so there is a time where upgrade is practical. > > Every so often, the patient needs surgery to replace the batteries. During this surgery, the pacemaker function is taken over by equipment in the operating room. The questions here are: > > How much more surgical risk is there for replacing the whole pacemaker? > > If, as I suspect, the delta risk is zero, because replacing the battery also involves removing the old pacemaker, then battery replacement time is the time to perform pacemaker upgrades. > > How much risk is there in delaying upgrade to the next battery replacement? > > If we think about security risk, from now-vulnerable versions of TLS, then risk perception will depend on the individual patient. You should expect the NHS, FDA or equivalent to consult with manufacturers in organizations like AMI to try to characterize the risk so that doctors could have the conversation with patients. But also it might be an area for design improvement in terms of being able to do in service upgrades. > Vice President Dick Cheney was famous for being very concerned about being attacked via his pacemaker. It was reported at the time that his protective detail insisted that his pacemaker not have any transceiver for fear of assassination.[1] That was a good call because over the past several years a number of attacks on pace makers have indeed been discovered, some shockingly from remote distances. They’re not the only such device out there, but they are an extreme example. Eliot [1] https://www.washingtonpost.com/news/the-switch/wp/2013/10/21/yes-terrorists-could-have-hacked-dick-cheneys-heart/
Attachment:
signature.asc
Description: Message signed with OpenPGP
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call