Adding security to implantable medical devices

Can we afford it?

Conference paper (2021)

Authors

M.A. Siddiqi Erasmus MC
Angeliki Agathi Tsintzira University of Macedonia
Georgios Digkas University of Macedonia
Miltiadis Siavvas Information Technologies Institute
C. Strydis Erasmus MC
Affiliation
External organisation
More Info
expand_more

Published Date

2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Affiliation

External organisation

Abstract

Implantable Medical Devices (IMDs) belong to a class of highly life-critical, resource-constrained, deeply embedded systems out there. Their gradual conversion to wirelessly accessible devices in recent years has made them amenable to numerous successful ethical-hacking attempts. These attacks were made possible due to the absence of proper security provisions in IMDs. IMD manufacturers have only very recently started taking cybersecurity threats seriously, a move that will force development teams to overhaul IMD designs and grow sharper reflexes in an industry that has historically opted for small, careful steps. Thus, valid concerns arise regarding the technical feasibility but, chiefly, the economic viability of adding security to IMDs. In this work, we assess the economic repercussions of securing IMDs by employing the concept of technical debt (TD) on the evolving IMD software. Our quantitative analysis reveals that security-related costs are currently well in hand, however, security-code TD amasses faster and will eventually overtake medical-code TD. The economic viability of IMDs will, thus, be ensured only if security-development efforts are allocated significant resources within the next decade.