The biggest news in security for the last few years has been about the “Internet of Things” and how all these “IoT” devices may signal the end of the human race. OK, maybe that is a bit extreme, however, the warnings about these devices are very clear.
There are many good reasons for the concern about these devices. However, if we step away from all the dire warnings for a moment, we can see another side of this discussion. How many of these devices are replacing us? Will many of our jobs be replaced due to a small, inexpensive device? If we look to the medical field, I am optimistic about the future employment landscape.
The medical field has adopted internet technology for everything that needs to be monitored. Oxygen supplies, sleep apnea (CPAP) machines, glucose monitors, and even some heart monitors are now internet connected.
Does this necessarily result in job losses? I would argue the contrary. These devices are not eliminating manual-labor jobs. The technology is not changing; only the notification mechanism is. These broadened notification systems will require a larger, specially trained workforce to sustain them. For example, glucose monitors have existed for many years, however, a patient may not notice a change in his levels until a problem arises. A live monitoring and alerting system could prevent such an occurrence.
A monitoring system could be more robust than a Bluetooth connection to a patient’s phone. A connection to a monitoring center would offer benefits that would exceed the capabilities of a phone application. The phone application would still be good for the patient, however, notices to a central location overseen by medical staff could better serve patients.
Of course, this presents the problem of whether a remote technician could modify a dosage on a piece of medical equipment. This is where the security of these devices must be protected. Tangentially, Brian Krebs recently reported that the DDoS attack on his site back in 2016 collectively cost the device owners an estimated $323,000 in power and added bandwidth consumption. This is why it is imperative that medical device manufacturers treat device security seriously. A security misstep that turns a device into a DDoS bot, (or more contemporaneously, a BitCoin mining bot) could cost lives.
Perhaps the safest way to approach this technology is to set these devices to “monitor only” mode, rather than a two-way command setup. Simplex, rather than duplex communication. Controlling the machine identities of the medical devices on both sides of the communication will also help prevent compromise.
From a purely capitalist perspective, according to financial adviser Ric Edeleman, the rise of these connected devices will create huge Investment opportunities. I am sure he is not the only person with this viewpoint. To me, the phrase “investment opportunities” indicates more than just stock-driven vehicles; they also include investments in personal development. A mere 25-years ago, security researchers, analysts, CISOs, and a host of other security jobs didn’t exist. The rise of the internet certainly has created more jobs than it has eliminated.
In possibly the funniest tweet about automation replacing humans, I found it painfully true when someone mentioned that we shouldn’t worry about being replaced by robots, as many of our jobs could be replaced by a batch script. (I regret not noting the author on that as it is deserving of proper attribution.) I saw evidence of this last week when someone demonstrated a program that could create a security policy in an hour.