What Dick Cheney's Heart Teaches Us About Security
In an interesting interview on CBS' 60 Minutes this past weekend, former U.S. Vice President Dick Cheney admitted that he was worried hackers could hack his heart. Cheney was implanted with a heart defibrillator device in 2007 to fix a number of ailments.
Cheney's Cardiologist, Dr. Jonathan Reiner, ordered that the heart defibrillator's wireless features be disabled for fear that a hacker could somehow get access and kill Cheney. The fear is one that was played out in a fictional sequence on the Showtime drama "Homeland" this year.
"It seemed to me to be a bad idea for the vice president to have a device that maybe somebody on a rope line or in the next hotel room or downstairs might be able to get into—hack into," Reiner said during the 60 Minutes segment.
Cheney's doctor was a bit ahead of his time, perhaps, but absolutely correct in being cautious. At the Black Hat 2011 conference, a researcher demonstrated how an insulin pump could be hacked and there have been numerous other presentations on medical device flaws in the last few years.
The simple reality is that an attacker can potentially exploit any connected device. That doesn't mean that every connected device can be hacked; it just means that there is a risk. When you're only a heartbeat away from the presidency of the United States, that's a risk that is unacceptable.
I certainly don't advocate for a world where none of us are connected, but I do advocate for a world where we understand the risk. Is the need for connectivity greater than the risk of what that connectivity can enable if exploited?
For most of us that aren't in the executive branch of the U.S. government, I suspect the risk does not outweigh the convenience of having connected medical devices. Certainly, medical device vendors (whether it's a heart defibrillator or otherwise) should take absolutely every necessary precaution to ensure security. The reality is, of course, that no device that is connected can ever be absolutely secure. As soon as you enable connectivity, you expand the attack surface.
The story of Dick Cheney's heart security serves as a reminder that, in this highly connected world, every connection point is a target and a risk. It is up to individuals to determine what the risk tolerance is and whether having connectivity is quite literally a mortal threat.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.