Security in M2M has recently shot up the priority list for enterprise users, as shown in recent surveys conducted by Beecham Research. There are many reasons for this, not least the growing reliance within enterprises on their M2M systems. So the story at this link (click here for article) is not only alarming because it brings home the dangers regarding healthcare equipment, it is also timely and highlights the potential dangers for all of us.
The problem it identifies is the increasing vulnerability of computerized hospital equipment to malware infections. Such equipment is of course increasingly being connected, to improve services and reduce costs. Naturally, this makes them more vulnerable to malware, but in this environment there are additional regulatory constraints. As a result, manufacturers of such equipment often will not allow their equipment to be modified – even to add security features – because such modifications might then fall foul of regulatory restrictions. That can lead to a lot of hospital equipment not working properly for extended periods of time . . . or updated as a special exercise at higher cost.
Issues with software updates to patch vulnerabilities is by no means unique to hospitals. For all types of automation systems, installing updates can change the way that system services work or are configured, which can make the updating process itself problematic. Then there are those situations where software in automation systems is frequently in use long after the vendors have stopped supporting and updating the software. This makes older systems increasingly vulnerable to attack. Cheaper to operate, but more vulnerable.
As M2M continues to develop in new and more critical areas – such as Smart Grid deployments for example – the concerns about vulnerabilities to attack will continue to rise. The M2M industry will address these in ways that will increasingly become highly technical specialisms. A concern though is the impact of all this extra cost of security on the growth of the overall market from a business perspective. The M2M market has always been viewed as particularly cost sensitive.
Will all of this increasingly sophisticated prevention work just serve to kill the M2M patient commercially? Or are these security needs and threats leading to a new range of business opportunities, delivering real value that the market needs and wants?