Monday, December 1, 2014
Gary McGraw, CTO of Cigital, recently served on a federal advisory committee panel to discuss medical device security. Gary shared his thoughts and recommendations here.
Thursday, October 30, 2014
|Is your IR camera giving you accurate |
temperature readings to diagnose Ebola??
|Maybe, maybe not. Re-calibration and angle|
causes a 9 degree difference on this IR camera.
This post diverges from medical device security for a moment to address some technical issues related to persons asymptomatic of Ebola. I happen to carry an infrared camera wherever I go. My lab uses it in research, and to leave secret thermal handprint messages on walls (they last about 5 minutes at my office). I'd like to demonstrate why one should take with a grain of salt the accuracy of temperature readings from infrared imaging to diagnose Ebola.
Reports claim that nurse Kaci Hickox registered an elevated temperature on an infrared scan, but then showed negative for fever with an oral thermometer. This is not surprising, given that infrared cameras are prone to inaccurate results for all sorts of reasons ranging from reflected light, improper or poorly trained use, calibration, thermal changes on the surface of the sensor, or the condition of the subject. (Did you just hear a dirty joke and blush? Or were you upset by an overzealous agent?) Different IR cameras have different sensitivities, and liquid-cooled sensors will have different properties as well. So I surmise that an IR camera used by an airport security guard will have a higher probability of detecting dirty jokes with low false positives than detecting Ebola with low false positives. Thermal cameras are just tools, but one must choose the right tool for diagnosis. Try taking an IR photo of a row of recently used toilets if you want to feel especially squeamish in exercising the least recently used principle.
Don't trust the digital readings from an infrared camera unless you are trained on its measurement and experimental error. The absolute numbers are meaningless on their own. Watch MIT Prof. Walter Lewin's physics lecture on measurement error for certainty on this subject.
"Any measurement that you make without the knowledge of its uncertainty is completely meaningless." -Professor Walter Lewin, MIT
Thursday, October 23, 2014
After two days of vigorous discussion at the FDA workshop on medical device cybersecurity, Dr. Suzanne Schwartz ended by challenging attendees to commit to (1) a specific cybersecurity action to take in the next week, and (2) a specific cybersecurity outcome to achieve in the next year.
My action for the next week is to create a meme for security engineering. Here's my attempt.
|Original image from here.|