Thursday, October 30, 2014

Hot Topic: Ebola, Technology, and Science

Is your IR camera giving you accurate
temperature readings to diagnose Ebola??
Maybe, maybe not.  Re-calibration and angle
causes a 9 degree difference on this IR camera.


This post diverges from medical device security for a moment to address some technical issues related to persons asymptomatic of Ebola. I happen to carry an infrared camera wherever I go. My lab uses it in research, and to leave secret thermal handprint messages on walls (they last about 5 minutes at my office).  I'd like to demonstrate why one should take with a grain of salt the accuracy of temperature readings from infrared imaging to diagnose Ebola.

Reports claim that nurse Kaci Hickox registered an elevated temperature on an infrared scan, but then showed negative for fever with an oral thermometer.  This is not surprising, given that infrared cameras are prone to inaccurate results for all sorts of reasons ranging from reflected light, improper or poorly trained use, calibration, thermal changes on the surface of the sensor, or the condition of the subject.  (Did you just hear a dirty joke and blush?  Or were you upset by an overzealous agent?)   Different IR cameras have different sensitivities, and liquid-cooled sensors will have different properties as well. So I surmise that an IR camera used by an airport security guard will have a higher probability of detecting dirty jokes with low false positives than detecting Ebola with low false positives. Thermal cameras are just tools, but one must choose the right tool for diagnosis. Try taking an IR photo of a row of recently used toilets if you want to feel especially squeamish in exercising the least recently used principle.

Don't trust the digital readings from an infrared camera unless you are trained on its measurement and experimental error.  The absolute numbers are meaningless on their own. Watch MIT Prof. Walter Lewin's physics lecture on measurement error for certainty on this subject.

"Any measurement that you make without the knowledge of its uncertainty is completely meaningless." -Professor Walter Lewin, MIT

Thursday, October 23, 2014

Medical device cybersecurity actions and outcomes

After two days of vigorous discussion at the FDA workshop on medical device cybersecurity, Dr. Suzanne Schwartz ended by challenging attendees to commit to (1) a specific cybersecurity action to take in the next week, and (2) a specific cybersecurity outcome to achieve in the next year.

My action for the next week is to create a meme for security engineering.  Here's my attempt.

Original image from here.


Saturday, October 18, 2014

FDA visits NIST federal advisory committee on security and privacy



Suzanne Schwartz (FDA), Key Hoyme (Adventium Labs),
Gary McGraw (Cigital), and Kevin Fu (Univ. Michigan)
On Friday, October 24, 2014 at 9AM in Washington, DC, the NIST Information Security and Privacy Advisory Board (ISPAB) will hold a public panel on "Updates on Embedded Device Cybersecurity: Medical Devices to Automobiles."

Coming on the heels of the FDA workshop on cybersecurity, this panel will provide cutting edge updates on federal policies and industry perspectives on embedded security. The panelists include:

What will the three PhDs and MD say? For details on the meeting agenda and location, see the following PDF.