Friday, January 10, 2014

NPR on the Security and Privacy of Health-Related Devices

Weight, weight, don't hack me!
This morning NPR broadcast an interview from CES that highlights the growing pains of security and privacy for health-related devices. It highlights the paradox: you can't bolt on security after the fact; you need to build it in. But what happens to a fledgling startup more worried about basic survival and getting their first customers? I think it's foolish to say one cannot think about cybersecurity at all just because a company is struggling to stay in existence. Instead, one must innovate and make frugal yet wise choices for cybersecurity risk management. A product's core architecture should not preclude security properties. A threat model is as essential as a specification of software behavior. Here's to 2014. May your product not become a cybersecurity admonition when it finally takes off in the marketplace. Be frugal, not cheap.

Startups Often Focus On Data Security Too Late, If At All