The Royal Academy of Engineering worked alongside the Petras Internet of Things research hub to produce a report on IoT, cyber-safety, and reliance -- and the message is that more work needs to be done to improve the security of connected systems.
While noting that connected and implanted medical devices -- including cardiac pacemakers, drug administration devices, and monitoring devices, as well as infusion pumps, defibrillators, glucometers, and blood pressure measurement devices -- can help patient care, the Cyber safety and resilience report also highlights the connectivity inherent in these devices also bring risks.
Cyber-attacks on connected devices could therefore result in "severe consequences on patient safety", which could even result in injury or worse.
However, it isn't just malicious attacks and hacking of connected devices which could risk patient safety: events such as natural disasters or failure of components or even critical infrastructure could result in damage being done.
The Royal Academy of Engineering notes there's "no silver bullet for improving cybersecurity and resilience" but warns that the issue requires the government, industry, system operators and the engineering profession to come together and cooperate in order to boost IoT security.
Products must be built to be as resilient to attacks as possible, or in the case that they do end up offline, they must be able to be restored as quickly as possible, the report warns.
In order to improve the cybersecurity of IoT devices, the Royal Academy of Engineering has followed a government recommendation that the products must be built to be 'secure by default' and recommends a number of measures to ensure this is the case.
They include mandatory risk management procedures for critical infrastructure which set out guiding principles for cyber-risk management during design, operation, and maintenance, along with policies for increased transparency in supply chains to improve the level of cybersecurity in products and services.
Other recommended measures include the UK government working with other governments, international institutions, and IoT product manufacturers in order to create umbrella agreements that set out global specifics for integrity and security of IoT devices.
It's also noted that this should be done alongside ethical frameworks in order to ensue IoT devices are built with the minimal risk to society.
"The reports we are publishing today identify some of the measures needed to strengthen the safety and resilience of all connected systems, particularly the critical infrastructure on which much of our society now depends," said Professor Nick Jennings, lead author of the report.
"We cannot totally avoid failures or attacks, but we can design systems that are highly resilient and will recover quickly."
In addition to recommendations about building security into connected devices, The Royal Academy of Engineering also suggests that the government must invest in helping the wider public to understand the complexities of IoT devices.
"It is vital that we improve the level of technical and data literacy and skills to enable the public to become involved in reinforcing security in data and the Internet of Things," Professor Rachel Cooper, adoption and acceptability theme lead at the Petras IoT Research Hub.
"Ethical development of these emerging technologies is a collective responsibility for the whole of society, not just for those who are developing them," she added.