Medical device vulnerability highlights problem of third-party code in IoT devices
By Ars Staff
Enlarge / The complex web of software and hardware components and their licensing schemes makes it difficult for healthcare organizations to upgrade or patch systems that prove to be vulnerable. (credit: Universal Images Group / Getty Images)
When we opened up that brand-new computer when we were kids, we didn’t think of all of the third-party work that made typing in that first BASIC program possible. There once was a time when we didn’t have to worry about which companies produced all the bits of licensed software or hardware that underpinned our computing experience. But recent malware attacks and other security events have shown just how much we need to care about the supply chain behind the technology we use every day.
The URGENT/11 vulnerability, the subject of a Cybersecurity and Infrastructure Security Agency advisory issued last July, is one of those. It forces us to care because it affects multiple medical devices. And it serves as a demonstration of how the software component supply chain and availability of support can affect the ability of organizations to update devices to fix security bugs—especially in the embedded computing space.
URGENT/11 is a vulnerability in the Interpeak Networks TCP/IP stack (IPNet), which was licensed out to multiple vendors of embedded operating systems. IPNet also became the main networking stack in Wind River VxWorks until Wind River acquired Interpeak in 2006 and stopped supporting IPNet. (Wind River itself was acquired by Intel in 2009 and spun off in 2018.) But the end of support didn’t stop several other manufacturers from continuing to use IPNet. When critical bugs were discovered in IPNet, it set off a scare from the numerous medical device manufacturers that run it as part of their product build.
Read 16 remaining paragraphs | Comments
Read more here:: feeds.arstechnica.com/arstechnica/index?format=xml
Feedback Needed For ICANN Asia Pacific Regional Plan FY21-25
As we approach the new Financial Year in July 2020, the Asia Pacific (APAC) regional office is working to align its focus areas and activities to the ICANN FY21-25 Strategic Plan. We are currently seeking the APAC community’s feedback and input on our draft APAC Regional Plan for FY21-25.
Our regional engagement efforts have always been aligned with the ICANN Strategic Plan, and the past five years have been guided by the FY16-20 Strategic Plan. Highlights from FY2019 are available in the APAC section of the ICANN Annual Report.
For background, the FY21-25 ICANN Strategic Plan was developed through an extensive strategic planning process which ensured the continuous participation of the ICANN community. The adopted Strategic Plan consists of ICANN’s mission, vision, objectives, and goals over a five-year time frame.
For our APAC Regional Plan, our aim is to map our focus areas and activities against the strategic objectives and goals. When providing your input, it is noteworthy that not all of the strategic objectives and goals are within the capability of the APAC regional office. We also have limited resources, and will need to take a targeted and focused approach in order to achieve substantive outcomes.
Feedback/Input Needed
Feedback and input from you, our APAC Community, is important and not just because of our multistakeholder process. Together, we can work to identify priorities and find new ways to collaborate in the implementation process.
Here are a few examples from the draft plan:
ICANN Strategic Objective: Strengthen the security of the DNS and the DNS Root Server System.
One of our proposed focus areas is to partner the APAC community in technical projects such as the Identifier Technology Health Indicators (ITHI) and DNS Abuse Activity Reporting (DAAR).
These key technical projects are driven by the ICANN CTO Office, and we hope to increase your participation in them. This can include direct participation or the recommendation of technical partners in your local networks that might be interested. Let us know if you would like to get involved.
Another focus area is to continue to encourage and promote the deployment of DNS Security Extensions (DNSSEC) through capacity development. In addition to raising awareness of DNSSEC, we’ve previously focused on supporting country code top-level domains (ccTLDs) to sign DNSSEC. Going forward, we also aim to work with network operators – particularly Internet service providers (ISPs) – to enable DNSSEC validation.
ICANN Strategic Objective: Evolve the unique identifier systems in coordination and collaboration with relevant parties to continue to serve the needs of the global Internet user base.
A proposed focus area is to promote Internationalized Domain Names (IDNs) and Universal Acceptance (UA). Raising awareness with different stakeholder groups – particularly in the vast and diverse APAC region – is a challenging endeavour. If IDNs and UA are to help contribute to a truly multilingual Internet and bring the next billion users online, we will need to partner with the wider APAC community. If you’d like to partner us or have additional ideas, let us know.
In addition to the above, we welcome your input into any other potential focus areas and partnerships to be considered in the APAC Regional Plan for FY21-25. The draft APAC Regional Plan is presented in a matrix format for easy viewing and commenting. Please comment directly on the draft Regional Plan page, or contact us at apachub@icann.org. In the coming months, we will also be conducting a number of consultations to gather your feedback at APAC Space and ICANN readouts.
We look forward to hearing from you.
Read more here:: www.icann.org/news/blog.rss
Embedding AI-Powered Analytics into Smart Meters at the Grid Edge
Award winning AI-powered energy analytics company Grid4C is collaborating with Itron, which is innovating the way utilities and cities manage energy and water, to embed its predictive analytics software solutions within Itron Riva smart meters to solve the industry’s next generation use cases in real-time. The solution will utilize Itron’s Distributed Intelligence platform, standard on […]
The post Embedding AI-Powered Analytics into Smart Meters at the Grid Edge appeared first on IoT – Internet of Things.
Read more here:: iot.do/feed
ACAMP and TELUS join forces to advance Alberta-made autonomous…
ACAMP will be using the TELUS communication technology contribution to test edge computing and IoT applications with our Autonomous ATV and client projects in IoT (Internet of Things) applications.
(PRWeb February 19, 2020)
Read the full story at https://www.prweb.com/releases/acamp_and_telus_join_forces_to_advance_alberta_made_autonomous_technologies/prweb16917165.htm
Read more here:: www.prweb.com/rss2/technology.xml
Spark Connected and Vega Partner on the 804hp Electric Supercar
Spark Connected announced today its partnership with Vega Innovations on the electric vehicle, In-Cabin wireless charging solution. Vega EVX, the all-electric supercar, has integrated Spark Connected’s in-cabin wireless charging technology, based on the solution named The Beast, into its luxurious cockpit. Supporting all fast charge smartphones, the solution provides an integrated smart phone wireless charging […]
The post Spark Connected and Vega Partner on the 804hp Electric Supercar appeared first on IoT – Internet of Things.
Read more here:: iot.do/feed