I recently discoveredthe The Cavalry movement’s Hippocratic Oath for Connected Medical Devices, which I believe is of enormous importance not only in terms of its exact formula but also the mapping of the key vectors around data security in the IoT. The Cavalry movement started out of a series of meetings at DEFCOn nd BSides in 2013, concerned with addressing the enormous security issues emerging at the nexus of the IoT, big data, and AI. The oath:
Hippocratic Oath for Connected Medical Devices
I will revere and protect human life, and act always for the benefit of my patients. I recognize that all systems fail; inherent defects and adverse conditions are inevitable. Capabilities meant to improve or save life, may also harm or end life. Where failure impacts patient safety, care delivery must be resilient against both indiscriminate accidents and intentional adversaries. Each of the roles in a diverse care delivery ecosystem shares a common responsibility: As one who seeks to preserve and improve life, I must first do no harm.
To that end, I swear to fulfill, to the best of my ability, these principles.
- Cyber Safety by Design: I respect domain expertise from those that came before. I will inform design with security lifecycle, adversarial resilience, and secure supply chain practices.
- Third-Party Collaboration: I acknowledge that vulnerabilities will persist, despite best efforts. I will invite disclosure of potential safety or security issues, reported in good faith.
- Evidence Capture: I foresee unexpected outcomes. I will facilitate evidence capture, preservation, and analysis to learn from safety investigations.
- Resilience and Containment: I recognize failures in components and in the environment are inevitable. I will safeguard critical elements of care delivery in adverse conditions, and maintain a safe state with clear indicators when failure is unavoidable.
- Cyber Safety Updates: I understand that cyber safety will always change. I will support prompt, agile, and secure updates.
Importantly, The Cavalry has a similar security manifesto for cars. The Five Star Automotive Cyber Safety Program shares the same key vectors of safety by design, third party collaboration, evidence capture, security updates, and segmentation and isolation.