Security Research Movement Identifies Principles to Preserve Patient Safety and Build Trust in the Healthcare System.  

Washington, DC, – January 19th, 2016I Am The Cavalry, a cybersecurity volunteer association focused on public safety concerns, today issues an open letter to leaders of the healthcare stakeholder communities, calling for the adoption of a Hippocratic Oath for Connected Medical Devices. The Oath identifies measures to preserve patient safety and trust in the healthcare system as a response to the increasing reliance placed on connected devices in the healthcare sector.

“Connected technologies provide life-saving therapies that would not be achieved without them. We want to head off unintended consequences by guiding manufacturers to build devices that are resilient against the accidents and adversaries of a connected environment,” said Beau Woods of I Am The Cavalry. “We’ve seen a lot of progress in the last two years, as stakeholders have started to proactively collaborate to advance cyber safety. We applaud those efforts and encourage others to ensure we are safer, sooner, together.”

Complex, software-driven, connected technologies are increasingly being used in every facet of modern healthcare. These technologies can offer considerable benefits to both patients and healthcare practitioners; however, these systems are also inherently likely to be vulnerable to flaws, and their connectivity opens them up to potential manipulation.  This can have catastrophic consequences, not only in terms of patient safety, but also in undermining the trust placed in healthcare systems.

In response to this, I Am The Cavalry has updated the language of the Hippocratic Oath for modern healthcare delivered by connected medical devices.  The original Hippocratic Oath, created in the late Fifth Century BC, is made by physicians as an attestation that they will provide care in the best interest of patients. As connected technologies are increasingly the instruments of delivering this care, it stands to reason that the design, development, production, deployment, use, and maintenance of medical devices should follow the symbolic spirit of the Hippocratic Oath.

Patients, care givers, and other stakeholders have the right to make informed decisions about treatment options.  When patients deny themselves the best care available out of cyber safety fears, no ones’ interests are served.  So to give them greater confidence in the safety of technologies, I Am The Cavalry is proposing that those involved in the chain of care – from device design to treatment – publish an attestation of a commitment to the best possible methods for device development and deployment, ensuring that patients are not put at unnecessary risk.

The Hippocratic Oath for Connected Medical Devices offers five core cybersecurity capabilities:

  1. Cyber Safety by Design: Inform design with security lifecycle, adversarial resilience, and secure supply chain practices.
  2. Third-Party Collaboration: Invite disclosure of potential safety or security issues, reported in good faith.
  3. Evidence Capture: Facilitate evidence capture, preservation, and analysis to learn from safety investigations.
  4. Resilience and Containment: Safeguard critical elements of care delivery in adverse conditions, and maintain a safe state with clear indicators when failure is unavoidable.
  5. Cyber Safety Updates: Support prompt, agile, and secure updates.

“In 2015 we announced a coordinated vulnerability disclosure policy, inviting researchers to contribute to our patients’ safety,” said Hannes Molsen, Product Security Manager of Dräger, a Germany based medical device manufacturer. “The Hippocratic Oath for Connected Medical Devices perfectly summarizes the challenges manufacturers, healthcare organizations and security researches face during the development, the deployment, and the maintenance of connected devices throughout their entire lifecycle. It is great to have a document at hand that focuses precisely on medical devices, so every single point matters. For our patients’ safety this is a great step to bring the community together, to establish referable norms for cyber safety, to become safer, sooner.”

“Patients, in consultation with their physicians, make the best judgement for their individual case,” said Dr. Marie Moe, security researcher at SINTEF, pacemaker patient, and I Am The Cavalry volunteer. “They should each be asking questions about the capabilities outlined in the Hippocratic Oath for Connected Medical Devices to make sure their decisions are fully informed.”

“As we seek to treat existing pathologies, we should not inadvertently create new ones,” said Dr. Christian Dameff, M.D. “A Hippocratic oath extends physicians’ commitment to patient safety to others in the chain of care delivery.”

The Open Letter and detail of the Hippocratic Oath for Connected Medical Devices are included in full below. The Oath builds on work also conducted to promote greater collaboration in the medical device sector, which includes participating in panel discussions at the upcoming FDA Public Workshop – Moving Forward: Collaborative Approaches to Medical Device Cybersecurity, on January 20-21. The Oath is also aligned to the approach I Am The Cavalry has taken in other cyber safety sectors, such as the automotive sector, where the group proposed a “Five Star Automotive Cyber Safety Program” and has been working with automakers to drive adoption of these and other security practices.

For more information on the Hippocratic Oath for Connected Medical Devices, or any other I Am The Cavalry initiative, please contact press@iamthecavalry.org.


About I Am The Cavalry

The I Am The Cavalry movement was formed in response to concerns over the impact of cybersecurity threats on public safety.  Its efforts are focused on cybersecurity issues relating to four main of public safety: medical, automotive, home electronics, and public infrastructure. All members are volunteers, and offer their time and expertise free of charge.

For more information, please visit: https://www.iamthecavalry.org/.

Safer. Sooner. Together.


I Am The Cavalry Track at BSides Las Vegas, 2015

If you were in Las Vegas last week, you were no doubt there for some combination of BSides Las Vegas, Black Hat, or DEF CON. These three conferences measure the pulse of the information security community and industry. Thanks again to the great support from the BSides Las Vegas team, I Am The Cavalry had a day of sessions at the event. As is always the case, Irongeek has posted them faster than anyone would have thought possible.

To kick off the day, we had Beau Woods, Josh Corman, and Nick Percoco giving an overview of the initiative and the day’s activities. There was a special guest during the talk: Hannes Molsen of the medical device maker Draeger announced a commitment to publishing a vulnerability disclosure program, and commented that researchers are key allies to his company and others.

The second talk of the day was delivered by Keren Elazari. As was true last year, she inspired the audience to tackle the big problems, fueled by the small ones – bits controlling atoms. We must start prioritizing control, trust, and safety over privacy and secrets. With effort, we can manually override our own inhibitions and make a difference. Superheroes without the masks.


The third session was a panel discussion with Tim Krabec moderating, Chris Nickerson, Beau Woods, and Tod Beardsley. Special guests Wim Remes, Keren Elazari, and the entire room were brought into it, as we learned how to lead in a “do”ocracy. Taking on a problem and pursuing it – working towards a solution, not just fluttering by the problem.

After lunch, Beau Woods and Scott Erven gave an overview of the last 12 months in the medical device security space. Special guest Suzanne Schwartz from the FDA joined to recap what she and her agency have done, and why they believe researchers are a valuable part of a healthy medical ecosystem…and hinted that maybe the FDA will come to “summer camp” next year. Beau and Scott also covered a lot of the current and future activities. (Slides for the talk are here.)

The final session of the day was Josh Corman, covering the very busy past 12 months in automotive cyber safety. This included the initial launch of our Five Star Cyber Safety Framework, reaction from the various industry stakeholders, and some of the activities that have gone on. Josh also talked about some of the current events going on like the high-profile talks across town at Black Hat and DEF CON.

Assessment of BMW Door Lock Security Updates

There has been positive news in automotive cyber safety lately. BMW announced that they have fixed a flaw in over 2.2 million of their cars, silently and remotely. The flaw allowed someone other than the driver to remotely unlock the car, through the ConnectedDrive system. BMW pushed out an update over the mobile data network to the affected vehicles, and detailed further security measures they have taken to protect against accidents and adversaries.

The German Automobile Association (ADAC) investigated the cyber security of several BMW models and discovered six security flaws in the design and implementation of the ConnectedDrive software. They disclosed their research to BMW, who collaborated with ADAC researchers to understand and develop a fix for two of the most critical flaws. BMW remotely updated its customers’ vehicles, adding HTTPS encryption and server authentication checks. BMW then announced the details of what they found, how they fixed it, and what other measures they have already taken to protect the safety of drivers, passengers, other vehicles, pedestrians, etc.

This is a big, positive step forward for cyber safety in automobiles. First, it shows that remote attacks against vehicles are still real threats, as demonstrated in 2010 and 2011 by security researchers. Second, this establishes the benefits of working with third-party technical experts, as well as the willingness of automobile manufacturers to engage security researchers acting in good faith. Third, it demonstrates the clear benefits of secure, remote update capabilities to shorten exposure time, reduce costs, and preserve customer confidence. Fourth, BMW gained credibility with customers and regulators by discussing the steps they have taken. Consequentially, taking cyber security seriously has given BMW a PR boost.

Despite these positive steps, some concerns remain. The problems ADAC researchers discovered – and that BMW subsequently fixed – have been solved for decades. It is concerning that the ConnectedDrive team either did not know about these potential issues or did not apply the fixes at that time. Newer vehicles were found to have better safeguards around ConnectedDrive, but the two improvements pushed out by BMW recently were not among these. The presence of these flaws to begin with, and the continued use of flawed software designs, also raises a question about the thoroughness and adequacy of internal processes and decision-making. Further, BMW did not say how critical car systems (such as braking, steering, and acceleration) are safeguarded from a compromise of the ConnectedDrive or other systems. Perhaps ADAC or other security researchers could investigate those potential issues in a similar way.

The following table is an overview of this story through the lens of I Am The Cavalry’s Five-Star Automotive Cyber Safety Framework, released six months ago. Note that information collected was not complete, so this rating likely does not represent BMW’s full set of cyber safety capabilities.

Framework Capability BMW Capability Demonstrated
Safety by Design No public attestation of Secure Development Lifecycle.
No evidence of a sufficiently robust development process.
Third-Party Collaboration Clearly demonstrated their willingness to collaborate with third-party researchers acting in good faith.
Evidence Capture No further information about these vehicles’ ability to capture logs of system or network activity that could potentially expose further security gaps. -
Security Updates Clearly demonstrated their ability to update the ConnectedDrive system in a prompt and agile manner.
Segmentation and Isolation No information provided on the physical or logical isolation measures separating critical systems (braking, steering, etc) from non-critical ones (door locks). -

In summary, BMW demonstrated capabilities aligned to two of the five stars in I Am The Cavalry’s framework. These capabilities allow BMW to draw upon expertise and experience from those in the cyber security field, and facilitate continual improvement more quickly and inexpensively than other approaches. Issues still remain, but we are far ahead of where we were just a few years ago.


  • http://www.autoblog.com/2015/02/03/bmws-connected-drive-feature-vulnerable-to-hackers/
  • http://www.heise.de/ct/artikel/Beemer-Open-Thyself-Security-vulnerabilities-in-BMW-s-ConnectedDrive-2540957.html
  • http://www.adac.de/infotestrat/technik-und-zubehoer/fahrerassistenzsysteme/sicherheitsluecken.aspx​(​German)
  • http://www.bmw.com/com/en/insights/technology/connecteddrive/2013/
  • http://grahamcluley.com/2015/02/bmw-security-patch/
  • http://www.autosec.org/publications.html
  • https://www.iamthecavalry.org/domains/automotive/5star/
  • https://www.press.bmwgroup.com/global/pressDetail.html?title=bmw-group-connecteddrive-increases-data-security-rapid-response-to-reports-from-the-german-automobile&id=T0202503EN
  • http://www.markey.senate.gov/imo/media/doc/2015-02-06_MarkeyReport-Tracking_Hacking_CarSecurity%202.pdf

Download a PDF copy of this article, Assessment of BMW Door Lock Security Updates.



Security Research Movement Issues Letter Outlining Five Star Automotive Cyber Safety Program

DEF CON 22, Las Vegas, NV – August 8th – I Am The Cavalry, a cybersecurity volunteer association focused on public safety concerns, today issued a letter to leaders in the automotive industry, calling for the adoption of five key capabilities that create a baseline for safety relating to the computer systems in cars.

The letter, addressed to CEOs in the automotive industry, calls for safety to be built into the adoption and design of computer systems in vehicles.  Increasing reliance on computer systems and internet connectivity in cars is opening up a whole new area of consumer risk, much of which is still being investigated and understood.  I Am The Cavalry wants to help address this and protect people by collaborating with leaders in the automotive industry.  To start this process, they have identified five key capabilities that represent a foundation for building better cyber safety in cars:

  • Safety by Design – developing automotive computer systems with security in mind.
  • Third-Party Collaboration – publishing a clear vulnerability disclosure response policy that works with security researchers.
  • Evidence Capture – logging information that may assist with an investigation should one be necessary.
  • Security Updates – providing a mechanism for consumers to receive updates to computer systems quickly and easily as issues are found and fixed.
  • Segmentation and Isolation – ensuring that issues in non-critical systems do not impact the performance of critical systems.

“Modern cars are computers on wheels and are increasingly connected and controlled by software. Unlike your home computer, the consequences of compromise are far more severe,” said Joshua Corman, co-founder of I Am The Cavalry. “Dependence on technology in vehicles has grown faster than effective means to secure it. We’re just at the start of understanding the implications for public safety. The combined expertise of the automotive industry and the cyber security research community can rise to meet the challenge. This framework can be the foundation of that collaboration.”

“I think the proposed framework clearly states important principles and intent in a plain, sensible and workable way.” said Tony Sager, Chief Technologist for The Council on Cyber Security. “It puts information sharing between vendors and researchers into a constructive framework and establishes a shared goal of continuous safety improvement. “

The letter has also been published as a petition with a request for members of the public to show their support for car safety: https://www.change.org/petitions/automotive-industry-we-request-that-you-unite-with-us-in-a-joint-commitment-to-safety-between-the-automotive-and-cyber-security-industries

In addition, I Am The Cavalry co-founders Joshua Corman and Nicholas J. Percoco will be discussing the letter during the security research convention, DEF CON:

  • Press conference: 4:00pm, Friday, August 8th in the press room
  • Presentation: “The Cavalry Year[0] & a Path Forward for Public Safety” – 10:00am, Saturday, August 9th, Penn & Teller room

The letter is included in full below:

An Open Letter to the Automotive Industry: Collaborating for Safety 

Dear Automotive CEOs,

We request that you unite with us in a joint commitment to safety between the automotive and cyber security industries.

A hallmark of the automotive industry is extraordinary innovation in the face of market needs. 50 years ago, basic automotive safety features were an afterthought. Since then, the auto industry has steadily driven advances in safety features, safety engineering, and supply chain management in ways that software and cyber security disciplines must emulate.

Now the automotive industry faces a new challenge. Modern vehicles are computers on wheels and are increasingly connected and controlled by software and embedded devices. These new technologies enable innovations designed to increase vehicle safety and bring other positive features. Vehicle-to-vehicle communication, driverless cars, automated traffic flow, and remote control functions are just a few of the evolutions under active development.

New technology introduces new classes of accidents and adversaries that must be anticipated and addressed proactively. Malicious attackers, software flaws, and privacy concerns are the potential unintended consequences of computer technologies driving this latest round of innovation. The once distinct worlds of automobiles and cyber security have collided. In kind, now is the time for the automotive industry and the security community to connect and collaborate toward our common goals.

When the technology we depend on affects public safety and human life, it commands our utmost attention and diligence. Our cars command this level of care. Each and every day, we entrust our lives and the lives of those we love to our automobiles.

The goal of our outreach effort here is to catalyze greater teamwork between security researchers and the automotive industry. Our combined expertise is required to ensure that the safety issues introduced by computer technologies are treated with the same diligence as other classes of automotive safety issues.

Will you join us in this endeavor?

We propose five critical capabilities to lay a foundation for safety, both for collaboration and for increasing consumer confidence. This content was developed jointly with leading cyber security researchers and others working in and around the automotive industry. We crafted these capabilities to be objectively defined, lasting, and to allow for adaptation and innovation within each function.

We urge the automotive industry to adopt, develop, enhance, and attest to these capabilities. Just as they consider other safety features, concerned consumers will be better enabled to make purchasing decisions based on your attestations against these five areas. We will help you navigate this road to build greater protections for your customers and set a new standard for safety.

Five Star Automotive Cyber Safety Program

Further details and explanations can be found at https://www.iamthecavalry.org/auto/5star

1. Safety by Design

VALUE: We take public safety seriously in our design, development, and testing.

PROOF: As such, we have published an attestation of our secure software development lifecycle, summarizing our design, development, and adversarial resilience testing programs for our products and our supply chain.

2. Third-Party Collaboration

VALUE: We recognize that our programs will not find all flaws.

PROOF: As such, we have a published coordinated disclosure policy inviting the assistance of third-party researchers acting in good faith.

3. Evidence Capture

VALUE: We want to learn from failures and enable continuous improvement.

PROOF: As such, our systems provide tamper evident, forensically sound logging and evidence capture to facilitate safety investigations.

4. Security Updates

VALUE: We recognize the need to address newly discovered safety issues.

PROOF: As such, our systems can be securely updated in a prompt and agile manner.

5. Segmentation & Isolation

VALUE: We believe a compromise of non-critical systems (like entertainment) should never adversely affect critical/physical systems (like braking).

PROOF: As such, we have published an attestation of the physical/logical isolation and layered defense measures we have implemented.

We are eager to start working with you within the next 90 days and to begin promoting your current and future capabilities to the public. These attestations establish a foundation and serve to catalyze an ongoing collaboration to better prepare us for the next 50 years and beyond. Given our research and experience to date, we are encouraged to see some early investments toward these capabilities. While capabilities like evidence logging will take time to bring to market, valuable policy and capability attestations can begin now. On this journey, the challenges will be many and they will be significant, but together and through collaboration we can rise to meet them. Let’s start now.


“I am The Cavalry”, members of the security research community, & concerned citizens

Signatures and instructions for signing can be found at https://www.iamthecavalry.org/auto/5star

Signatures are solely the opinion of the individual.

I am The Cavalry – https://www.iamthecavalry.org – @iamthecavalry – autosafety@iamthecavalry.org

To ensure technologies with the potential to impact public safety and human life are worthy of our trust.


About I Am The Cavalry

The I Am The Cavalry movement was formed in response to concerns over the impact of cybersecurity threats on public safety.  Its efforts are focused on cybersecurity issues relating to four main of public safety: medical, automotive, home electronics, and public infrastructure. For more information, please visit: https://www.iamthecavalry.org/

For more information, please contact press@iamthecavalry.org