The United States National Security Agency (NSA) is considering opportunities aimed at collecting data from internet-connected devices, including pacemakers and other such appliances. The NSA's deputy director, Richard Ledgett, said at a military technology conference in Washington on 10 June, that the agency is interested in collecting foreign intelligence by exploiting the Internet of Things (IoT), adding, however, that there may be comparatively simpler ways to keep track of terrorists and foreign intelligence.
According to the Intercept, Ledgett said, "We're looking at it sort of theoretically from a research point of view right now." He also added that IoT may "both" pose as a "security nightmare" and a "signals intelligence bonanza". Commenting on the prospect of monitoring biomedical devices, Ledgett said that it "maybe a niche kind of thing ... a tool in the toolbox", indicating that while biomedical devices would likely not be a core information source, it is still on the NSA's radar.
"As my job is to penetrate other people's networks, complexity is my friend," he said. "The first time you update the software, you introduce vulnerabilities, or variables rather. It's a good place to be in a penetration point of view."
Ledgett also pointed out that the NSA has to prioritise its resources when considering exploiting a new device, adding that the focus is generally on tech more commonly used by "bad guys" rather than the more popular consumer oriented gadgets. This, he explained, was the reason why the NSA could not assist the FBI in cracking the San Bernardino shooter's iPhone. "We don't do every phone, every variation of phone," he stressed. "If we don't have a bad guy who's using it, we don't do that."
Ledgett is not the first to highlight how government agencies can exploit IoT to collect intelligence. US National Intelligence head James Clapper said in February that intelligence agencies may "use the IoT (Internet of Things) for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials."
Ledgett's reference to monitoring biomedical devices, including pacemakers, may be a serious concern to the NSA in the future. While Ledgett confirmed that no employee is currently using an internet connected biomedical device, if such a situation should arise, the agency may have to make allowances for it, especially given that pacemakers and other such internet connected devices can be vulnerable to hacking, making them a major security concern.