The NSA is seeking new ways to satisfy its hunger for raw data by exploiting the so-called internet of things, an emerging network connecting objects such as vehicles, home appliances and biomedical devices.
“We’re looking at it sort of theoretically from a research point of view right now,” the spy agency’s Deputy Director Richard Ledgett told a conference on military technology at Washington’s Newseum last Friday.
The official said biomedical data for the NSA “maybe a niche kind of thing … a tool in the toolbox,” according to the Intercept.
Replying to a question, Ledgett said the internet of things would be both “a security nightmare or a signals intelligence bonanza” from the agency’s standpoint.
“As my job is to penetrate other people’s networks, complexity is my friend,” he said. “The first time you update the software, you introduce vulnerabilities, or variables rather. It’s a good place to be in a penetration point of view.”
The potential of internet of things for global surveillance was pointed out earlier by Director of National Intelligence James Clapper during a February hearing at the Senate. He said interconnected devices could be useful “for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”
Ledgett elaborated on the potential for malign hackers to take control of wirelessly connected biomedical devices, a scenario discussed by law enforcement and explored by the cybersecurity community. The popular TV series Homeland uses a hacker attack on a senior US official through his pacemaker as a plot device.
The NSA is not in a position to mandate security standards for private companies, Ledgett said, but it also cannot ignore the threat as well. Once the agency has an employee with an internet-connected biomedical device, the issue would be of great concern, he added.