The National Security Agency is exploring new foreign intelligence-gathering opportunities, focusing on exploitation of the Internet of Things and Internet-connected biomedical devices.
The Intercept reports NSA Deputy Director Richard Ledgett said the agency is “looking at it sort of theoretically from a research point of view right now” during an address at the Defense One Tech Summit in Washington, DC on Friday.
Ledgett said surveillance of biomedical devices like pacemakers could be “a niche kind of thing… a tool in the toolbox.” The deputy director explained that spying on the Internet of Things—the network of billions of connected physical objects—would be both a daunting security challenge and a signals intelligence windfall.
“As my job is to penetrate other people’s networks, complexity is my friend,” said Ledgett. “The first time you update the software, you introduce vulnerabilities, or variables rather. It’s a good place to be in a penetration point of view.”
Biomedical devices are notoriously easy to hack. In the fall of 2013, the Mayo Clinic hired Bill Rios, a “white hat,” or ethical, hacker as part of a team tasked with breaking into clinic computers in order to gauge the security of dozens of medical devices. Rios found many of the devices under- or even unprotected. “Every day, it was like every device on the menu got crushed,” he told Bloomberg Businessweek. “It was all bad. Really, really bad.”
The NSA isn’t the only government agency interested in exploiting the Internet of Things for intelligence gathering. In February, Director of National Intelligence James Clapper said during a Senate hearing on global threats that interconnected devices might be used “for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”
However, Clapper also said that “information obtained from a refrigerator, a washing machine, or a child’s toy” is no substitute for information gleaned from terrorists’ actual communications.