Kaspersky introduces cyber policy for bionic devices

Cyber-technology provider Kaspersky has become one of the first organizations in the world to attempt to address the security challenges of so-called human augmentation, by developing and implementing a comprehensive policy designed to protect users from bionic devices in the workplace.

Bionic devices are defined in practice as something that replaces or augments a part of the human body with an artificial device or implant. This includes medical technologies such as pacemakers, artificial sensory organs – visual prostheses or hearing aids – or bionic limb prostheses, but also devices such as chip implants and near field communication (NFC) devices. , which some organizations have introduced for Identity and Access Management. (I AM).

Kaspersky has taken action based on the legitimate fears of the cybersecurity community that as more devices are upgraded electronically or connected to the Internet, too little attention is paid to their security, resulting in too little attention being paid to their security. entails uncertainties and risks both for users and their employers, and for the future development of this technology. He consulted extensively with user groups and other stakeholders when designing the policy, and conducted real-world testing with employees who had bionic chips implanted.

“Human augmentation is a growing area of ​​technology that actually remains under-explored. That is why taking a first step towards clarifying the problems associated with its use, as well as strengthening security, will help us ensure that its potential is used in a positive way ”, said Marco Preuss, team director. Kaspersky Global Research and Analysis Group (GReAT).

“We believe that to build a more secure digital world for tomorrow, we must digitally secure the future of human augmentation today.”

The proposed document, a copy of which has been shared with Computer Weekly, will be applied to all of Kaspersky’s corporate infrastructure and to various units, including all staff and third party employees providing contractual services. . It covers aspects of organizational security, including access control, administration and maintenance processes, and the use of automated systems.

Some of the policies include:

  • The introduction of color-coded security zones at Kaspersky sites and the way in which NFC chips can be used to access every level, from visitor parking lots to halls and common areas, including sensitive areas such as conference rooms. servers.
  • Security specifications to apply to NFC chips, including the device ID, and whether or not the device supports strict cryptographic encryption standards.
  • Patch management procedures for bionic devices, with a sliding scale of prioritization based on CVSS scores of disclosed vulnerabilities.
  • Guide for employees with bionic prostheses, internal organs or sensory organs, covering situations such as passing through metal detectors when in use.
  • Tips for employees who may have a bionic device, such as a hearing aid, capable of collecting information, recording audio or video files, or using built-in interfaces such as GPS or Wi-Fi.
  • Tips for employees with bionic implants who may need to access locations with high electromagnetic radiation.

Kaspersky hopes its new policies will both improve its cybersecurity posture and improve inclusion within the company, as many users of bionic devices will identify as being disabled.

He also hopes it can be used as a starting point to further engage the wider IT and human community around security issues related to bionic technology, by starting conversations about digital privacy and access rights, and mitigating health threats.

Source link