Howdy all,

This week our speaker will be Seth Nielson.  He teaches Network Security
here for the JHUISI program and runs his own cyber security consulting &
research firm Crimson Vista <>.  His talked is
titled "Is Medical Cyber Security Really Solvable?" The blurb is below:

What does it mean to "secure" something? Too often our view as security
experts becomes "keeping the bad guy out" when that isn't what security is
about at all. Most often, what "securing" something means is that "only the
good guy gets in." That may sound like the same thing, but it is a much
harder problem.

What does securing medical infrastructure mean? Does it mean keeping a
snooping teenager in the waiting room off the WiFi? Does it mean locking
down all of the medical devices so that some future terrorist group doesn't
murder everyone connected to an insulin pump? These "deny-oriented"
approaches to computer security will never work because that's not what the
actual goal is. Perhaps the best generic security goal we can come up with
for the medical space is: patients are delivered the maximum care or
treatment the cyber-infrastructure is capable of delivering.

That may be a fine goal for everyone to have. But is it realistic?

As always, the meeting will be in Malone 228 at 6:30, and there will be
milk and cookies.

See you there,
ACM Chair