Ensuring cybersecurity for computers and mobile phones is a huge, complex business. The ever-widening scope and unbelievable variety of threats makes keeping these devices safe from cyber criminals and malware a full-time challenge for companies, governments and individuals around the world.\nBut at least the vast majority of those devices are easily accessible, safe in the pockets or sitting on the desktops of the very people who want to protect them. The Internet of Things (IoT) devices that need protection, on the other hand, could be almost anywhere: sitting in a remote desert, buried deep in coal mine, built into a giant truck. Or, even implanted inside the human body.\nIoT devices in hard-to-reach locations\u00a0\nThis issue was highlighted last week when the FDA issued a letter calling for the voluntary recall of some 465,000 St. Jude Medical pacemakers\u2014currently embedded in heart patients\u2019 chests!\u2014to patch security holes.\nThe FDA warned that vulnerabilities in the RF-enabled implantable cardiac pacemakers \u201cif exploited, could allow an unauthorized user \u2026 to access a patient's device using commercially available equipment. This access could be used to modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing.\u201d\nNo compromised pacemakers yet\nIn other words, hackers might be able to run down the battery so the device would prematurely stop working, or they could even affect the patients\u2019 heart rate or rhythm.\u00a0\nYikes!\nFortunately, according to Abbott, which now owns St. Jude Medical, no compromised pacemakers have yet been reported. And in the vast majority of cases, the vulnerable firmware can be updated with a simple, three-minute visit to a healthcare provider.\nPhew!\u00a0\nA risky future for IoT devices?\u00a0\nBut things might not turn out so well the next time a critical IoT device in a hard-to-reach place is diagnosed with security or other issues. What if the vulnerable pacemakers had to be removed via open-heart surgery to be patched? What if a patient died during the procedure?\u00a0\nIf that seems too gory, what about if a team had to head out to the desert, or down into that coal mine, or rip apart that giant truck to get to an IoT device? And what if something went wrong in the process, and someone got hurt, or worse? Who would be responsible, legally and otherwise?\u00a0\nWhat happens when you can\u2019t fix the IoT device?\u00a0\nOr look at the problem another way. What if it was decided that getting to that difficult-to-access IoT device was too risky, so the vulnerable \u2014 or even compromised \u2014 device stayed in place? Whose responsibility would it be to deal with that and minimize any damage it caused?\u00a0\nThese may be largely theoretical questions right now, but it seems certain that they won\u2019t stay hypothetical for long. These kinds of situations are bound to crop up sooner rather than later, and they pose clear and present dangers for IT teams more used to dealing with cyber issues than messy physical problems.\u00a0\nBottom line? When working with the Internet of Things, where those things are located can make a big difference \u2014 and potentially cause serious new problems for traditional IT teams.