SlideShare a Scribd company logo
1
Cybersecurity in Medical Devices
Practical Advice for FDA’s 510(k)
Secure Product
Development
Framework (SPDF)
About Us – Complementary Partners
2
INTEGRITY Security Services (ISS) is a wholly owned subsidiary of Green Hills
Software LLC., established to provide best practice embedded security
products and services for the protection of smart devices in all industries
from cyber security attacks. ISS's experience enables them to provide the
world’s first Secure Platform for Medical (SPM) which dramatically reduces
time and resources for medical device OEMs to meet Omnibus Act Section
3305 and FD & C Section 524B.
BG Networks equips embedded engineers and penetration testers with
easy-to-use software automation tools to streamline cybersecurity tasks
including hardening, detection, and testing. BG Networks automation
tools are designed to help with adherence to regulations from the FDA,
NIST, ISO, and the EU.
ICS supports our customers with software development, User experience
design, platform and regulatory support to build next generation
products. We provide a number of services focused on the medtech
space including human factors engineering with a 62366 compliant
process, hazard and risk analysis, 62304 compliant software
development, and platform support including cybersecurity.
Cybersecurity
Services
Cyber-Testing
Detection
Hardening
Risk
Management
Speaker Introductions
3
David Sequino
Founder & CEO
Colin Duggan
Founder & CEO
Milton Yarberry
Director of
Medical Programs &
Cybersecurity
Topics for Upcoming Webinars In This Series
Following are topics for upcoming webinars
June 20th Secure-by-Design - Using Hardware and Software Protection for FDA Compliance
Threat modeling and risk assessment – First step in risk management
Security by design & defense in depth – Security control categories called for by the FDA
Cyber-testing – What the FDA expects
Cybersecurity documentation - eSTAR submissions
Post Market Requirements – Fixing Vulnerabilities: SBOM – Updates - Monitoring
Bolting On Security – Is there anything that can be done if I already have a design
4
Agenda
• What does FD&C Act, 524B, say about SPDF
• What is a SPDF
• Introduction to a SPDF foundation
• Example of application of a SPDF
• SPDF documents the FDA has asked for
5
Questions For Us - A Question For You – Link to Previous Webinar
Questions for us
• Put your questions in the Q&A
• For questions we don’t get to, we’ll write answers and make them available after
A question for you
How confident are you that your medical devices processes meet FDA’s SPDF expectations?
• Please respond now
• We’ll also ask at the end to see if your perspective has changed
For reference here is the previous webinar in this series and the answers to questions asked
• Link to previous webinar: https://www.ics.com/webinar-demand-practical-advice-fdas-510k-requirements
• Link to previous Q&A: https://www.ics.com/questions-answers-fdas-510k-requirements-webinar
• We’ll put both in the chat
6
Primary goal of SPDF
To manufacture and
maintain safe and
effective devices
From a security
standpoint, these are
also trustworthy and
resilient devices
Sponsors Must
• Submit a plan to monitor, identify, and address postmarket cybersecurity vulnerabilities and exploits
• Provide a software bill of materials (SBOM)
• Design, develop, and maintain processes to ensure device and related systems are
cybersecure and provide postmarket updates and patches
Effective March 29, 2023, the FD&C Act was amended to include section 524B "Ensuring Cybersecurity of Devices”
that is introducing cybersecurity provisions for devices meeting the definition of a cyber device.
Cyber device means a device that:
1. includes software … as a device or in a device;
2. has the ability to connect to the internet; and
3. contains any such technological
characteristics … that could be vulnerable to
cybersecurity threats
YES, this includes
devices only with a
USB port
Text 524B
Slide 9
Example Safety & Security Verticals
Slide 9 9
IEC 62443 UNR 155/6
ISO 21434
NIST 800-53
DO – 326A
DO – 355
ARINC 667
ARINC 835
NIST 800-53
Many TCG Stds
FD&C Section 524B
EU MDR
DO – 178B
NIST 800-53
NIST 800-53
Slide 10
• Patient Harm
• Patient confidence in
Health Delivery
Organizations
• Authenticity, which includes
integrity
• Authorization
• Availability
• Confidentiality
• Secure and timely
updatability and patchability
Safety & Security go “hand in hand”
Slide 10
Safety Security
11
Cybersecurity SPDF | Highest Level View
Process
Documents
Image from flaticon.com
The FDA won’t inspect your
SPDF cybersecurity
processes for 510(k)
clearance… (but they would for a
PMA or routine FDA inspection)
… but you want to make sure
your processes ensure
safety and effectiveness
And it results in documents
that match expectations for
the FDA’s review
Device Lifecycle Must be Considered in Your SPDF
Design/Develop/Test Manufacture Test/Provision/Release Support/Update/Decom
Supply Chain Sites / Phases
Assets
Across
Supply
Chain
Users
Devices
Digital Assets
Sites
Users
Devices
Digital Assets
Sites
Users
Devices
Digital Assets
Sites
Users
Devices
Digital Assets
Sites
13
Elements that Make Up a SPDF | Many Ingredients Blended Together
SPDF Inputs
Cybersecurity Specific
Medical Device SPDF
Patient Safety & QMS
Should Reference SPDF Docs
Requirements
Management SBOM
Features Dev. Code Quality
CI / CD Pre-Production
Testing Post-Production Supporting End of Life
Competence
Development
Threat Modeling
Risk Assessment
Implement
cybersecurity features
Static analysis, MISRA
C, etc..
Generation
CWE/CVE check
Validation
Pentesting
Code Signing
Release / Delivery
Key Management
Locking Hardware
Vulnerability
Monitoring
Feedback / Incident
Response
Software Updates
Diagnostic Tools
Secure
Decommissioning
Software Development Lifecycle
Security Development Lifecycle
Legend
14
Secure Product Development Framework (SPDF)
Based on IEC 81001-5-1
Overview of IEC 81001-5-1
And AAMI SW96:2023
How They Can Be Used As a
Foundation for SPDF
Developed to Complement Your Existing QMS and Risk Processes
QMS
SPDF
IEC 81001-5-1 | Overview – A Software SPDF
IEC 81001-5: Finalized in December 2021
• Derived from an existing industrial cyber-security standard but adapted for medical devices
• IEC 62443-4: Product Security Development Lifecycle Requirements
IEC 81001-5 developed to be an extension to IEC 62304
• IEC 62304: Medical Device Software – Software Life Cycle Processes
Recognized around the world
• FDA Consensus standard
• EU MDR is adopting
• Required in Japan
A couple of items to keep in mind
• Does not exactly match FDA guidance and documentation required for pre market submission
• Risk Management section is light-weight (reason to complement with AAMI SW:96)
AAMI SW96: 2023 | Security Risk Management For Medical Devices
• SW96:2023 is a full standard based on Technical Information Reports : TIR57 and TIR97
• Developed to work within the ISO 14971 risk framework
• SW96:2023 has a broader definition of harm than ISO 14971
From
ANSI/AAMI SW96:2023
Pg 27
Example
Overview of SPDF Steps
M
Cybersecurity Process
Secure Product Development Framework (SPDF)
Design Controls
Design Inputs
Cyber ReqA
Cyber ReqB
Design outputs
Cyber SpecX
Cyber SpecY
Cyber SpecZ
Binaries
Verification Tests
Cyber TestX
Cyber TestY
Cyber TestZ
Mitigations
MitigationX
MitigationY
MitigationZ
Threat Assessment
ThreatX
ThreatY
ThreatZ
Security
Architecture
Architecture Diagrams
Component Analysis
Connectivity definitions
Use Case Views
Code
Known
Abnormalities
(test failures)
Static
Software
Code
Analysis
Source
SCA
Binary
SCA
SBOM
Triage &
Justifications
Vulnerability
Report
Penetration Testing
(independent white hat)
Post Market
Vulnerability
Management Plan
Customer
Transparency Plan
Published
Vulnerabilities
Threat Mitigation
Testing
(vs. ReqA, ReqB)
Vulnerability
Testing
(i.e. malformed input, fuzzing, etc.)
Cybersecurity
Assessment
Security Risk
Management
Report
(PMA - Annual)
Security Risk
Management Plan
Security Risk Test
Plan
20
SPDF
composition
Mitigations
Example Ankle Worn Stroke Detection Data Acquisition
AMPS from the MITRE / MDIC Medical Device Threat Modeling Hand Book
Threat Modeling
• We like data flow diagrams
• They make it easy to see trust
boundaries
• Good start to 4 architectural
views the FDA has mandated
Example : Bluetooth
• On the AMPS device
• An important interface to keep
secure!
FDA Submission Document
Architectural Views
Guidance Section : V.B
Threat Modeling
STRIDE – Asset - Attack Path – Attack Feasibility
1) STRIDE
2) Asset
3) Attack
Path
4) Score
FDA Submission Document
Threat Model
Guidance Section : V.A, V.B, Appendix 1,2
1. Attacker pairs via bluetooth to AMPs device
2. Attacker reverse engineers code update API
3. Attacker uses API to install mallicious code <= two weeks Expert Restricted Easy Standard 12 Medium-High
Attack Path
Window of
Opportunity Equipment
Difficulty Score
(lower means
easier to hack) Attack Potential
Knowledge of
TOE
Elapsed Time Expertise
Overall Attack Potential Score
High 0
Medium-High 10
Medium 14
Low 20
Very low 25
Control plane code execution
Wrong data provided to Bluetooth
app from AMPS device
Asset Name Threat Scenario
Impact - Risk Rating - Requirements (Inputs)
Asset Name Damage Scenario Adverse Consequence
Control plane code execution
Wrong data provided to Bluetooth
app from AMPS device
1) Incorrect data provided to doctor to
determine patient's risk of stroke
2) Manufacturer could be legally liable
3) AMPS device functionaliy impaired
Reduce
1) Implement authentication scheme for
Bluetooth access
Goal
Goal 1: Bluetooth access requires
authentication
Requirement 1:
Use Bluetooth LE Secure Connections based on Elliptic
Curve Diffie Hellman challenge-response. Requires
screen and yes/no buttons for user interface
Cybersecurity
Goal(s) or Claim Goals or Claim Summary Goal Requirement(s)
Risk Treatment Decision
Risk Treatment Details
5) Consequence
6) Impact
7) Risk Rating
8) Requirement
FDA Submission Document
Cybersecurity Risk Assessment
Guidance Section : V.A
FDA Submission Document
Requirements
Guidance Section : V.B.1, App.1
Safety Financial Operational Privacy
Moderate Major Major Moderate Major
S: Patient could be at risk of a stroke but is not treated
F: If could be proven that the wrong data is being sent the medical device manufacturer could be liable
O: Device is not functioning correctly
P: Vital signs and stroke related data stolen
Impact Categories
Overall Impact Impact Justification
Attack Feasibility Rating
Very low Low Medium Medium-High High
Impact Rating Severe 2 3 4 5 5
Major 1 2 3 4 5
Moderate 1 2 2 3 4
Negligible 1 1 1 1 2
Major Medium-High 4
Impact Rating
Attack Feasability
Rating Risk Value (1 - 5)
SBOM
FDA Submission Document
SBOM
Guidance Section : V.A.4, VI.A
FDA Submission Document
Vulnerability Assessment and
Software Support
Guidance Section : V.A.4
Common formats?
• SPDX (older, licensing focus)
• CycloneDX (lightweight, open source focus)
• SWID (software tracking focus)
What’s in it?
• Types of info:
• SW Component data fields
• SBOM Author
• Automation fields
How created?
• OS + commercial SW + open source
• From build system
• Component analysis tools
• Vulnerability scanning tools
• Simpler with managed packages
How used?
• Lookup in National Vulnerability Databases – (nvd.nist.gov/vuln/search)
• Automation tools intended for this purpose
JSON
YAML
Tag, Value
Cyber-Testing - Verification of Outputs
Four Types of Testing Called for by the FDA
FDA Submission Document
Testing
Guidance Section : V.C
TYPES OF TEST DESCRIPTION BLUETOOTH EXAMPLE
Security Requirements Testing • Verification of input/requirement for security features
• Testing of functionality including boundary cases
• Positive and negative tests of Elliptic Curve Diffie Helman
challenge-response
• Verify that programming API and device characteristics are
available only after auth.
Threat Mitigation Testing • Validation/system level testing
• Tie back to threat model
• Consider global system, multi-patient harm, patchability
• Test security of keys from brute force attacks
• Consider break-one-break-them-all scenarios if unique keys
per device not specified
• Test for authentication bypass (e.g. pairing accepted without
correct response)
Vulnerability Testing • Testing for malformed inputs
• Unexpected inputs
• Vulnerability Chaining
• Fuzzing, scanning, encryption check, static & dynamic code
analysis
• NIST NVD and CISA Known Exploited Vulnerabilities Catalog
for Bluetooth vulns. using CPE.
Penetration Testing • Testing done by personnel who have not worked on the
design
• White box testing recommended : more efficient &
accepted by FDA
• One week of pentesting on Bluetooth interfaces
• MITM attacks, key extraction from app, key extraction for
AMPS device (e.g., JTAG, USB, UART), malformed inputs,
DoS, etc…
Cybersecurity Risk Management Report
Risk
Management
Report
Vulnerability/Threat
Mitigation/Penetration
Testing
SBOM
Threat Modeling
Threat Intelligence
(e.g., CISA Vulnerability
Catalog)
FDA Submission Document
Cybersecurity Risk Management Report
Guidance Section : V, VI.B
FDA Submission Document
Unresolved Anomaly Assessment
Guidance Section : V.A.5
FDA Submission Document
Traceability
Guidance Section : V.A, V.B, V.C, VI.A
Overview
• 3 Report Descriptions
• FDA Submission Document: V, VI.B
• TIR57, sec. 8.
• SW96 Appendix C
• Terms and concepts from the three sources are slightly different
• Summary and References
• Risk Management Report should succinctly SUMMARIZE the risk
management process followed, and details of the outcome
• Full analysis, assessments, models are REFERENCED in report
Report Contents
• System Description
• Device Intended Use
• Operating Environment
• Threat Model
• Security Risk Assessment
• SBOM
• Vulnerability Assessment
• Unresolved Anomalies Assessment
• Risk evaluation methods and
processes
• Residual Risk conclusions
• Risk Mitigation activities
• Component support information
• Traceability: threat model / risk
assessment / SBOM / testing
documentation
Labeling
FDA Submission Document
Labeling
Guidance Section : VI.A
Labeling as applied to cybersecurity
• How to securely configure/set secure passwords
• Document risks that are transferred
• Security information of IT cybersecurity staff
• Device identification on a network and how to track
• Logging and attack detection information
• Instructions to obtain software updates
• Date of end of life support
• How a device under attack will notify user
• Protections against catastrophic events
Labeling for example
• How to set password in BT phone app
• No risks transferred – all BT risks mitigated
• Security information of IT cybersecurity staff
• Unique device IDs tracked through app to cloud
• IDS alerts provided on detection of attacks
• URL on company website for software updates
• End of life date negotiated between medical device
manufacturer and HDO
Labeling for user to help manage security risks
- “Manufacturers should provide or make available SBOM information to users on a continuous basis”
- Online portal to publish SBOM information, vulnerability information. Updated. Accurate.
Post Market
FDA Submission Document
Cybersecurity Management Plans
Guidance Section : VI.B
FDA Submission Document
Measures and Metrics
Guidance Section : V.A.6
Cybersecurity Management Plans
• Personnel responsible
• Post market vulnerability monitor plan and sources of threat intel
• Update process and time to patch
• Vulnerability disclosure to manufacturer & communication to HDOs
• Communicate through Online portal
Measures & Metrics
• Percentage of vulnerabilities that are patched
• Time from vulnerability identification to patching
• Duration from when a patch is available to implementation in devices deployed
One Result of your SPDF
Documentation for FDA Pre-Market Submission – Appendix 4
Poll Question, Q&A

More Related Content

Similar to A Deep Dive into Secure Product Development Frameworks.pdf

How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
Ben Rothke
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
LabSharegroup
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
Kaspersky
 
GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?
QualiQuali
 
Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up
ICS
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation Style
Rochester Security Summit
 
Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?
Walt Maclay
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?
Rio Valdes
 
IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management
MethodSense, Inc.
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
Nathan Wallace, PhD, PE
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Sw qual joint webinar deck (5)
Sw qual joint webinar deck (5)Sw qual joint webinar deck (5)
Sw qual joint webinar deck (5)
Seapine Software
 
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability MatrixBeyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
Seapine Software
 
国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析
Onward Security
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
DevOps.com
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA Cyber Security
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
chris odle
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
Syam Madanapalli
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Tripwire
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery Pipelines
Avi Networks
 

Similar to A Deep Dive into Secure Product Development Frameworks.pdf (20)

How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?
 
Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation Style
 
Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?
 
IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management IEC 62304: SDLC Conformance and Management
IEC 62304: SDLC Conformance and Management
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Sw qual joint webinar deck (5)
Sw qual joint webinar deck (5)Sw qual joint webinar deck (5)
Sw qual joint webinar deck (5)
 
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability MatrixBeyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
Beyond FDA Compliance Webinar: 5 Hidden Benefits of Your Traceability Matrix
 
国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery Pipelines
 

More from ICS

Secure-by-Design Using Hardware and Software Protection for FDA Compliance
Secure-by-Design Using Hardware and Software Protection for FDA ComplianceSecure-by-Design Using Hardware and Software Protection for FDA Compliance
Secure-by-Design Using Hardware and Software Protection for FDA Compliance
ICS
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
ICS
 
Accelerating Development of a Safety-Critical Cobot Welding System with Qt/QM...
Accelerating Development of a Safety-Critical Cobot Welding System with Qt/QM...Accelerating Development of a Safety-Critical Cobot Welding System with Qt/QM...
Accelerating Development of a Safety-Critical Cobot Welding System with Qt/QM...
ICS
 
Overcoming CMake Configuration Issues Webinar
Overcoming CMake Configuration Issues WebinarOvercoming CMake Configuration Issues Webinar
Overcoming CMake Configuration Issues Webinar
ICS
 
Enhancing Quality and Test in Medical Device Design - Part 2.pdf
Enhancing Quality and Test in Medical Device Design - Part 2.pdfEnhancing Quality and Test in Medical Device Design - Part 2.pdf
Enhancing Quality and Test in Medical Device Design - Part 2.pdf
ICS
 
Designing and Managing IoT Devices for Rapid Deployment - Webinar.pdf
Designing and Managing IoT Devices for Rapid Deployment - Webinar.pdfDesigning and Managing IoT Devices for Rapid Deployment - Webinar.pdf
Designing and Managing IoT Devices for Rapid Deployment - Webinar.pdf
ICS
 
Quality and Test in Medical Device Design - Part 1.pdf
Quality and Test in Medical Device Design - Part 1.pdfQuality and Test in Medical Device Design - Part 1.pdf
Quality and Test in Medical Device Design - Part 1.pdf
ICS
 
Creating Digital Twins Using Rapid Development Techniques.pdf
Creating Digital Twins Using Rapid Development Techniques.pdfCreating Digital Twins Using Rapid Development Techniques.pdf
Creating Digital Twins Using Rapid Development Techniques.pdf
ICS
 
Cybersecurity and Software Updates in Medical Devices.pdf
Cybersecurity and Software Updates in Medical Devices.pdfCybersecurity and Software Updates in Medical Devices.pdf
Cybersecurity and Software Updates in Medical Devices.pdf
ICS
 
MDG Panel - Creating Expert Level GUIs for Complex Medical Devices
MDG Panel - Creating Expert Level GUIs for Complex Medical DevicesMDG Panel - Creating Expert Level GUIs for Complex Medical Devices
MDG Panel - Creating Expert Level GUIs for Complex Medical Devices
ICS
 
How to Craft a Winning IOT Device Management Solution
How to Craft a Winning IOT Device Management SolutionHow to Craft a Winning IOT Device Management Solution
How to Craft a Winning IOT Device Management Solution
ICS
 
Bridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory TeamsBridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory Teams
ICS
 
IoT Device Fleet Management: Create a Robust Solution with Azure
IoT Device Fleet Management: Create a Robust Solution with AzureIoT Device Fleet Management: Create a Robust Solution with Azure
IoT Device Fleet Management: Create a Robust Solution with Azure
ICS
 
Basic Cmake for Qt Users
Basic Cmake for Qt UsersBasic Cmake for Qt Users
Basic Cmake for Qt Users
ICS
 
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
ICS
 
Qt Installer Framework
Qt Installer FrameworkQt Installer Framework
Qt Installer Framework
ICS
 
Bridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory TeamsBridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory Teams
ICS
 
Overcome Hardware And Software Challenges - Medical Device Case Study
Overcome Hardware And Software Challenges - Medical Device Case StudyOvercome Hardware And Software Challenges - Medical Device Case Study
Overcome Hardware And Software Challenges - Medical Device Case Study
ICS
 
User Experience Design for IoT
User Experience Design for IoTUser Experience Design for IoT
User Experience Design for IoT
ICS
 
Software Bill of Materials - Accelerating Your Secure Embedded Development.pdf
Software Bill of Materials - Accelerating Your Secure Embedded Development.pdfSoftware Bill of Materials - Accelerating Your Secure Embedded Development.pdf
Software Bill of Materials - Accelerating Your Secure Embedded Development.pdf
ICS
 

More from ICS (20)

Secure-by-Design Using Hardware and Software Protection for FDA Compliance
Secure-by-Design Using Hardware and Software Protection for FDA ComplianceSecure-by-Design Using Hardware and Software Protection for FDA Compliance
Secure-by-Design Using Hardware and Software Protection for FDA Compliance
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
 
Accelerating Development of a Safety-Critical Cobot Welding System with Qt/QM...
Accelerating Development of a Safety-Critical Cobot Welding System with Qt/QM...Accelerating Development of a Safety-Critical Cobot Welding System with Qt/QM...
Accelerating Development of a Safety-Critical Cobot Welding System with Qt/QM...
 
Overcoming CMake Configuration Issues Webinar
Overcoming CMake Configuration Issues WebinarOvercoming CMake Configuration Issues Webinar
Overcoming CMake Configuration Issues Webinar
 
Enhancing Quality and Test in Medical Device Design - Part 2.pdf
Enhancing Quality and Test in Medical Device Design - Part 2.pdfEnhancing Quality and Test in Medical Device Design - Part 2.pdf
Enhancing Quality and Test in Medical Device Design - Part 2.pdf
 
Designing and Managing IoT Devices for Rapid Deployment - Webinar.pdf
Designing and Managing IoT Devices for Rapid Deployment - Webinar.pdfDesigning and Managing IoT Devices for Rapid Deployment - Webinar.pdf
Designing and Managing IoT Devices for Rapid Deployment - Webinar.pdf
 
Quality and Test in Medical Device Design - Part 1.pdf
Quality and Test in Medical Device Design - Part 1.pdfQuality and Test in Medical Device Design - Part 1.pdf
Quality and Test in Medical Device Design - Part 1.pdf
 
Creating Digital Twins Using Rapid Development Techniques.pdf
Creating Digital Twins Using Rapid Development Techniques.pdfCreating Digital Twins Using Rapid Development Techniques.pdf
Creating Digital Twins Using Rapid Development Techniques.pdf
 
Cybersecurity and Software Updates in Medical Devices.pdf
Cybersecurity and Software Updates in Medical Devices.pdfCybersecurity and Software Updates in Medical Devices.pdf
Cybersecurity and Software Updates in Medical Devices.pdf
 
MDG Panel - Creating Expert Level GUIs for Complex Medical Devices
MDG Panel - Creating Expert Level GUIs for Complex Medical DevicesMDG Panel - Creating Expert Level GUIs for Complex Medical Devices
MDG Panel - Creating Expert Level GUIs for Complex Medical Devices
 
How to Craft a Winning IOT Device Management Solution
How to Craft a Winning IOT Device Management SolutionHow to Craft a Winning IOT Device Management Solution
How to Craft a Winning IOT Device Management Solution
 
Bridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory TeamsBridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory Teams
 
IoT Device Fleet Management: Create a Robust Solution with Azure
IoT Device Fleet Management: Create a Robust Solution with AzureIoT Device Fleet Management: Create a Robust Solution with Azure
IoT Device Fleet Management: Create a Robust Solution with Azure
 
Basic Cmake for Qt Users
Basic Cmake for Qt UsersBasic Cmake for Qt Users
Basic Cmake for Qt Users
 
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
 
Qt Installer Framework
Qt Installer FrameworkQt Installer Framework
Qt Installer Framework
 
Bridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory TeamsBridging the Gap Between Development and Regulatory Teams
Bridging the Gap Between Development and Regulatory Teams
 
Overcome Hardware And Software Challenges - Medical Device Case Study
Overcome Hardware And Software Challenges - Medical Device Case StudyOvercome Hardware And Software Challenges - Medical Device Case Study
Overcome Hardware And Software Challenges - Medical Device Case Study
 
User Experience Design for IoT
User Experience Design for IoTUser Experience Design for IoT
User Experience Design for IoT
 
Software Bill of Materials - Accelerating Your Secure Embedded Development.pdf
Software Bill of Materials - Accelerating Your Secure Embedded Development.pdfSoftware Bill of Materials - Accelerating Your Secure Embedded Development.pdf
Software Bill of Materials - Accelerating Your Secure Embedded Development.pdf
 

Recently uploaded

一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
dakas1
 
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptxOperational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
sandeepmenon62
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Paul Brebner
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
dakas1
 
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
Luigi Fugaro
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
ShulagnaSarkar2
 
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
Paul Brebner
 
ACE - Team 24 Wrapup event at ahmedabad.
ACE - Team 24 Wrapup event at ahmedabad.ACE - Team 24 Wrapup event at ahmedabad.
ACE - Team 24 Wrapup event at ahmedabad.
Maitrey Patel
 
The Role of DevOps in Digital Transformation.pdf
The Role of DevOps in Digital Transformation.pdfThe Role of DevOps in Digital Transformation.pdf
The Role of DevOps in Digital Transformation.pdf
mohitd6
 
Voxxed Days Trieste 2024 - Unleashing the Power of Vector Search and Semantic...
Voxxed Days Trieste 2024 - Unleashing the Power of Vector Search and Semantic...Voxxed Days Trieste 2024 - Unleashing the Power of Vector Search and Semantic...
Voxxed Days Trieste 2024 - Unleashing the Power of Vector Search and Semantic...
Luigi Fugaro
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
ervikas4
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
safelyiotech
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
美洲杯赔率投注网【​网址​🎉3977·EE​🎉】
美洲杯赔率投注网【​网址​🎉3977·EE​🎉】美洲杯赔率投注网【​网址​🎉3977·EE​🎉】
美洲杯赔率投注网【​网址​🎉3977·EE​🎉】
widenerjobeyrl638
 
Orca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container OrchestrationOrca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container Orchestration
Pedro J. Molina
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
gapen1
 
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and MoreManyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
narinav14
 
ppt on the brain chip neuralink.pptx
ppt  on   the brain  chip neuralink.pptxppt  on   the brain  chip neuralink.pptx
ppt on the brain chip neuralink.pptx
Reetu63
 
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid
 

Recently uploaded (20)

一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptxOperational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
 
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
 
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
 
ACE - Team 24 Wrapup event at ahmedabad.
ACE - Team 24 Wrapup event at ahmedabad.ACE - Team 24 Wrapup event at ahmedabad.
ACE - Team 24 Wrapup event at ahmedabad.
 
The Role of DevOps in Digital Transformation.pdf
The Role of DevOps in Digital Transformation.pdfThe Role of DevOps in Digital Transformation.pdf
The Role of DevOps in Digital Transformation.pdf
 
Voxxed Days Trieste 2024 - Unleashing the Power of Vector Search and Semantic...
Voxxed Days Trieste 2024 - Unleashing the Power of Vector Search and Semantic...Voxxed Days Trieste 2024 - Unleashing the Power of Vector Search and Semantic...
Voxxed Days Trieste 2024 - Unleashing the Power of Vector Search and Semantic...
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and  Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
美洲杯赔率投注网【​网址​🎉3977·EE​🎉】
美洲杯赔率投注网【​网址​🎉3977·EE​🎉】美洲杯赔率投注网【​网址​🎉3977·EE​🎉】
美洲杯赔率投注网【​网址​🎉3977·EE​🎉】
 
Orca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container OrchestrationOrca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container Orchestration
 
bgiolcb
bgiolcbbgiolcb
bgiolcb
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
 
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and MoreManyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
 
ppt on the brain chip neuralink.pptx
ppt  on   the brain  chip neuralink.pptxppt  on   the brain  chip neuralink.pptx
ppt on the brain chip neuralink.pptx
 
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
 

A Deep Dive into Secure Product Development Frameworks.pdf

  • 1. 1 Cybersecurity in Medical Devices Practical Advice for FDA’s 510(k) Secure Product Development Framework (SPDF)
  • 2. About Us – Complementary Partners 2 INTEGRITY Security Services (ISS) is a wholly owned subsidiary of Green Hills Software LLC., established to provide best practice embedded security products and services for the protection of smart devices in all industries from cyber security attacks. ISS's experience enables them to provide the world’s first Secure Platform for Medical (SPM) which dramatically reduces time and resources for medical device OEMs to meet Omnibus Act Section 3305 and FD & C Section 524B. BG Networks equips embedded engineers and penetration testers with easy-to-use software automation tools to streamline cybersecurity tasks including hardening, detection, and testing. BG Networks automation tools are designed to help with adherence to regulations from the FDA, NIST, ISO, and the EU. ICS supports our customers with software development, User experience design, platform and regulatory support to build next generation products. We provide a number of services focused on the medtech space including human factors engineering with a 62366 compliant process, hazard and risk analysis, 62304 compliant software development, and platform support including cybersecurity. Cybersecurity Services Cyber-Testing Detection Hardening Risk Management
  • 3. Speaker Introductions 3 David Sequino Founder & CEO Colin Duggan Founder & CEO Milton Yarberry Director of Medical Programs & Cybersecurity
  • 4. Topics for Upcoming Webinars In This Series Following are topics for upcoming webinars June 20th Secure-by-Design - Using Hardware and Software Protection for FDA Compliance Threat modeling and risk assessment – First step in risk management Security by design & defense in depth – Security control categories called for by the FDA Cyber-testing – What the FDA expects Cybersecurity documentation - eSTAR submissions Post Market Requirements – Fixing Vulnerabilities: SBOM – Updates - Monitoring Bolting On Security – Is there anything that can be done if I already have a design 4
  • 5. Agenda • What does FD&C Act, 524B, say about SPDF • What is a SPDF • Introduction to a SPDF foundation • Example of application of a SPDF • SPDF documents the FDA has asked for 5
  • 6. Questions For Us - A Question For You – Link to Previous Webinar Questions for us • Put your questions in the Q&A • For questions we don’t get to, we’ll write answers and make them available after A question for you How confident are you that your medical devices processes meet FDA’s SPDF expectations? • Please respond now • We’ll also ask at the end to see if your perspective has changed For reference here is the previous webinar in this series and the answers to questions asked • Link to previous webinar: https://www.ics.com/webinar-demand-practical-advice-fdas-510k-requirements • Link to previous Q&A: https://www.ics.com/questions-answers-fdas-510k-requirements-webinar • We’ll put both in the chat 6
  • 7. Primary goal of SPDF To manufacture and maintain safe and effective devices From a security standpoint, these are also trustworthy and resilient devices
  • 8. Sponsors Must • Submit a plan to monitor, identify, and address postmarket cybersecurity vulnerabilities and exploits • Provide a software bill of materials (SBOM) • Design, develop, and maintain processes to ensure device and related systems are cybersecure and provide postmarket updates and patches Effective March 29, 2023, the FD&C Act was amended to include section 524B "Ensuring Cybersecurity of Devices” that is introducing cybersecurity provisions for devices meeting the definition of a cyber device. Cyber device means a device that: 1. includes software … as a device or in a device; 2. has the ability to connect to the internet; and 3. contains any such technological characteristics … that could be vulnerable to cybersecurity threats YES, this includes devices only with a USB port Text 524B
  • 9. Slide 9 Example Safety & Security Verticals Slide 9 9 IEC 62443 UNR 155/6 ISO 21434 NIST 800-53 DO – 326A DO – 355 ARINC 667 ARINC 835 NIST 800-53 Many TCG Stds FD&C Section 524B EU MDR DO – 178B NIST 800-53 NIST 800-53
  • 10. Slide 10 • Patient Harm • Patient confidence in Health Delivery Organizations • Authenticity, which includes integrity • Authorization • Availability • Confidentiality • Secure and timely updatability and patchability Safety & Security go “hand in hand” Slide 10 Safety Security
  • 11. 11 Cybersecurity SPDF | Highest Level View Process Documents Image from flaticon.com The FDA won’t inspect your SPDF cybersecurity processes for 510(k) clearance… (but they would for a PMA or routine FDA inspection) … but you want to make sure your processes ensure safety and effectiveness And it results in documents that match expectations for the FDA’s review
  • 12. Device Lifecycle Must be Considered in Your SPDF Design/Develop/Test Manufacture Test/Provision/Release Support/Update/Decom Supply Chain Sites / Phases Assets Across Supply Chain Users Devices Digital Assets Sites Users Devices Digital Assets Sites Users Devices Digital Assets Sites Users Devices Digital Assets Sites
  • 13. 13 Elements that Make Up a SPDF | Many Ingredients Blended Together SPDF Inputs Cybersecurity Specific Medical Device SPDF Patient Safety & QMS Should Reference SPDF Docs
  • 14. Requirements Management SBOM Features Dev. Code Quality CI / CD Pre-Production Testing Post-Production Supporting End of Life Competence Development Threat Modeling Risk Assessment Implement cybersecurity features Static analysis, MISRA C, etc.. Generation CWE/CVE check Validation Pentesting Code Signing Release / Delivery Key Management Locking Hardware Vulnerability Monitoring Feedback / Incident Response Software Updates Diagnostic Tools Secure Decommissioning Software Development Lifecycle Security Development Lifecycle Legend 14 Secure Product Development Framework (SPDF) Based on IEC 81001-5-1
  • 15. Overview of IEC 81001-5-1 And AAMI SW96:2023 How They Can Be Used As a Foundation for SPDF
  • 16. Developed to Complement Your Existing QMS and Risk Processes QMS SPDF
  • 17. IEC 81001-5-1 | Overview – A Software SPDF IEC 81001-5: Finalized in December 2021 • Derived from an existing industrial cyber-security standard but adapted for medical devices • IEC 62443-4: Product Security Development Lifecycle Requirements IEC 81001-5 developed to be an extension to IEC 62304 • IEC 62304: Medical Device Software – Software Life Cycle Processes Recognized around the world • FDA Consensus standard • EU MDR is adopting • Required in Japan A couple of items to keep in mind • Does not exactly match FDA guidance and documentation required for pre market submission • Risk Management section is light-weight (reason to complement with AAMI SW:96)
  • 18. AAMI SW96: 2023 | Security Risk Management For Medical Devices • SW96:2023 is a full standard based on Technical Information Reports : TIR57 and TIR97 • Developed to work within the ISO 14971 risk framework • SW96:2023 has a broader definition of harm than ISO 14971 From ANSI/AAMI SW96:2023 Pg 27
  • 20. M Cybersecurity Process Secure Product Development Framework (SPDF) Design Controls Design Inputs Cyber ReqA Cyber ReqB Design outputs Cyber SpecX Cyber SpecY Cyber SpecZ Binaries Verification Tests Cyber TestX Cyber TestY Cyber TestZ Mitigations MitigationX MitigationY MitigationZ Threat Assessment ThreatX ThreatY ThreatZ Security Architecture Architecture Diagrams Component Analysis Connectivity definitions Use Case Views Code Known Abnormalities (test failures) Static Software Code Analysis Source SCA Binary SCA SBOM Triage & Justifications Vulnerability Report Penetration Testing (independent white hat) Post Market Vulnerability Management Plan Customer Transparency Plan Published Vulnerabilities Threat Mitigation Testing (vs. ReqA, ReqB) Vulnerability Testing (i.e. malformed input, fuzzing, etc.) Cybersecurity Assessment Security Risk Management Report (PMA - Annual) Security Risk Management Plan Security Risk Test Plan 20 SPDF composition Mitigations
  • 21. Example Ankle Worn Stroke Detection Data Acquisition AMPS from the MITRE / MDIC Medical Device Threat Modeling Hand Book Threat Modeling • We like data flow diagrams • They make it easy to see trust boundaries • Good start to 4 architectural views the FDA has mandated Example : Bluetooth • On the AMPS device • An important interface to keep secure! FDA Submission Document Architectural Views Guidance Section : V.B
  • 22. Threat Modeling STRIDE – Asset - Attack Path – Attack Feasibility 1) STRIDE 2) Asset 3) Attack Path 4) Score FDA Submission Document Threat Model Guidance Section : V.A, V.B, Appendix 1,2 1. Attacker pairs via bluetooth to AMPs device 2. Attacker reverse engineers code update API 3. Attacker uses API to install mallicious code <= two weeks Expert Restricted Easy Standard 12 Medium-High Attack Path Window of Opportunity Equipment Difficulty Score (lower means easier to hack) Attack Potential Knowledge of TOE Elapsed Time Expertise Overall Attack Potential Score High 0 Medium-High 10 Medium 14 Low 20 Very low 25 Control plane code execution Wrong data provided to Bluetooth app from AMPS device Asset Name Threat Scenario
  • 23. Impact - Risk Rating - Requirements (Inputs) Asset Name Damage Scenario Adverse Consequence Control plane code execution Wrong data provided to Bluetooth app from AMPS device 1) Incorrect data provided to doctor to determine patient's risk of stroke 2) Manufacturer could be legally liable 3) AMPS device functionaliy impaired Reduce 1) Implement authentication scheme for Bluetooth access Goal Goal 1: Bluetooth access requires authentication Requirement 1: Use Bluetooth LE Secure Connections based on Elliptic Curve Diffie Hellman challenge-response. Requires screen and yes/no buttons for user interface Cybersecurity Goal(s) or Claim Goals or Claim Summary Goal Requirement(s) Risk Treatment Decision Risk Treatment Details 5) Consequence 6) Impact 7) Risk Rating 8) Requirement FDA Submission Document Cybersecurity Risk Assessment Guidance Section : V.A FDA Submission Document Requirements Guidance Section : V.B.1, App.1 Safety Financial Operational Privacy Moderate Major Major Moderate Major S: Patient could be at risk of a stroke but is not treated F: If could be proven that the wrong data is being sent the medical device manufacturer could be liable O: Device is not functioning correctly P: Vital signs and stroke related data stolen Impact Categories Overall Impact Impact Justification Attack Feasibility Rating Very low Low Medium Medium-High High Impact Rating Severe 2 3 4 5 5 Major 1 2 3 4 5 Moderate 1 2 2 3 4 Negligible 1 1 1 1 2 Major Medium-High 4 Impact Rating Attack Feasability Rating Risk Value (1 - 5)
  • 24. SBOM FDA Submission Document SBOM Guidance Section : V.A.4, VI.A FDA Submission Document Vulnerability Assessment and Software Support Guidance Section : V.A.4 Common formats? • SPDX (older, licensing focus) • CycloneDX (lightweight, open source focus) • SWID (software tracking focus) What’s in it? • Types of info: • SW Component data fields • SBOM Author • Automation fields How created? • OS + commercial SW + open source • From build system • Component analysis tools • Vulnerability scanning tools • Simpler with managed packages How used? • Lookup in National Vulnerability Databases – (nvd.nist.gov/vuln/search) • Automation tools intended for this purpose JSON YAML Tag, Value
  • 25. Cyber-Testing - Verification of Outputs Four Types of Testing Called for by the FDA FDA Submission Document Testing Guidance Section : V.C TYPES OF TEST DESCRIPTION BLUETOOTH EXAMPLE Security Requirements Testing • Verification of input/requirement for security features • Testing of functionality including boundary cases • Positive and negative tests of Elliptic Curve Diffie Helman challenge-response • Verify that programming API and device characteristics are available only after auth. Threat Mitigation Testing • Validation/system level testing • Tie back to threat model • Consider global system, multi-patient harm, patchability • Test security of keys from brute force attacks • Consider break-one-break-them-all scenarios if unique keys per device not specified • Test for authentication bypass (e.g. pairing accepted without correct response) Vulnerability Testing • Testing for malformed inputs • Unexpected inputs • Vulnerability Chaining • Fuzzing, scanning, encryption check, static & dynamic code analysis • NIST NVD and CISA Known Exploited Vulnerabilities Catalog for Bluetooth vulns. using CPE. Penetration Testing • Testing done by personnel who have not worked on the design • White box testing recommended : more efficient & accepted by FDA • One week of pentesting on Bluetooth interfaces • MITM attacks, key extraction from app, key extraction for AMPS device (e.g., JTAG, USB, UART), malformed inputs, DoS, etc…
  • 26. Cybersecurity Risk Management Report Risk Management Report Vulnerability/Threat Mitigation/Penetration Testing SBOM Threat Modeling Threat Intelligence (e.g., CISA Vulnerability Catalog) FDA Submission Document Cybersecurity Risk Management Report Guidance Section : V, VI.B FDA Submission Document Unresolved Anomaly Assessment Guidance Section : V.A.5 FDA Submission Document Traceability Guidance Section : V.A, V.B, V.C, VI.A Overview • 3 Report Descriptions • FDA Submission Document: V, VI.B • TIR57, sec. 8. • SW96 Appendix C • Terms and concepts from the three sources are slightly different • Summary and References • Risk Management Report should succinctly SUMMARIZE the risk management process followed, and details of the outcome • Full analysis, assessments, models are REFERENCED in report Report Contents • System Description • Device Intended Use • Operating Environment • Threat Model • Security Risk Assessment • SBOM • Vulnerability Assessment • Unresolved Anomalies Assessment • Risk evaluation methods and processes • Residual Risk conclusions • Risk Mitigation activities • Component support information • Traceability: threat model / risk assessment / SBOM / testing documentation
  • 27. Labeling FDA Submission Document Labeling Guidance Section : VI.A Labeling as applied to cybersecurity • How to securely configure/set secure passwords • Document risks that are transferred • Security information of IT cybersecurity staff • Device identification on a network and how to track • Logging and attack detection information • Instructions to obtain software updates • Date of end of life support • How a device under attack will notify user • Protections against catastrophic events Labeling for example • How to set password in BT phone app • No risks transferred – all BT risks mitigated • Security information of IT cybersecurity staff • Unique device IDs tracked through app to cloud • IDS alerts provided on detection of attacks • URL on company website for software updates • End of life date negotiated between medical device manufacturer and HDO Labeling for user to help manage security risks - “Manufacturers should provide or make available SBOM information to users on a continuous basis” - Online portal to publish SBOM information, vulnerability information. Updated. Accurate.
  • 28. Post Market FDA Submission Document Cybersecurity Management Plans Guidance Section : VI.B FDA Submission Document Measures and Metrics Guidance Section : V.A.6 Cybersecurity Management Plans • Personnel responsible • Post market vulnerability monitor plan and sources of threat intel • Update process and time to patch • Vulnerability disclosure to manufacturer & communication to HDOs • Communicate through Online portal Measures & Metrics • Percentage of vulnerabilities that are patched • Time from vulnerability identification to patching • Duration from when a patch is available to implementation in devices deployed
  • 29. One Result of your SPDF Documentation for FDA Pre-Market Submission – Appendix 4