MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST...
Transcript of MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST...
![Page 1: MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST Voluntary Framework (Feb 2014) v1.1 in Dra Jan. 10, 2017 • PPD 21 (Feb 2013) • EO 13691](https://reader035.fdocuments.us/reader035/viewer/2022062317/5ec4eaf52b59714641448186/html5/thumbnails/1.jpg)
1
MEDICALDEVICECYBERSECURITYSETHDCARMODYPHDCYBERSECURITYSUMMIT2017OCTOBER23,2017
www.fda.gov
![Page 2: MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST Voluntary Framework (Feb 2014) v1.1 in Dra Jan. 10, 2017 • PPD 21 (Feb 2013) • EO 13691](https://reader035.fdocuments.us/reader035/viewer/2022062317/5ec4eaf52b59714641448186/html5/thumbnails/2.jpg)
2
Execu;veOrders(EO),Presiden;alPolicyDirec;ves,andFrameworktoStrengthenCri;calInfrastructure
Cybersecurity• EO13636(Feb2013)àNISTVoluntaryFramework(Feb2014)v1.1inDraJ
Jan.10,2017
• PPD21(Feb2013)• EO13691(Feb2015)–establishmentofInformaTonSharingandAnalysis
OrganizaTons(ISAO)• EO13800,"StrengtheningtheCybersecurityofFederalNetworksandCriTcal
Infrastructure”May17,2017
www.fda.gov
![Page 3: MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST Voluntary Framework (Feb 2014) v1.1 in Dra Jan. 10, 2017 • PPD 21 (Feb 2013) • EO 13691](https://reader035.fdocuments.us/reader035/viewer/2022062317/5ec4eaf52b59714641448186/html5/thumbnails/3.jpg)
3
Informa;onalTech/Opera;onalTech
www.fda.gov
InformaTonTechnologyOperaTonalTechnology
IoT–InternetofThings
Byh^p://hem.dis.anl.gov/eehem/picts/94110818_8.gif[deadlink],PublicDomain,h^ps://commons.wikimedia.org/w/index.php?curid=5804284
ControlSystem
Internet-ConnectedOperaTonalTechnology
![Page 4: MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST Voluntary Framework (Feb 2014) v1.1 in Dra Jan. 10, 2017 • PPD 21 (Feb 2013) • EO 13691](https://reader035.fdocuments.us/reader035/viewer/2022062317/5ec4eaf52b59714641448186/html5/thumbnails/4.jpg)
4
Center for Food Safety & Applied Nutrition
Center for Drug Evaluation & Research
Center for Biologics Evaluation & Research
Center for Devices & Radiological Health (CDRH)
Center for Veterinary Medicine
National Center for Toxicological Research
Center for Tobacco Products
www.fda.gov
FDA’sRegulatoryScope
![Page 5: MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST Voluntary Framework (Feb 2014) v1.1 in Dra Jan. 10, 2017 • PPD 21 (Feb 2013) • EO 13691](https://reader035.fdocuments.us/reader035/viewer/2022062317/5ec4eaf52b59714641448186/html5/thumbnails/5.jpg)
5
TheAc;veAdversary,AFineWine
www.fda.gov
Moveover,MiraiThea^acksareavariaTononthosemountedbyMirai,abotnetmadeupofnetworkcameras,digitalvideorecorders,andotherso-calledInternet-of-thingsdevices.ThepointofMiraiistobuildanarmyofdevicesthatcrippleprominentwebsiteswithrecord-sehngdistributedDoSa^acks.ThemoTvaTonforthePDoSa^acksremainsunclear,inpartbecauseBrickerBot.2a^ackedamuchwidervarietyofstoragedevices—includingthoseusedbyservers—ratherthanstorageusedonlybymorelimitedIoTdevices
![Page 6: MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST Voluntary Framework (Feb 2014) v1.1 in Dra Jan. 10, 2017 • PPD 21 (Feb 2013) • EO 13691](https://reader035.fdocuments.us/reader035/viewer/2022062317/5ec4eaf52b59714641448186/html5/thumbnails/6.jpg)
6
IntendedUse+Misuseh^p://hackaday.com/2015/09/07/brick-laying-robot-does-it-be^er/
h^p://www.technologyvista.in/pin/here-comes-the-brick-laying-robot-to-make-buildings/
![Page 7: MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST Voluntary Framework (Feb 2014) v1.1 in Dra Jan. 10, 2017 • PPD 21 (Feb 2013) • EO 13691](https://reader035.fdocuments.us/reader035/viewer/2022062317/5ec4eaf52b59714641448186/html5/thumbnails/7.jpg)
7
Nega;veRequirementsareInfinite!
Features:WhataDeviceMUSTDo…
Safety:WhataDeviceMUSTNOTdo
Thou,shallnotunderoroverdelivertherapy!
GetdruglibrariesfromtheInternet
![Page 8: MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST Voluntary Framework (Feb 2014) v1.1 in Dra Jan. 10, 2017 • PPD 21 (Feb 2013) • EO 13691](https://reader035.fdocuments.us/reader035/viewer/2022062317/5ec4eaf52b59714641448186/html5/thumbnails/8.jpg)
8
PostmarketCybersecurityRiskAssessment
www.fda.gov
![Page 9: MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST Voluntary Framework (Feb 2014) v1.1 in Dra Jan. 10, 2017 • PPD 21 (Feb 2013) • EO 13691](https://reader035.fdocuments.us/reader035/viewer/2022062317/5ec4eaf52b59714641448186/html5/thumbnails/9.jpg)
9
DeviceLifecycle:EcosystemChallenges
www.fda.gov
![Page 10: MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST Voluntary Framework (Feb 2014) v1.1 in Dra Jan. 10, 2017 • PPD 21 (Feb 2013) • EO 13691](https://reader035.fdocuments.us/reader035/viewer/2022062317/5ec4eaf52b59714641448186/html5/thumbnails/10.jpg)
10
EmpathyandCollaboraTonFromEO13636“Wecanachievethesegoalsthroughapartnershipwiththeownersandoperatorsofcri6calinfrastructuretoimprovecybersecurityinforma6onsharingandcollabora6velydevelopandimplementrisk-basedstandards.”
![Page 11: MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST Voluntary Framework (Feb 2014) v1.1 in Dra Jan. 10, 2017 • PPD 21 (Feb 2013) • EO 13691](https://reader035.fdocuments.us/reader035/viewer/2022062317/5ec4eaf52b59714641448186/html5/thumbnails/11.jpg)
11
FDA’sApproachtoCybersecurity
ExecuTveOrdersFDASafetyCommunicaTonDraJPremarketGuidanceBeginCoordinaTonwithDHSRecognizeStandardsEstablishIncidentResponseTeam
FinalPremarketGuidanceMOUwithNH-ISACPublicWorkshop
Product-SpecificSafetyCommBuildEcosystem/CollaboraTon
2013
2014
2015
2016
DraJandFinalPostmarketGuidancePublicWorkshopMOUwithNH-ISAC/MDISS
2017
2005:Issuedguidance2008:Halpern,et.al. 2009:IssuedsafetycommunicaTon2011:“Hacking”ofimplantableinsulinpump(Radcliffe)2012:FirstrecallofvulnerablesoJware(Roche-PCAnywhere)2013:RecallofTNS-listener(Roche)
Product-SpecificSafetyComm
1stCybersecurityWL
![Page 12: MEDICAL DEVICE CYBERSECURITY...2017/10/04 · Cybersecurity • EO 13636 (Feb 2013) à NIST Voluntary Framework (Feb 2014) v1.1 in Dra Jan. 10, 2017 • PPD 21 (Feb 2013) • EO 13691](https://reader035.fdocuments.us/reader035/viewer/2022062317/5ec4eaf52b59714641448186/html5/thumbnails/12.jpg)
12
Ques;ons?
Contacts:CDRHmailbox,[email protected],[email protected],[email protected],[email protected]