Cybersecurity Design Considerations for Medical Device Manufacturers
The FDA Pre-Market Guidance for Medical Device Cybersecurity identifies a number of security functions manufacturers should consider in their design of network connected and IoT enabled medical devices, this course provides an overview
With the increasing threat of cybersecurity affecting connected medical devices, software, systems, and healthcare IT networks, manufacturers must understand how to identify and mitigate security threats to assure that products & systems are designed to be resistant to security exploits. Security functions are needed to assure that any threat surface which can expose the medical device and its network connectivity are designed in a way to be robust against common security exploits. The FDA Pre-Market Guidance for Medical Device Cybersecurity identifies a number of security functions manufacturers should consider in their design of network connected and IoT enabled medical devices.
In this training program, we will provide an overview of the recommended security functions, including authorization, authentication, encryption, and detection security functions identified in the FDA Pre-Market Guidance. We will provide practical examples of their implementation in a case study design and discuss design trade-offs.
In addition, the training program will also include additional considerations for data security, trustworthiness and detection models suitable for products which employ embedded design architecture.
Upon completion of this training, you will:
1. Know the recommended security functions from the FDA Pre-Market Guidance and several common implementations
2. Understand key security function implementation for authorization, authentication, and data security
3. Have a model to perform trade-off analysis to better understand the costs and benefits of specific methods
- Quick review of Risk Management and Security Risk Management Standards
- Understanding the FDA Pre-Market Guidance recommendations for security functions
- An overview of the NIST Cybersecurity Framework and the NIST SP 800-57 standard for security functions
- Overview of authorization, authentication, encryption and detection security functions
- Documenting a trade-off analysis for the selection of specific security functions
- Additional security functions manufacturers should consider for data security and trustworthiness of embedded design.
The training format is classroom presentation, small workgroup activities, example oriented, interactive.
- Product Development Engineers
- Product Security Designers
- Software Developers
- Quality Professionals
- Regulatory Professionals
- IT Professionals interested in Product Development
- Technical Marketing Professionals
- CIOs/CISOs/IT Executives
The training level is introductory to moderate level, suitable for newcomers as well as those with some experience in security risk management.
Laura Élan, P.E., RAC, Senior Manager, Cybersecurity, CSA Group
Dena Solt, Security Certification Engineer, CSA Group
"Good introduction to the topic. Provided an overview that is applicable in daily work"
"The course had a nice high level approach to the subject with an expert instructor to highlight key details"
"Great teacher, hands-on training, good rythm"
"I got a good introduction to the topic and a good start to investigate further"
Participants, Spring 2020