The National Academies Press

Currently Skimming:

On the Technical Debt of Medical Device Security--Kevin Fu
Pages 21-28

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 21... ... In the past few decades, medical devices have evolved from simple analog components to complex digital systems with an amalgam of software, circuits, and advanced power sources that are much more difficult to validate and verify. Whereas a classic stethoscope depended on well-understood analog components, modern devices such as linear accelerators, pacemakers, drug infusion pumps, and patient monitors depend critically on computer technology. Read the entire page →
From page 22... ... By uncovering the implications of the flaws baked in from early engineering choices, hackers are merely the "collectors" and messengers of this cybersecurity technical debt. BRIEF HISTORY OF MEDICAL DEVICE SECURITY Research: Case Studies There is a rich history of efforts to ensure trustworthy medical device software (Fu 2011) Read the entire page →
From page 23... ... And, importantly, our research showed that, despite the security risks, patients predisposed to health risks who are prescribed a wireless medical device are far safer accepting the device than not. The Role of Hackers A few years later, the hacker community began to replicate academic experiments on medical devices. Read the entire page →
From page 24... ... premarket guidance on cybersecurity calls for a technical cybersecurity risk analysis in all applications for premarket clearance to sell medical devices in the United States. In addition, the FDA is expected to release a postmarket guidance document on coordinated vulnerability disclosure, incident reporting, and continuous surveillance of emerging cybersecurity risks. Read the entire page →
From page 25... ... for medical device security involve analog cybersecurity. Cybersecurity risks that begin in the analog world can infect the digital world by exploiting semipermeable digital abstractions. Read the entire page →
From page 26... ... To enhance the trustworthiness of emerging medical devices and patients' confidence in them, manufacturers need to address cybersecurity risks during the initial engineering and design, and maintain postmarket surveillance throughout the product lifecycle. ACKNOWLEDGMENTS This work is supported in part by the Archimedes Center for Medical Device Security and the National Science Foundation under the Trustworthy Health and Wellness project (THAW.org; award CNS-1330142) Read the entire page →
From page 27... ... 2013. WattsUpDoc: Power side channels to nonintrusively discover untargeted malware on embedded medical devices. Read the entire page →

From page 21...

... In the past few decades, medical devices have evolved from simple analog components to complex digital systems with an amalgam of software, circuits, and advanced power sources that are much more difficult to validate and verify. Whereas a classic stethoscope depended on well-understood analog components, modern devices such as linear accelerators, pacemakers, drug infusion pumps, and patient monitors depend critically on computer technology.

Read the entire page →

From page 22...

... By uncovering the implications of the flaws baked in from early engineering choices, hackers are merely the "collectors" and messengers of this cybersecurity technical debt. BRIEF HISTORY OF MEDICAL DEVICE SECURITY Research: Case Studies There is a rich history of efforts to ensure trustworthy medical device software (Fu 2011)

Read the entire page →

From page 23...

... And, importantly, our research showed that, despite the security risks, patients predisposed to health risks who are prescribed a wireless medical device are far safer accepting the device than not. The Role of Hackers A few years later, the hacker community began to replicate academic experiments on medical devices.

Read the entire page →

From page 24...

... premarket guidance on cybersecurity calls for a technical cybersecurity risk analysis in all applications for premarket clearance to sell medical devices in the United States. In addition, the FDA is expected to release a postmarket guidance document on coordinated vulnerability disclosure, incident reporting, and continuous surveillance of emerging cybersecurity risks.

Read the entire page →

From page 25...

... for medical device security involve analog cybersecurity. Cybersecurity risks that begin in the analog world can infect the digital world by exploiting semipermeable digital abstractions.

Read the entire page →

From page 26...

... To enhance the trustworthiness of emerging medical devices and patients' confidence in them, manufacturers need to address cybersecurity risks during the initial engineering and design, and maintain postmarket surveillance throughout the product lifecycle. ACKNOWLEDGMENTS This work is supported in part by the Archimedes Center for Medical Device Security and the National Science Foundation under the Trustworthy Health and Wellness project (THAW.org; award CNS-1330142)

Read the entire page →

From page 27...

... 2013. WattsUpDoc: Power side channels to nonintrusively discover untargeted malware on embedded medical devices.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

On the Technical Debt of Medical Device Security--Kevin Fu Pages 21-28

On the Technical Debt of Medical Device Security--Kevin Fu
Pages 21-28