Hi everyone, I'm trying to get an idea of what this new FDA draft - "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices" (Document issued on October 18, 2018) implies for our company and our new designs.
The way I see it is that medical devices with complex User Interfaces tend to "look & feel" more and more like consumer products (mobile devices, tablets, etc.). This is generating a trend towards using advanced Graphic Frameworks (like QT or similar) running on top of "big" OS (Android, Linux-based OS, or other similar commercial OS) because the processor used is as well very complex (due to the need of high performance graphic engine, multi-core architecture, etc.).
My idea is to start a discussion and maybe suggest alternative solutions for this new trend (at least "new" for me).
a) Does anyone have any experience on using such complex environments?
b) Is it ok to use Linux?
c) Which one (Yocto, Armstrong, commercial, etc.)?
d) Won't we end up with a high work-load to validate SOUP, cybersecurity issue tracking, risk of cybersecurity mandatory updates (and possible recalls!!!)?
---
Let suppose we are using Linux-based OS to run a multi-core processor, and after the risk analysis we end up with a "Tier 1 - Higher Cybersecurity Risk" classification (for example, due to communication interface with the HIS or because we support Pendrive connection).
Here come several questions:
1) The draft states: "... protection mechanisms should prevent all unauthorized use (through all interfaces); ensure code, data, and execution integrity ...". What is the meaning of "interfaces" in this context? Are they only communication interfaces (like Ethernet, USB, serial, etc.) or they are refering to HMI aswell (like touch-screen entries, keys, etc.)?
2) What does it mean when the draft states: "Consider physical locks on devices and their communication ports to minimize tampering". Does this means to lock the access to the communication ports with a key? or maybe to activate the use of those ports using a kinf-of authentication dongle?
Anyone has an example of a device doing something like this?
3) In section B.1 it says "Design the Device to Detect Cybersecurity Events in a Timely Fashion", and in point (b) "Devices should be designed to permit routine security and antivirus scanning". Really?? Should we put an anti-virus inside the Device? Are there any alternatives?
(sorry if my post is messy, my understanding of the subject is also kind of messy at the moment)
Any comment you may have I will appreciate it!
The way I see it is that medical devices with complex User Interfaces tend to "look & feel" more and more like consumer products (mobile devices, tablets, etc.). This is generating a trend towards using advanced Graphic Frameworks (like QT or similar) running on top of "big" OS (Android, Linux-based OS, or other similar commercial OS) because the processor used is as well very complex (due to the need of high performance graphic engine, multi-core architecture, etc.).
My idea is to start a discussion and maybe suggest alternative solutions for this new trend (at least "new" for me).
a) Does anyone have any experience on using such complex environments?
b) Is it ok to use Linux?
c) Which one (Yocto, Armstrong, commercial, etc.)?
d) Won't we end up with a high work-load to validate SOUP, cybersecurity issue tracking, risk of cybersecurity mandatory updates (and possible recalls!!!)?
---
Let suppose we are using Linux-based OS to run a multi-core processor, and after the risk analysis we end up with a "Tier 1 - Higher Cybersecurity Risk" classification (for example, due to communication interface with the HIS or because we support Pendrive connection).
Here come several questions:
1) The draft states: "... protection mechanisms should prevent all unauthorized use (through all interfaces); ensure code, data, and execution integrity ...". What is the meaning of "interfaces" in this context? Are they only communication interfaces (like Ethernet, USB, serial, etc.) or they are refering to HMI aswell (like touch-screen entries, keys, etc.)?
2) What does it mean when the draft states: "Consider physical locks on devices and their communication ports to minimize tampering". Does this means to lock the access to the communication ports with a key? or maybe to activate the use of those ports using a kinf-of authentication dongle?
Anyone has an example of a device doing something like this?
3) In section B.1 it says "Design the Device to Detect Cybersecurity Events in a Timely Fashion", and in point (b) "Devices should be designed to permit routine security and antivirus scanning". Really?? Should we put an anti-virus inside the Device? Are there any alternatives?
(sorry if my post is messy, my understanding of the subject is also kind of messy at the moment)
Any comment you may have I will appreciate it!
Approach it all from a risk-based, common-sense perspective. What makes sense for your device? What's the potential harm (including access to protected info - you don't want to run afoul of GDPR!!) if hacked? What are the vulnerabilities and how have you mitigated likelihood of a breach?