Cybersecurity Threat Modeling
Overview
A key piece of managing medical device and diagnostic cybersecurity risks is the integration of threat modeling (TM). TM provides a blueprint to strengthen security through the total product lifecycle of the devices, thereby ensuring improved safety and effectiveness of medical products. Threat Modeling must be used to systematically identify, evaluate, and prioritize potential security threats and vulnerabilities to enhance overall risk management and defense strategy of medical devices.
In 2019, FDA awarded funding to MDIC to increase awareness on systematic approaches to TM that can enable manufacturers to effectively address system level risks. MDIC delivered multiple bootcamps on TM for medical device stakeholders. MDIC collaborated with over two dozen SMEs on threat modeling – both from MedTech and non-MedTech sector, led by Shostack & Associates, in developing the modules for bootcamps. The selected participants included both technical professionals working in the product development sector as well as regulatory professionals in the medical device public and private sectors.
In parallel to the bootcamps, MDIC and MITRE collaboratively developed the Playbook for Threat Modeling Medical Devices.
Read the Threat Modeling Playbook
Threat Modeling Bootcamp
Intensive, hands-on sessions on threat modeling.
Learning about structured, systematic and comprehensive approach to threat modeling for engineering more secure systems from SMEs from public and private sector.
Networking opportunity with SMEs from MedTech and non-MedTech sectors to learn on cybersecurity best practices that can be incorporated into the medical device industry
To learn more about participating in a TM Bootcamp, please contact the MDIC Cybersecurity team at cybersecurity@mdic.org
Threat Modeling Working Group Members
Melissa P Chase
Mitre
Steve Christey Coley
Mitre
Stephanie Domas
MedSec
Matt Hazelett
MedSec
Brian Fitzgerald
FDA
Nicholas Gerteisen
Smith + Nephew
Sean Harrington
Abbott
Tyrone Heggins
BD
Daniel Heppner
Roche
Iacovos (Jake) Kyprianou
FDA
Tara Larson
Abbott
Ashley Mancuso
Johnson and Johnson
Charles Martinez
Beckman Coulter
Colin Morgan
Apraciti
Chris Reed
Medtronic
Sudar Shields
Boston Scientific
Adam Shostack
Shostack + Associates
Lisa Simone
FDA
Daniel Speck
Roche
Scott Van Eps
Beckman Coulter
Eugene Vasserman
Kansas State University
Matt Weir
Mitre
Charles Wilson
Motional
Beau Woods
I am the Cavalry
Margie Zuk
Mitre