A key piece of managing medical device and diagnostic cybersecurity risks is the integration of threat modelling (TM). TM provides a blueprint to strengthen security through the total product lifecycle of the devices, thereby ensuring improved safety and effectiveness of medical products. In September 2019, FDA awarded funding to MDIC to increase awareness on systematic approaches to TM that can enable manufacturers to effectively address system level risks. Through an FDA funded cybersecurity initiative, MDIC delivered two bootcamps on TM for medical device stakeholders which were held August 17-21, 2020 and February 22-26, 2021. MDIC collaborated with over two dozen SMEs on threat modeling – both from MedTech and non-MedTech sector, led by Shostack & Associates, in developing the modules for bootcamps.
After receiving a tremendous response for the limited number of spaces, MDIC limited participation to no more than two individuals from the same organization. To ensure diversity, the selected participants included both technical professionals working in the product development sector as well as regulatory professionals in the medical device public and private sectors. In parallel to the bootcamps, MDIC is closely working with MITRE to develop a Medical Device Threat Modeling Playbook to be released in October 2021.
Objectives & discussed topics of the MDIC threat modeling bootcamps:
- Intensive, hands-on sessions on threat modeling.
- Learning about structured, systematic and comprehensive approach to threat modeling for engineering more secure systems from SMEs from public and private sector.
- Learning the latest updates on medical device cybersecurity and related areas from representatives of FDA and industry.
- Networking opportunity with SMEs from MedTech and non-MedTech sectors to learn on cybersecurity best practices that can be incorporated into the medical device industry
- Contributing to the discussions on the development of Medical Device Threat Modelling Playbook
To learn more about the bootcamp along with various other MDIC cybersecurity initiatives, email us at firstname.lastname@example.org