Medical Design Briefs - January 2022 - 3

FROM
THE EDITOR
Cybersecurity: Playbook for Threat
Modeling Medical Devices
FDA has announced the release of
" Playbook
for
Threat Modeling
Medical Devices, " which was developed by
MITRE and the Medical Device Innovation
Consortium (MDIC). The playbook is
designed to be an educational resource
detailing best practices for understanding
basic threat modeling and processes, and
how to apply them to medical devices.
Threat modeling, FDA says, has become
a recognized cybersecurity best practice,
both generally and in the medical device
subsector specifically. How ever, threat modeling
is complex and involves a specialized
set of knowledge and expertise. The playbook
aims to help the medical device sector
learn how to effectively threat model.
According to MDIC, " A key piece of
managing medical device and diagnostic
cybersecurity risks is the integration of
threat modeling because it " provides a
blueprint to strengthen security through
the total product lifecycle of the devices,
thereby ensuring improved safety and
effectiveness of medical products.
In September 2019, FDA awarded
funding to MDIC to increase awareness
on systematic approaches to threat modeling
that would enable manufacturers
to effectively address system level risks.
This funding enabled MDIC to conduct
two threat modeling " bootcamps " for
medical device stakeholders in August
2020 and February 2021. MDIC collaborated
with other experts to develop the
modules for bootcamps.
For several years, MITRE says, FDA has
recognized the value of threat modeling as
an approach to strengthen the cybersecurity
and safety of medical devices. To
increase knowledge and understanding of
threat modeling throughout the medical
device ecosystem, FDA engaged with
MITRE, MDIC, and Adam Shostack to
conduct the bootcamps and develop the
playbook based on the lessons learned.
Using fictional medial devices as
examples, the playbook guides medical
device OEMs through multiple scenarios
and concepts. Direct from the playbook:
" The playbook can be used as a
resource for threat modeling training
within an organization. Individuals can
work through the examples, filling in
the details left to the reader, applying
the different methodologies discussed in
the playbook to those gaps, and
researching additional approaches using
Medical Design Briefs, January 2022
Cov
ToC
Free Info at http://info.hotims.com/82317-707
3
the references in the playbook as starting
points. "
MITRE notes that the 91-page playbook
is not prescriptive in that " it does
not describe one approach to be used
when threat modeling medical devices
but focuses on general threat modeling
principles. " Rather, the playbook provides
insights on how an organization can
develop or evolve an approach to create
threat models in a systematic and consistent
way to achieve those objectives. " The
playbook provides a foundation that can
inform an organization's threat modeling
practices. It is intended to serve as a
resource for developing or evolving a
threat modeling practice, " says MITRE.
Sherrie Trigg
Editor and Director of Medical Content
For a copy of the playbook, go to
https://bit.ly/modeling-threat-playbook
https://www.bit.ly/modeling-threat-playbook http://info.hotims.com/82317-707 http://info.hotims.com/82317-803

Medical Design Briefs - January 2022

Table of Contents for the Digital Edition of Medical Design Briefs - January 2022

Medical Design Briefs - January 2022 - Intro
Medical Design Briefs - January 2022 - Sponsor
Medical Design Briefs - January 2022 - Cov1a
Medical Design Briefs - January 2022 - Cov1b
Medical Design Briefs - January 2022 - Cov1
Medical Design Briefs - January 2022 - Cov2
Medical Design Briefs - January 2022 - 1
Medical Design Briefs - January 2022 - 2
Medical Design Briefs - January 2022 - 3
Medical Design Briefs - January 2022 - 4
Medical Design Briefs - January 2022 - 5
Medical Design Briefs - January 2022 - 6
Medical Design Briefs - January 2022 - 7
Medical Design Briefs - January 2022 - 8
Medical Design Briefs - January 2022 - 9
Medical Design Briefs - January 2022 - 10
Medical Design Briefs - January 2022 - 11
Medical Design Briefs - January 2022 - 12
Medical Design Briefs - January 2022 - 13
Medical Design Briefs - January 2022 - 14
Medical Design Briefs - January 2022 - 15
Medical Design Briefs - January 2022 - 16
Medical Design Briefs - January 2022 - 17
Medical Design Briefs - January 2022 - 18
Medical Design Briefs - January 2022 - 19
Medical Design Briefs - January 2022 - 20
Medical Design Briefs - January 2022 - 21
Medical Design Briefs - January 2022 - 22
Medical Design Briefs - January 2022 - 23
Medical Design Briefs - January 2022 - 24
Medical Design Briefs - January 2022 - 25
Medical Design Briefs - January 2022 - 26
Medical Design Briefs - January 2022 - 27
Medical Design Briefs - January 2022 - 28
Medical Design Briefs - January 2022 - 29
Medical Design Briefs - January 2022 - 30
Medical Design Briefs - January 2022 - 31
Medical Design Briefs - January 2022 - 32
Medical Design Briefs - January 2022 - 33
Medical Design Briefs - January 2022 - 34
Medical Design Briefs - January 2022 - 35
Medical Design Briefs - January 2022 - 36
Medical Design Briefs - January 2022 - 37
Medical Design Briefs - January 2022 - 38
Medical Design Briefs - January 2022 - 39
Medical Design Briefs - January 2022 - 40
Medical Design Briefs - January 2022 - Cov3
Medical Design Briefs - January 2022 - Cov4
https://www.nxtbook.com/smg/techbriefs/22MDB06
https://www.nxtbook.com/smg/techbriefs/22MDB04
https://www.nxtbook.com/smg/techbriefs/techleaders21
https://www.nxtbook.com/smg/techbriefs/22MDB03
https://www.nxtbook.com/smg/techbriefs/22MDB02
https://www.nxtbook.com/smg/techbriefs/22MDB01
https://www.nxtbook.com/smg/techbriefs/21MDB12
https://www.nxtbook.com/smg/techbriefs/21MDB11
https://www.nxtbook.com/smg/techbriefs/21MDB10
https://www.nxtbook.com/smg/techbriefs/21MDB09
https://www.nxtbook.com/smg/techbriefs/21MDB08
https://www.nxtbook.com/smg/techbriefs/21MDB07
https://www.nxtbook.com/smg/techbriefs/21MDB06
https://www.nxtbook.com/smg/techbriefs/21MDB05
https://www.nxtbook.com/smg/techbriefs/21MDB04
https://www.nxtbook.com/smg/techbriefs/21MDB02
https://www.nxtbookmedia.com