Risk-Oriented Cybersecurity for Medical Devices

Medical devices and services currently converge by means of connectivity. New connectivity services allow distributing functions not only across different devices and IT systems, but also to cloud services. Over-the-air software upgrades permit flexible enhancements of existing embedded systems and thus adjusting performance features as well as providing software upgrades for defect corrections and new functionality. Very fast, classic medical IT and embedded medical devices are converging to multi-purpose systems. With fast growing connectivity and the need to cope with functional safety, cybersecurity has gained huge relevance in short time-frame. Often protocol stacks are rather open to facilitate flexibility, but thus create security risks. Decent security analysis and security concepts are necessary to protect each step of the development life-cycle. This article introduces the risk-oriented medical cybersecurity. We start with a combined security and safety life-cycle for medical products and services, built upon Medical SPICE. Starting with a connected TARA (threat and Risk Analysis) and HARA (Hazard and Risk analysis) we converge to security requirements to harden safety requirements, and thus provide best practices on security engineering. With verification and validation, we investigate static code analysis but also towards specific testing such as fuzzing and penetration testing for medical devices. We show hands-on examples on basis of the COMPASS SecurityCheck and directly connected grey-box PenTesting. The presentation provides hands-on examples and introduces to a hands-on TARA and related PenTest activity.

Was lernen die Zuhörer in dem Vortrag?

  • Risk-oriented Security Engineering best practices
  • Security Check
  • Connecting TARA and HARA for converged systems
  • Grey-Box PenTesting
Ulrich Bodenhausen
Ulrich Bodenhausen

Dr. Ulrich Bodenhausen is a manager at Vector Consulting Services. He is a renowned expert on agility for critical systems. Dr. Bodenhausen started his...


Christof Ebert
Youssef Rekik

Youssef Rekik is a consultant at Vector Consulting Services. He helps companies worldwide to improve their development processes and change management. He...

45 Minuten Vortrag

Einsteiger
Zeit

16:50-17:35
23. Oktober


Raum

Raum "Paris"


Schwerpunkt

Safety & Security


Zielpublikum

Entwickler, IT, Produktmanagement, Projektmanagement, Qualität, Zulassung


ID

Mi2.5

Zurück

Copyright © 2019 HLMC Events GmbH