SlideShare a Scribd company logo

Threat Modeling and Risk Assessment Webinar.pdf

ICS, profile picture
ICS

The document outlines the importance of threat modeling and risk assessment in the development of medical devices, emphasizing its necessity for compliance with FDA regulations such as the 510(k) requirements. It discusses various methodologies for identifying and managing threats, and offers educational sessions aimed at helping organizations understand and implement these practices effectively. Additionally, it introduces the Cumulus platform as a solution for managing the cybersecurity lifecycle of medical devices to streamline compliance and enhance security.

Software
1 of 49
Downloaded 20 times
1
2
Most read
3
4
5
6
Most read
7
8
9
10
11
12
13
14
Most read
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
1 Threat Modeling and Risk Assessment: A Step-by-Step Example September 26 | 1 pm EDT
About Us – Complementary Partners 2 INTEGRITY Security Services (ISS) is a wholly owned subsidiary of Green Hills Software LLC., established to provide best practice embedded security products and services for the protection of smart devices in all industries from cyber security attacks. ISS's experience enables them to provide the world’s first Secure Platform for Medical (SPM) which dramatically reduces time and resources for medical device OEMs to meet Omnibus Act Section 3305 and FD & C Section 524B. BG Networks equips embedded engineers and penetration testers with easy-to-use software automation tools to streamline cybersecurity tasks including hardening, detection, and testing. BG Networks automation tools are designed to help with adherence to regulations from the FDA, NIST, ISO, and the EU. ICS supports our customers with software development, User experience design, platform and regulatory support to build next generation products. We provide a number of services focused on the medtech space including human factors engineering with a 62366 compliant process, hazard and risk analysis, 62304 compliant software development, and platform support including cybersecurity. Cybersecurity Services Cyber-Testing Detection Hardening Risk Management
Speaker Introductions 3 David Sequino Founder & CEO Colin Duggan Founder & CEO Milton Yarberry Director of Medical Programs & Cybersecurity
Cybersecurity in Medical Devices: Practical Advice for FDA’s 510(k) Requirements Webinar Series 4 1. On Demand Practical Advice for FDA’s 510(k) Requirements https://www.ics.com/webinar-demand-practical-advice-fdas-510k-requirements 2. On Demand Secure-by-Design - Using Hardware and Software Protection for FDA Compliance https://resources.ics.com/webinar/secure-product-development-frameworks 3. On Demand Secure-by-Design - Using Hardware and Software Protection for FDA Compliance https://resources.ics.com/webinar/secure-by-design-hardware-software-protection 4. Threat modeling and risk assessment – First step in risk management 5. Cyber-testing – What the FDA expects 6. Defense-In-Depth – Security control categories called for by the FDA 7. Cybersecurity documentation - eSTAR submissions 8. Post Market Requirements – Fixing Vulnerabilities: SBOM – Updates - Monitoring 9. Bolting On Security – Is there anything that can be done if I already have a design Today’s Presentation November
Agenda • Why should threats be modeled, and risks assessed • Overview of the device used in the example • Threat modeling steps • Risk assessment steps • Steps to implement controls • Sign up for 1 on 1, hands-on threat modeling & risk analysis session 5
Threat Modeling & Risk Assessment Working Sessions A Head Start for Your Next Medical Device Seeking Pre-Market Approval Offering educational/working sessions using threats & risks related to your device • These processes can be complicated and that is why we offering these sessions • We’ll apply techniques presented today, for your medical device • After the session, we’ll leave the spread sheet with you so have a head start Sign up on Calendly, at the link below, for a 30 minute session • Here is the link and we’ll put it in the chat
Questions For Us - A Question For You – Link to Previous Webinar Questions for us • Put your questions in the Q&A • For questions we don’t get to, we’ll write answers and make them available after A question for you: What aspects of threat modeling and risk assessments do you already know? • Please respond now • We’ll also ask at the end to see if your perspective has changed 7 MULTIPLE CHOICE ANSWERS TO POLL QUESTION a. I’m new to these processes so all aspects are helpful b. Threat modeling but not for medical devices c. Threat modeling for medical devices d. Risk assessment for medical devices e. Risk assessment and the iterations between security and safety f. All aspects of threat modeling and risk assessment for medical devices
Threat Modeling and Risk Assessment Where Are We? 8 FDA’s Cybersecurity in Medical Devices Guidance 2023 Threat Modeling Cybersecurity Risk Assessment Foundational • Identify Assets • Identify Threat • Diagrams Supports Systematic • STRIDE • PASTA • DREAD • Attack Trees Systematic • Reduce bias with a mechanical method • Helps you know when you’re done • Semi-quantifiable scoring method • Integrates with Safety Risk Assessment Security Risk Management
Threat Modeling and Risk Assessment Why it’s needed? An important part of a “Secure-By-Design” approach • Perform threat and risks assessment at the beginning of a new medical device development  Results in integrated solutions which are harder to defeat than add-on solutions which are more vulnerable • Identifies the security features that will have the biggest impact (based on mitigating the highest risks)  Prioritizing development budget Required by the FDA for a pre-market submission • Referred to in eSTAR as “Risk Management – Threat Model” and “Risk Management – Cybersecurity Risk Assessment” • Feeds 4 of 9 eSTAR requirements for 510K submission Required by MDR • Does not exactly match FDA guidance and documentation required for pre market submission • Risk Management section is light-weight (reason to complement with AAMI SW:96)
Medical Device Lifecycle Threat Modeling & Risk Assessment Used Throughout Diagram is from MDCG 2019-16 Guidance on Cybersecurity for Medical Devices Threat modeling and a risk assessment needs to be performed whenever new threats are identified…….. ……and that can be at any point in the lifecycle of a medical device. Update when: • Adding new product features • Obsolescence-driven hardware changes • Connectivity changes • New operating environments • SBOM driven vulnerabilities • Report of new critical threats  response time
Security vs. Safety If it doesn’t impact patient safety, can it be a severe security issue? Security Objectives that devices are graded against: • Authenticity, which includes integrity; • Authorization; • Availability; • Confidentiality; and • Secure and timely updatability and patchability 11 AAMI TIR57:2016/(R)2019
Definition of Cybersecurity Risk Cyber-Attack Feasibility and Impact on Patient Safety/Harm ‘risk’ means the combination of the probability of occurrence of harm and the severity of that harm EU MDR 3.31 risk combination of the probability of occurrence of harm (3.16) and the severity (3.41) of that harm (3.16) Unpacking probability: - Includes exposure to hazard and limits to harm - statistical probability not acceptable, proxy of exploitability or likelihood is OK Unpacking harm (Appendix B.4): - Includes breach of data, systems security, reduction of effectiveness (consider resident on system but not active) based on an evaluation of the likelihood of exploit, the impact of exploitation on the device’s safety and essential performance, and the severity of patient harm if exploited FDA AAMI SW96
Considerations When Performing Threat and Risk Analysis Conditions/scenarios that the FDA expects for analysis • Different operating modes of the medical device • The software update process • Scenarios where multiple patients can be harmed with one attack • Multi-user scenarios • Lifecycle – Development, Manufacturing, End of life, Service Environment that the medical device will be used in • Doctor’s office, clinic, hospital, ambulatory (variation in attackers) • SaMD (running on different platforms) • Connectivity (air-gapped, hospital network) * Hospital general network = hostile environment Intended use • Example: data acquisition for off-line, non-real time review, vs. • immediate decision making/action 4 Architectural Views (Required)
Steps We’ll Go Through In Our Example 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation Order can be switched
Threat Modeling - STRIDE STRIDE model. (2023). Retrieved September 24, 2024, from https://en.wikipedia.org/wiki/STRIDE_model 15
Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
Our Example is From MITRE / MDIC Medical Device Threat Modeling Hand Book We’ll focus on a Bluetooth example from Playbook. Threats are identified in the example in the Playbook….. ……we’ll take it through risk assessment and security control mitigations
Example Ankle Worn Stroke Detection Data Acquisition AMPS from the MITRE / MDIC Medical Device Threat Modeling Hand Book We’ll focus on Bluetooth in our example The red dashed lines are the threat boundaries
Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
Ankle Monitor and Predictor of Stroke System (AMPS)
Typical Challenges 1. Concept Phase: Size up your Assets & Threat Vectors = Build a Threat Model, do a Risk Assessment Challenge: Catalogue your assets and threat vectors for your device, measure the risks associated with your device 2. Sourcing Phase: Managing shifting requirements Challenge: Transmitting key cybersecurity requirements to internal sw & hw architects or external suppliers and stakeholders or regulators can be costly and time-consuming. Vendors may struggle to keep up, resulting in delays and unplanned costs 3. Development Phase: Resource-intensive cybersecurity specs Challenge: Defining detailed cybersecurity specifications requires significant time and resources. Many teams lack the expertise to produce detailed, compliant requirements early in development, causing delays to time to market 4. Implementation Phase: Lack of cybersecurity prioritization due to lack of knowledge and understanding Challenge: Cybersecurity efforts often take a back seat to time to market due to a lack of understanding and training. This will lead to missed FDA cyber certifications, delayed product launches & lost revenue & market share 5. Production Phase: Difficulty in managing security updates and assets Challenge: Governing and operating the cybersecurity of products in production is complex. Identifying which devices have vulnerabilities, require updates, or have specific software versions becomes difficult without robust asset management systems 28
Risk Assessment
End-to-end Product Cybersecurity Lifecycle Product Concept Define target pragmatic product requirements based on your architecture and threat model Sourcing Simplified supplier vetting and delegated data collection Product Design Constellation Define the cyber blueprint for your product, collect required Bill of Materials Connection to Key Management Seamlessly implement & integrate cyber controls with your supply chain Asset Management Track the cyber production lifecycle and manage vulnerabilities Assets / Updates Perform investigations, Updates and analysis. End of life product decommissioning Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment / End of Life
The Solution: Cumulus 31 Cumulus is an asset management platform for managing, tracking, auditing & securing any device’s End-To-End Product Development Lifecycle
Cumulus: End-to-end Product Cybersecurity Lifecycle Cumulus Product Concept Define target pragmatic product requirements based on your architecture and threat model Cumulus Sourcing Simplified supplier vetting and delegated data collection Cumulus Product Design Constellation Define the cyber blueprint for your product, collect required Bill of Materials Cumulus Connection to DLM Trust Seamlessly implement & integrate cyber controls with your supply chain Cumulus Asset Management Track the cyber production lifecycle and manage vulnerabilities Cumulus Assets / DLM Update Perform investigations and analysis. End of life product decommissioning Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment / End of Life
Cumulus is the “Easy Button” to meet FDA’s section 524B 33 524B The ISS Security Levels incorporates the overall guidelines from FDA Cyber Section 524B and adds our organization’s rigorous ongoing lifecycle management parameters
34 First, define your device structure Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
35 Choose the desired security level for the device... Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
36 ...to drop in our pre-defined cybersecurity requirements Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
37 Then, delegate the cybersecurity requirements to your component team contact Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
38 Assign editing permissions to component team contacts Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
39 Team contact receives a magic link email to easily log in Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
40 Team contact adds off-the-shelf cybersecurity controls for your device Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
41 Easily review the submitted capabilities Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
42 Track your compliance documents process to streamline approvals Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
43 Export & send your premarket submission package with a few clicks Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
44 Mapping the original risks to cybersecurity controls verifies that your concept is sufficient
Cumulus Core Benefits • Reduce time to market, costs & complexity • Manage hardware & software component suppliers • Track vulnerabilities at component level • Shorten regulatory certification by cataloging all assets from product concept phase to EOL • Train internal & external resources to build FDA certifiable components from day 1 45
Poll Question What aspects of threat modeling and risk assessments do you already know? • Please respond now Multiple Choice Answers to the Poll Question a. I’m new to these processes so all aspects are helpful b. Threat modeling but not for medical devices c. Threat modeling for medical devices d. Risk assessment for medical devices e. Risk assessment and the iterations between security and safety f. All aspects of threat modeling and risk assessment for medical devices
Threat Modeling & Risk Assessment Working Sessions A Head Start for Your Next Medical Device Seeking Pre-Market Approval Offering educational/working sessions using threats & risks related to your device • These processes can be complicated and that is why we offering these sessions • We’ll apply techniques presented today, for your medical device • After the session, we’ll leave the spread sheet with you so have a head start Sign up on Calendly, at the link below, for a 30 minute session • Here is the link and we’ll put it in the chat
Thanks for Attending! 48 David Sequino Founder & CEO Colin Duggan Founder & CEO Milton Yarberry Director of Medical Programs & Cybersecurity
49 Link to previous webinars: Cybersecurity in Medical Devices – Practical Advice for FDA’s 510(k) Requirements https://www.ics.com/webinar-demand-practical-advice-fdas-510k-requirements Deep Dive into Secure Product Development Frameworks (SPDF) https://resources.ics.com/webinar/secure-product-development-frameworks Secure-by-design: using Hardware and Software Protection for FDA Compliance https://resources.ics.com/webinar/secure-by-design-hardware-software-protection

More Related Content

PDF
A Deep Dive into Secure Product Development Frameworks.pdf
ICS
 
PDF
Threat Modeling & Risk Assessment Webinar: A Step-by-Step Example
ICS
 
PDF
Medical Device Cybersecurity Threat & Risk Scoring
ICS
 
PDF
Medical Device Cybersecurity Threat & Risk Scoring
ICS
 
PDF
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
ICS
 
PPTX
Threat Modelling and managed risks for medical devices
Frédéric Sagez
 
PPTX
Secure Software Development Best Practices
Joe Orlando
 
PPTX
Understanding Risk Management & Cyber security Principles in Medical Devices
Keerthi Gunasekaran
 
A Deep Dive into Secure Product Development Frameworks.pdf
ICS
 
Threat Modeling & Risk Assessment Webinar: A Step-by-Step Example
ICS
 
Medical Device Cybersecurity Threat & Risk Scoring
ICS
 
Medical Device Cybersecurity Threat & Risk Scoring
ICS
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
ICS
 
Threat Modelling and managed risks for medical devices
Frédéric Sagez
 
Secure Software Development Best Practices
Joe Orlando
 
Understanding Risk Management & Cyber security Principles in Medical Devices
Keerthi Gunasekaran
 

Similar to Threat Modeling and Risk Assessment Webinar.pdf (20)

PDF
8 Mandatory Security Control Categories for Successful Submissions
ICS
 
PPTX
How Medical Devices Risk Patient Safety and Security
Great Bay Software
 
PDF
Webinar: Medical Device Security: An Industry Under Attack and Unprepared to ...
Synopsys Software Integrity Group
 
PPTX
[Wroclaw #6] Medical device security
OWASP
 
DOCX
The WannaCry Black Swan Event -- Unpatchable FDA medical devices
David Sweigert
 
PPTX
Breakout Session: Cybersecurity in Medical Devices
Healthegy
 
PDF
Cybersecurity in smart medical devices
Stefan Weiss
 
PDF
Practical Advice for FDA’s 510(k) Requirements.pdf
ICS
 
ODP
Cybersecurity in medical devices
SafisSolutions
 
ODP
Cybersecurity in medical devices
SafisSolutions
 
PPT
Healthcare cyber powerpoint
safecities
 
PDF
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
Valdez Ladd MBA, CISSP, CISA,
 
PDF
Securing IoT medical devices
Benjamin Biwer
 
PDF
Clinical Risk Management
Medigate
 
PPTX
Cybersecurity in Medical Devices
Sheersha Pramanik 🇮🇳
 
PPTX
OnDemand Webinar: Key Considerations to Securing the Internet of Things (IoT)...
Great Bay Software
 
PPTX
Killed by code 2015
Flaskdata.io
 
PPTX
Killed by code 2015
Flaskdata.io
 
PDF
Secure-by-Design Using Hardware and Software Protection for FDA Compliance
ICS
 
PPTX
THE FDA and Medical Device Cybersecurity Guidance
Pam Gilmore
 
8 Mandatory Security Control Categories for Successful Submissions
ICS
 
How Medical Devices Risk Patient Safety and Security
Great Bay Software
 
Webinar: Medical Device Security: An Industry Under Attack and Unprepared to ...
Synopsys Software Integrity Group
 
[Wroclaw #6] Medical device security
OWASP
 
The WannaCry Black Swan Event -- Unpatchable FDA medical devices
David Sweigert
 
Breakout Session: Cybersecurity in Medical Devices
Healthegy
 
Cybersecurity in smart medical devices
Stefan Weiss
 
Practical Advice for FDA’s 510(k) Requirements.pdf
ICS
 
Cybersecurity in medical devices
SafisSolutions
 
Cybersecurity in medical devices
SafisSolutions
 
Healthcare cyber powerpoint
safecities
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
Valdez Ladd MBA, CISSP, CISA,
 
Securing IoT medical devices
Benjamin Biwer
 
Clinical Risk Management
Medigate
 
Cybersecurity in Medical Devices
Sheersha Pramanik 🇮🇳
 
OnDemand Webinar: Key Considerations to Securing the Internet of Things (IoT)...
Great Bay Software
 
Killed by code 2015
Flaskdata.io
 
Killed by code 2015
Flaskdata.io
 
Secure-by-Design Using Hardware and Software Protection for FDA Compliance
ICS
 
THE FDA and Medical Device Cybersecurity Guidance
Pam Gilmore
 
Ad

More from ICS (20)

PDF
Understanding the EU Cyber Resilience Act
ICS
 
PDF
Porting Qt 5 QML Modules to Qt 6 Webinar
ICS
 
PDF
Exploring Wayland: A Modern Display Server for the Future
ICS
 
PDF
Future-Proofing Embedded Device Capabilities with the Qt 6 Plugin Mechanism.pdf
ICS
 
PDF
Choosing an Embedded GUI: Comparative Analysis of UI Frameworks
ICS
 
PDF
Medical Device Cyber Testing to Meet FDA Requirements
ICS
 
PDF
Webinar On-Demand: Using Flutter for Embedded
ICS
 
PDF
Accelerating Development of a Safety-Critical Cobot Welding System with Qt/QM...
ICS
 
PDF
Overcoming CMake Configuration Issues Webinar
ICS
 
PDF
Enhancing Quality and Test in Medical Device Design - Part 2.pdf
ICS
 
PDF
Designing and Managing IoT Devices for Rapid Deployment - Webinar.pdf
ICS
 
PDF
Quality and Test in Medical Device Design - Part 1.pdf
ICS
 
PDF
Creating Digital Twins Using Rapid Development Techniques.pdf
ICS
 
PDF
Secure Your Medical Devices From the Ground Up
ICS
 
PDF
Cybersecurity and Software Updates in Medical Devices.pdf
ICS
 
PDF
MDG Panel - Creating Expert Level GUIs for Complex Medical Devices
ICS
 
PDF
How to Craft a Winning IOT Device Management Solution
ICS
 
PDF
Bridging the Gap Between Development and Regulatory Teams
ICS
 
PDF
IoT Device Fleet Management: Create a Robust Solution with Azure
ICS
 
PDF
Basic Cmake for Qt Users
ICS
 
Understanding the EU Cyber Resilience Act
ICS
 
Porting Qt 5 QML Modules to Qt 6 Webinar
ICS
 
Exploring Wayland: A Modern Display Server for the Future
ICS
 
Future-Proofing Embedded Device Capabilities with the Qt 6 Plugin Mechanism.pdf
ICS
 
Choosing an Embedded GUI: Comparative Analysis of UI Frameworks
ICS
 
Medical Device Cyber Testing to Meet FDA Requirements
ICS
 
Webinar On-Demand: Using Flutter for Embedded
ICS
 
Accelerating Development of a Safety-Critical Cobot Welding System with Qt/QM...
ICS
 
Overcoming CMake Configuration Issues Webinar
ICS
 
Enhancing Quality and Test in Medical Device Design - Part 2.pdf
ICS
 
Designing and Managing IoT Devices for Rapid Deployment - Webinar.pdf
ICS
 
Quality and Test in Medical Device Design - Part 1.pdf
ICS
 
Creating Digital Twins Using Rapid Development Techniques.pdf
ICS
 
Secure Your Medical Devices From the Ground Up
ICS
 
Cybersecurity and Software Updates in Medical Devices.pdf
ICS
 
MDG Panel - Creating Expert Level GUIs for Complex Medical Devices
ICS
 
How to Craft a Winning IOT Device Management Solution
ICS
 
Bridging the Gap Between Development and Regulatory Teams
ICS
 
IoT Device Fleet Management: Create a Robust Solution with Azure
ICS
 
Basic Cmake for Qt Users
ICS
 
Ad

Recently uploaded (20)

PDF
49784907924775488180_LRN2959_Data_Pump_23ai.pdf
Abilash868456
 
PPTX
classification of computer and basic part of digital computer
ravisinghrajpurohit3
 
PDF
Jenkins: An open-source automation server powering CI/CD Automation
SaikatBasu37
 
PPTX
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
PPTX
Presentation about Database and Database Administrator
abhishekchauhan86963
 
PPTX
Web Testing.pptx528278vshbuqffqhhqiwnwuq
studylike474
 
PPTX
AI-Ready Handoff: Auto-Summaries & Draft Emails from MQL to Slack in One Flow
bbedford2
 
PDF
Generating Union types w/ Static Analysis
K. Matthew Dupree
 
PPTX
Can You Build Dashboards Using Open Source Visualization Tool.pptx
Varsha Nayak
 
PPTX
Maximizing Revenue with Marketo Measure: A Deep Dive into Multi-Touch Attribu...
bbedford2
 
PPTX
PFAS Reporting Requirements 2026 Are You Submission Ready Certivo.pptx
Certivo Inc
 
PDF
New Download MiniTool Partition Wizard Crack Latest Version 2025
imang66g
 
PPTX
The-Dawn-of-AI-Reshaping-Our-World.pptxx
parthbhanushali307
 
PDF
Key Features to Look for in Arizona App Development Services
Net-Craft.com
 
PDF
Enhancing Healthcare RPM Platforms with Contextual AI Integration
Cadabra Studio
 
PDF
vAdobe Premiere Pro 2025 (v25.2.3.004) Crack Pre-Activated Latest
imang66g
 
PPTX
Odoo Integration Services by Candidroot Solutions
CandidRoot Solutions Private Limited
 
PPTX
Explanation about Structures in C language.pptx
Veeral Rathod
 
DOCX
Can You Build Dashboards Using Open Source Visualization Tool.docx
Varsha Nayak
 
PDF
Teaching Reproducibility and Embracing Variability: From Floating-Point Exper...
University of Rennes, INSA Rennes, Inria/IRISA, CNRS
 
49784907924775488180_LRN2959_Data_Pump_23ai.pdf
Abilash868456
 
classification of computer and basic part of digital computer
ravisinghrajpurohit3
 
Jenkins: An open-source automation server powering CI/CD Automation
SaikatBasu37
 
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
Presentation about Database and Database Administrator
abhishekchauhan86963
 
Web Testing.pptx528278vshbuqffqhhqiwnwuq
studylike474
 
AI-Ready Handoff: Auto-Summaries & Draft Emails from MQL to Slack in One Flow
bbedford2
 
Generating Union types w/ Static Analysis
K. Matthew Dupree
 
Can You Build Dashboards Using Open Source Visualization Tool.pptx
Varsha Nayak
 
Maximizing Revenue with Marketo Measure: A Deep Dive into Multi-Touch Attribu...
bbedford2
 
PFAS Reporting Requirements 2026 Are You Submission Ready Certivo.pptx
Certivo Inc
 
New Download MiniTool Partition Wizard Crack Latest Version 2025
imang66g
 
The-Dawn-of-AI-Reshaping-Our-World.pptxx
parthbhanushali307
 
Key Features to Look for in Arizona App Development Services
Net-Craft.com
 
Enhancing Healthcare RPM Platforms with Contextual AI Integration
Cadabra Studio
 
vAdobe Premiere Pro 2025 (v25.2.3.004) Crack Pre-Activated Latest
imang66g
 
Odoo Integration Services by Candidroot Solutions
CandidRoot Solutions Private Limited
 
Explanation about Structures in C language.pptx
Veeral Rathod
 
Can You Build Dashboards Using Open Source Visualization Tool.docx
Varsha Nayak
 
Teaching Reproducibility and Embracing Variability: From Floating-Point Exper...
University of Rennes, INSA Rennes, Inria/IRISA, CNRS
 

Threat Modeling and Risk Assessment Webinar.pdf

  • 1. 1 Threat Modeling and Risk Assessment: A Step-by-Step Example September 26 | 1 pm EDT
  • 2. About Us – Complementary Partners 2 INTEGRITY Security Services (ISS) is a wholly owned subsidiary of Green Hills Software LLC., established to provide best practice embedded security products and services for the protection of smart devices in all industries from cyber security attacks. ISS's experience enables them to provide the world’s first Secure Platform for Medical (SPM) which dramatically reduces time and resources for medical device OEMs to meet Omnibus Act Section 3305 and FD & C Section 524B. BG Networks equips embedded engineers and penetration testers with easy-to-use software automation tools to streamline cybersecurity tasks including hardening, detection, and testing. BG Networks automation tools are designed to help with adherence to regulations from the FDA, NIST, ISO, and the EU. ICS supports our customers with software development, User experience design, platform and regulatory support to build next generation products. We provide a number of services focused on the medtech space including human factors engineering with a 62366 compliant process, hazard and risk analysis, 62304 compliant software development, and platform support including cybersecurity. Cybersecurity Services Cyber-Testing Detection Hardening Risk Management
  • 3. Speaker Introductions 3 David Sequino Founder & CEO Colin Duggan Founder & CEO Milton Yarberry Director of Medical Programs & Cybersecurity
  • 4. Cybersecurity in Medical Devices: Practical Advice for FDA’s 510(k) Requirements Webinar Series 4 1. On Demand Practical Advice for FDA’s 510(k) Requirements https://www.ics.com/webinar-demand-practical-advice-fdas-510k-requirements 2. On Demand Secure-by-Design - Using Hardware and Software Protection for FDA Compliance https://resources.ics.com/webinar/secure-product-development-frameworks 3. On Demand Secure-by-Design - Using Hardware and Software Protection for FDA Compliance https://resources.ics.com/webinar/secure-by-design-hardware-software-protection 4. Threat modeling and risk assessment – First step in risk management 5. Cyber-testing – What the FDA expects 6. Defense-In-Depth – Security control categories called for by the FDA 7. Cybersecurity documentation - eSTAR submissions 8. Post Market Requirements – Fixing Vulnerabilities: SBOM – Updates - Monitoring 9. Bolting On Security – Is there anything that can be done if I already have a design Today’s Presentation November
  • 5. Agenda • Why should threats be modeled, and risks assessed • Overview of the device used in the example • Threat modeling steps • Risk assessment steps • Steps to implement controls • Sign up for 1 on 1, hands-on threat modeling & risk analysis session 5
  • 6. Threat Modeling & Risk Assessment Working Sessions A Head Start for Your Next Medical Device Seeking Pre-Market Approval Offering educational/working sessions using threats & risks related to your device • These processes can be complicated and that is why we offering these sessions • We’ll apply techniques presented today, for your medical device • After the session, we’ll leave the spread sheet with you so have a head start Sign up on Calendly, at the link below, for a 30 minute session • Here is the link and we’ll put it in the chat
  • 7. Questions For Us - A Question For You – Link to Previous Webinar Questions for us • Put your questions in the Q&A • For questions we don’t get to, we’ll write answers and make them available after A question for you: What aspects of threat modeling and risk assessments do you already know? • Please respond now • We’ll also ask at the end to see if your perspective has changed 7 MULTIPLE CHOICE ANSWERS TO POLL QUESTION a. I’m new to these processes so all aspects are helpful b. Threat modeling but not for medical devices c. Threat modeling for medical devices d. Risk assessment for medical devices e. Risk assessment and the iterations between security and safety f. All aspects of threat modeling and risk assessment for medical devices
  • 8. Threat Modeling and Risk Assessment Where Are We? 8 FDA’s Cybersecurity in Medical Devices Guidance 2023 Threat Modeling Cybersecurity Risk Assessment Foundational • Identify Assets • Identify Threat • Diagrams Supports Systematic • STRIDE • PASTA • DREAD • Attack Trees Systematic • Reduce bias with a mechanical method • Helps you know when you’re done • Semi-quantifiable scoring method • Integrates with Safety Risk Assessment Security Risk Management
  • 9. Threat Modeling and Risk Assessment Why it’s needed? An important part of a “Secure-By-Design” approach • Perform threat and risks assessment at the beginning of a new medical device development  Results in integrated solutions which are harder to defeat than add-on solutions which are more vulnerable • Identifies the security features that will have the biggest impact (based on mitigating the highest risks)  Prioritizing development budget Required by the FDA for a pre-market submission • Referred to in eSTAR as “Risk Management – Threat Model” and “Risk Management – Cybersecurity Risk Assessment” • Feeds 4 of 9 eSTAR requirements for 510K submission Required by MDR • Does not exactly match FDA guidance and documentation required for pre market submission • Risk Management section is light-weight (reason to complement with AAMI SW:96)
  • 10. Medical Device Lifecycle Threat Modeling & Risk Assessment Used Throughout Diagram is from MDCG 2019-16 Guidance on Cybersecurity for Medical Devices Threat modeling and a risk assessment needs to be performed whenever new threats are identified…….. ……and that can be at any point in the lifecycle of a medical device. Update when: • Adding new product features • Obsolescence-driven hardware changes • Connectivity changes • New operating environments • SBOM driven vulnerabilities • Report of new critical threats  response time
  • 11. Security vs. Safety If it doesn’t impact patient safety, can it be a severe security issue? Security Objectives that devices are graded against: • Authenticity, which includes integrity; • Authorization; • Availability; • Confidentiality; and • Secure and timely updatability and patchability 11 AAMI TIR57:2016/(R)2019
  • 12. Definition of Cybersecurity Risk Cyber-Attack Feasibility and Impact on Patient Safety/Harm ‘risk’ means the combination of the probability of occurrence of harm and the severity of that harm EU MDR 3.31 risk combination of the probability of occurrence of harm (3.16) and the severity (3.41) of that harm (3.16) Unpacking probability: - Includes exposure to hazard and limits to harm - statistical probability not acceptable, proxy of exploitability or likelihood is OK Unpacking harm (Appendix B.4): - Includes breach of data, systems security, reduction of effectiveness (consider resident on system but not active) based on an evaluation of the likelihood of exploit, the impact of exploitation on the device’s safety and essential performance, and the severity of patient harm if exploited FDA AAMI SW96
  • 13. Considerations When Performing Threat and Risk Analysis Conditions/scenarios that the FDA expects for analysis • Different operating modes of the medical device • The software update process • Scenarios where multiple patients can be harmed with one attack • Multi-user scenarios • Lifecycle – Development, Manufacturing, End of life, Service Environment that the medical device will be used in • Doctor’s office, clinic, hospital, ambulatory (variation in attackers) • SaMD (running on different platforms) • Connectivity (air-gapped, hospital network) * Hospital general network = hostile environment Intended use • Example: data acquisition for off-line, non-real time review, vs. • immediate decision making/action 4 Architectural Views (Required)
  • 14. Steps We’ll Go Through In Our Example 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation Order can be switched
  • 15. Threat Modeling - STRIDE STRIDE model. (2023). Retrieved September 24, 2024, from https://en.wikipedia.org/wiki/STRIDE_model 15
  • 16. Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
  • 17. Our Example is From MITRE / MDIC Medical Device Threat Modeling Hand Book We’ll focus on a Bluetooth example from Playbook. Threats are identified in the example in the Playbook….. ……we’ll take it through risk assessment and security control mitigations
  • 18. Example Ankle Worn Stroke Detection Data Acquisition AMPS from the MITRE / MDIC Medical Device Threat Modeling Hand Book We’ll focus on Bluetooth in our example The red dashed lines are the threat boundaries
  • 19. Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
  • 20. Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
  • 21. Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
  • 22. Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
  • 23. Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
  • 24. Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
  • 25. Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
  • 26. Tracking Progress Through Our Example Using The Spreadsheet 1. Review system diagram and its intended function 2. Draw threat boundaries 3. Identify assets 4. Use STRIDE to identify threats 5. Score safety impacts of threats 6. Identify attack paths 7. Score the feasibility/difficulty of attack paths 8. Calculate risk score 9. Risk treatment: mitigate, transfer, accept, eliminate 10. Determine risk mitigation
  • 27. Ankle Monitor and Predictor of Stroke System (AMPS)
  • 28. Typical Challenges 1. Concept Phase: Size up your Assets & Threat Vectors = Build a Threat Model, do a Risk Assessment Challenge: Catalogue your assets and threat vectors for your device, measure the risks associated with your device 2. Sourcing Phase: Managing shifting requirements Challenge: Transmitting key cybersecurity requirements to internal sw & hw architects or external suppliers and stakeholders or regulators can be costly and time-consuming. Vendors may struggle to keep up, resulting in delays and unplanned costs 3. Development Phase: Resource-intensive cybersecurity specs Challenge: Defining detailed cybersecurity specifications requires significant time and resources. Many teams lack the expertise to produce detailed, compliant requirements early in development, causing delays to time to market 4. Implementation Phase: Lack of cybersecurity prioritization due to lack of knowledge and understanding Challenge: Cybersecurity efforts often take a back seat to time to market due to a lack of understanding and training. This will lead to missed FDA cyber certifications, delayed product launches & lost revenue & market share 5. Production Phase: Difficulty in managing security updates and assets Challenge: Governing and operating the cybersecurity of products in production is complex. Identifying which devices have vulnerabilities, require updates, or have specific software versions becomes difficult without robust asset management systems 28
  • 30. End-to-end Product Cybersecurity Lifecycle Product Concept Define target pragmatic product requirements based on your architecture and threat model Sourcing Simplified supplier vetting and delegated data collection Product Design Constellation Define the cyber blueprint for your product, collect required Bill of Materials Connection to Key Management Seamlessly implement & integrate cyber controls with your supply chain Asset Management Track the cyber production lifecycle and manage vulnerabilities Assets / Updates Perform investigations, Updates and analysis. End of life product decommissioning Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment / End of Life
  • 31. The Solution: Cumulus 31 Cumulus is an asset management platform for managing, tracking, auditing & securing any device’s End-To-End Product Development Lifecycle
  • 32. Cumulus: End-to-end Product Cybersecurity Lifecycle Cumulus Product Concept Define target pragmatic product requirements based on your architecture and threat model Cumulus Sourcing Simplified supplier vetting and delegated data collection Cumulus Product Design Constellation Define the cyber blueprint for your product, collect required Bill of Materials Cumulus Connection to DLM Trust Seamlessly implement & integrate cyber controls with your supply chain Cumulus Asset Management Track the cyber production lifecycle and manage vulnerabilities Cumulus Assets / DLM Update Perform investigations and analysis. End of life product decommissioning Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment / End of Life
  • 33. Cumulus is the “Easy Button” to meet FDA’s section 524B 33 524B The ISS Security Levels incorporates the overall guidelines from FDA Cyber Section 524B and adds our organization’s rigorous ongoing lifecycle management parameters
  • 34. 34 First, define your device structure Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
  • 35. 35 Choose the desired security level for the device... Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
  • 36. 36 ...to drop in our pre-defined cybersecurity requirements Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
  • 37. 37 Then, delegate the cybersecurity requirements to your component team contact Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
  • 38. 38 Assign editing permissions to component team contacts Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
  • 39. 39 Team contact receives a magic link email to easily log in Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
  • 40. 40 Team contact adds off-the-shelf cybersecurity controls for your device Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
  • 41. 41 Easily review the submitted capabilities Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
  • 42. 42 Track your compliance documents process to streamline approvals Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
  • 43. 43 Export & send your premarket submission package with a few clicks Concept Development: Preliminary Design Development: Detailed Design System Integration System Deployment / Operation System Sustainment/ End of Life
  • 44. 44 Mapping the original risks to cybersecurity controls verifies that your concept is sufficient
  • 45. Cumulus Core Benefits • Reduce time to market, costs & complexity • Manage hardware & software component suppliers • Track vulnerabilities at component level • Shorten regulatory certification by cataloging all assets from product concept phase to EOL • Train internal & external resources to build FDA certifiable components from day 1 45
  • 46. Poll Question What aspects of threat modeling and risk assessments do you already know? • Please respond now Multiple Choice Answers to the Poll Question a. I’m new to these processes so all aspects are helpful b. Threat modeling but not for medical devices c. Threat modeling for medical devices d. Risk assessment for medical devices e. Risk assessment and the iterations between security and safety f. All aspects of threat modeling and risk assessment for medical devices
  • 47. Threat Modeling & Risk Assessment Working Sessions A Head Start for Your Next Medical Device Seeking Pre-Market Approval Offering educational/working sessions using threats & risks related to your device • These processes can be complicated and that is why we offering these sessions • We’ll apply techniques presented today, for your medical device • After the session, we’ll leave the spread sheet with you so have a head start Sign up on Calendly, at the link below, for a 30 minute session • Here is the link and we’ll put it in the chat
  • 48. Thanks for Attending! 48 David Sequino Founder & CEO Colin Duggan Founder & CEO Milton Yarberry Director of Medical Programs & Cybersecurity
  • 49. 49 Link to previous webinars: Cybersecurity in Medical Devices – Practical Advice for FDA’s 510(k) Requirements https://www.ics.com/webinar-demand-practical-advice-fdas-510k-requirements Deep Dive into Secure Product Development Frameworks (SPDF) https://resources.ics.com/webinar/secure-product-development-frameworks Secure-by-design: using Hardware and Software Protection for FDA Compliance https://resources.ics.com/webinar/secure-by-design-hardware-software-protection