IEEE Release Medical Device Security Guidelines


IEEE cyber security initiative, with the help of research scientists, have released a new set of guidelines for developers to follow to ensure security of medical devices. The paper, "Building Code for Medical Device Software Security", released on Monday, mainly focuses on the implementation of clean and secure codes instead of it's design.

Authors: Dr. Tom Haigh, a researcher at Adventium Labs and Carl Landwehr, a lead research scientist at George Washington University.

Through the paper, the authors are encouraging developers to use memory safe languages, secure coding standards, digitally signed firmware, whitelists, carefully vetted cryptography and algorithms that have received open certification, in their medical devices.

"If for some reason suitable algorithms are not available and invention is required (this should be a last resort), developers should take care to get expert review prior to adopting and implementing their own crypto-algorithms," the researchers said in the paper.
A group of 40 experts from varying fields, including medical device researchers, cybersecurity researchers, software engineers, and regulators, hammered out the guidelines over the course of two days in New Orleans last November. The workshop was funded by both the IEEE and the National Science Foundation’s Secure and Trustworthy Cyberspace program.
"It is of course impossible to develop a complete code in a two-day workshop," Landwehr writes, "The intent of this initial code is to provide a basis that developers can use to rule out the most commonly exploited classes of software vulnerabilities."

"There is more work to do, so we encourage the industry to participate in our effort to create a foundation for a more complete code for the medical device industry to apply," Landwehr added.

No comments

Powered by Blogger.