Shostack + Friends Blog

 

Medical Device Threat Modeling

New training being developed, seeking interest. Wide view of in-person threat modeling training with Adam Shostack at the whiteboards

Threat modeling figures heavily in the FDA's thinking. It's been part of the first cybersecurity pre-market guidance, it was a big part of the workshop on 'content of premarket submissions,' [link to https://www.fda.gov/medical-devices/workshops-conferences-medical-devices/public-workshop-content-premarket-submissions-management-cybersecurity-medical-devices-january-29-30 no longer works] etc. There have been lots of questions about how to make that happen.

I've been working with the FDA and the MDIC, and we have been planning for free boot camps for threat modeling. MDIC is now asking people to apply to attend. Dates TBD in light of the current pandemic, but please, if you're interested, let us know so to help us plan.

  • 2-day intensive hands-on sessions on threat modeling.
  • Learn about structured, systematic and comprehensive approach to threat modeling for engineering more secure systems from SMEs from public and private sector.
  • Learn the latest updates on medical device cybersecurity and related areas from representatives of FDA and industry.
  • Networking opportunity with SMEs from MedTech and non-MedTech sectors to learn on cybersecurity best practices that can be incorporated into the medical device industry.
  • Contribute to the discussions on the development of Medical Device Threat Modeling Playbook.