Sunday, October 2, 2011

Amphion Forum discusses medical device security in Minneapolis on November 3

Join MDSC co-director Dr. Kevin Fu and several other experts on medical device security at the Amphion Forum in Minneapolis on November 3. Request an invitation and then take a morning break from MDM to learn about the emerging security risks of software-based medical devices.

It's not too surprising that medical devices have security risks. The bigger question is how to find effective and balanced ways to reduce security risks in a landscape where threats can emerge without warning. Dr. Fu explains that if a medical device company wishes to attract hackers to devices, the company should follow this simple, four-step program:
  1. Increase software complexity so that testing becomes an ineffective technique for risk management. Make extensive use of pointers and non-type-safe programming languages.
  2. Add unprotected radio communication so that previous physical barriers no longer keep out the bad. Special overconfidence points are awarded for using "proprietary techniques" to "secure" a radio/wireless link.
  3. Trust the Internet for clinical decision making; add decades of Internet security holes and web browser vulnerabilities to your trusted computing base.
  4. Be complacent. Assume that absence of a security problem today means there never will be.

No comments:

Post a Comment

All comments are moderated to prevent spam, so please pardon the delay while our anti-spam team looks at incoming messages.