Thursday, February 2, 2012

NIST explores economic incentives for medical device cybersecurity

The NIST Information Security and Privacy Advisory Board recently held a panel on Economic Incentives for Medical Device Cybersecurity.

Discussion summary: The lack of meaningful data on medical device cybersecurity leads to cybersecurity unpreparedness. Today, though, there is an economic disincentive for reporting of vulnerabilities and incidents. For instance, a hospital would incur liability by reporting a problem. The economic factors self-reinforce a cycle of not reporting cybersecurity problems, which increases the false impression of preparedness from lack of reported incidents. The lack of reported incidents is more likely a result of lack of incentives for reporting and a lack of effective reporting mechanisms designed to collect cybersecurity threat indicators from the clinical setting.


  • Brian Fitzgerald
    Deputy Director, Division of Electrical and Software Engineering, FDA CDRH OSEL
  • Kevin Fu
    Associate Professor, Computer Science, UMass Amherst (moderator)
  • Louis Jacques
    Director, Coverage and Analysis Group, Centers for Medicare and Medicaid Services
  • James Keller
    Vice President, Health Technology Evaluation and Safety, ECRI Institute
  • George Mills
    Director, Department of Engineering, The Joint Commission
  • Erich P. Murrell
    Lt. Col., CISO, Medical Devices, Office of the Air Force Surgeon General
Past ISPAB meetings with panels on medical device cybersecurity:

Wednesday, February 1, 2012

ACM Workshop on Medical Communication Systems

The ACM Workshop on Medical Communication Systems (MedCOMM) seeks short research papers. Research communities such as communications, networking, sensor networks, cyberphysical systems, human-computer interaction, security, and wireless are highly relevant. This workshop is co-located with ACM SIGCOMM in Helsinki, Finland.

From the CFP:
We solicit submissions on topics including, but not limited to, the following:
  • Safe and effective network architectures and protocols for highly interoperable wireless medical devices
  • Applications of cognitive radio to maximize spectrum utilization and spectrum sharing on unlicensed bands
  • Data integrity and reliability issues in allocated or unlicensed spectrum
  • Mobile phones as medical sensor gateways
  • Ultra-low power communications
  • Deployment of open medical communication systems
  • Communications and computer networks designed for validation, formal verification, or hazard analysis
  • Usability issues, security/privacy issues, regulatory/policy issues
  • Industrial experiences, provider experiences, regulator experiences
As a workshop, the focus is on position papers and early-stage works. The submission deadline is March 23rd. Please consider submitting.

The full CFP with all of the relevant deadline information is available here.