Cybersecurity and Software Updates in Medical Devices.pdf
0 likes609 views
This document discusses cybersecurity and software updates in medical devices. It provides an overview of Integrated Computer Solutions (ICS) and the services it offers for medical device development. These include human factors engineering, software development, medical device cybersecurity, and software verification testing. The document also discusses Toradex and the Torizon platform it provides for over-the-air software updates in embedded systems. It notes regulations and standards driving new requirements for medical device cybersecurity and software updates. Finally, it discusses strategies for implementing secure software updates, including A/B updates, delta updates, container-based updates, and leveraging hardware encryption.
Cybersecurity and Software Updates in Medical Devices.pdf
- 1. Cybersecurity and Software Updates in Medical Devices Justin Noel, ICS Daniel Lang, Toradex 1 January 25, 2023
- 2. About ICS Established in 1987, Integrated Computer Solutions, Inc. (ICS) delivers innovative software solutions with a full suite of services to accelerate development of successful next-gen products. ICS is headquartered outside Boston in Waltham, Mass. with offices in California, Canada and Europe. Currently 160 people. Boston UX is ICS’ design studio, specializing in intuitive touchscreen and multimodal interfaces for high-impact embedded and connected devices. 2
- 3. www.ics.com Delivering a Full Suite of Medtech Services 3 ● Human Factors Engineering ● IEC 62366-UX/UI Design ● Custom Frontend and Backend Software Development ● Development with IEC 62304-Compliant Platform ● Low-code Tools that Convert UX Prototype to Product ● Medical Device Cybersecurity ● AWS and Azure Cloud Services and Analytics ● ISO 14971-Compliant Hazard Analysis ● Software Verification Testing ● Complimentary Software Technology Assessment
- 4. Toradex - What We Do Make Embedded Computing Easy Reliable Arm System-on-Modules Torizon - Linux IoT Platform Lowest Cost of Ownership Industry-leading Support 4
- 5. Focus Verticals • Industrial Automation • Healthcare • Transportation • Test & Measurement • Smart City Typical Annual Volumes 100 to 50k Pcs Per Customer Project Typical Applications 5
- 6. Toradex - Numbers FOUNDED 2003 ACTIVE CUSTOMERS 3000+ EMPLOYEES 150+ 8 GLOBAL OFFICES 70+ PROVEN PARTNERS 6
- 9. PSA Certified 2022 Security Report 9
- 10. Global Trend In New Regulations 10
- 11. Europa Télécommunications Standards Institute (ETSI) EN 303 645 California State Law SB-327 Oregon IoT Law (House Bill 2395) NIST 8259A ISO/SAE 21434 – THE CYBERSECURITY STANDARD IEC 62443 CYBERSECURITY MATURITY MODEL CERTIFICATION CMMC 2.0 – DoD White House - Executive Order on Improving the Nation’s Cybersecurity Many More……….. Global Trend In New Regulations 11
- 12. Global Trend In New Regulations 12 Some Common Requirements • No Default Passwords • Way to Timely Patch Vulnerability • Log Access • Software Bill of Material
- 13. Poll - How do you do Software Updates 13 • Remote Updates Regular • Remote Updates When Needed • Offline Updates Regular • Offline Updates When Needed • No Updates ?
- 14. Example: Electric Vehicles Charger 14
- 15. Example: Medical Devices for Hospitals 15
- 16. Poll - What drives your Security Requirements ? 16 • Company Policy / Best Practices • Customers • Government Regulations • Other Regulations / Standards • None of the above ?
- 17. • Example is a Swiss Company • Medical Devices traditionally avoided changes to SW or HW • The Situation is changing • Devices are connected › Example: Control Centers in Hospitals or even for Home Care with Remote Monitoring RWJBarnabas Health Community Medical Center Example: Medical Devices for Hospitals 17
- 18. IT security requirements for third - party systems Example: Medical Devices for Hospitals 18
- 19. Example: Medical Devices for Hospitals 19
- 20. Example: Medical Devices for Hospitals 20
- 21. Recent FDA Guidance Regarding Software Updates Cybersecurity in Medical Devices (Latest Draft April 2022) https://www.fda.gov/media/119933/download FDA Guidance is a slow process, but PATCH Act 2022 may make this US law. When to Submit a 510(k) for a Software Change to an Existing Device (2017) https://www.fda.gov/media/99785/download Clarification of 510(k) re-submission criteria 21
- 22. Reasons For New Guidance and Clarifications Once upon a time system level updates for medical devices were rare COTS processes and re-validation for OS/Library updates were burdensome Resulted in base libraries and OS’s sometimes not being updated at all Wait until next major device revision (next 510(k) submission) Security issues were mitigated by air gapping and physical access In a connected world, air gaps are no longer possible Results were a cybersecurity nightmare We have run into devices running ancient versions of WinCE wo/SP 22
- 23. Clarification on 510(k) Submissions 510(k) NOT Required Strengthen cyber security wo / changes to app / controls SW (OS Patch) Return device to specifications of cleared device (Bug Fixes) 510(k) Required Updates change the safety or effectiveness of the device Risk based assessment needs to be performed to determine significance of changes both individual and cumulative changes. 23
- 24. 510(k) Decision Flow Chart 24
- 25. Cybersecurity Communication and Patchability Design software for patchability Isolated software components are easier to test and manage risk Patching Capability Rate at which updates can be fielded. Communication of software vulnerabilities and update availability Ability to re-execute V&V Testing If V&V takes several months your patching capability will be low. 25
- 26. Cybersecurity Considerations for Updates FDA requires that updates are verified to be authentic and unadulterated Signed Update was created by the manufacturer for this medical device. Secure chain of custody Ensure that updates cannot be corrupted or compromised Resilient to failure Controlled combination of system components Only allow software combinations that have been tested 26
- 27. Projects Over the Last 15 years ICS developed many in house solutions for customers OS Build (Yocto, BuildRoot, Windows Embedded) Update packaging (Encryption, signing) Secure bootloader (modified u-boot for applying updates) Error resistant partitioning schemes (A/B Updates) Portals / webservices / middleware for update notification and distributions Off the shelf products, frameworks and hardware are now available Much easier to write and maintain 27
- 28. Popular SW Update Solutions ● Torizon ● Mender ● Balena ● SwUpdate ● OSTree ● Aktualizr ● Uptane ● Torizon 28
- 29. A/B Upgrades ● Dual A/B identical rootfs partitions ● Data partition for storing any persistent data which is left unchanged during the update process ● Typically a client application runs on the embedded device and periodically connects to a server to check for updates ● If a new software update is available, the client downloads and installs it on the other partition ● Fallback in case of update failure 29
- 30. Delta Updates ● Only the binary delta between the difference is sent to the embedded device ● Works in a Git-like model for filesystem trees ● Saves storage space and connection bandwidth ● Rollback of the system to a previous state 30
- 31. A/B vs Delta Updates 31 Update strategy Storage space Update size Rollback to a previous stage Fallback to a back-up image on a separate partition A/B Updates Large Large Yes Yes Delta Updates Small Small Yes No
- 32. Container-based Updates ● Container technology has changed the way application developers interact with the cloud and some of the good practices are nowadays applied to the development workflow for embedded Linux devices and Internet of Things ● Containers make applications faster to deploy, easier to update and more secure through isolation ● Yocto/OE layer meta-virtualization provides support for building Xen, KVM, Libvirt, docker and associated packages necessary for constructing OE-based virtualized solutions 32
- 33. Leveraging Hardware Encryption Support HSM: Hardware Security Module. TPM: Trusted Platform Module (also known as ISO/IEC 11889). CAAM: Cryptographic Accelerator and Assurance Module (NXP i.MX processors). 33
- 34. CAAM (Cryptographic Accelerator and Assurance Module) CAAM on the Freescale i.MX platform supports the following: ● Secure memory feature with hardware-enforced access control ● Cryptographic authentication ● Authenticated encryption algorithms ● Symmetric key block ciphers ● Symmetric key stream ciphers ● Random-number generation 34
- 35. Hosting Solutions Microsoft Azure IoT Excellent framework for general IoT and update distribution ICS has written in house C++ wrappers around Azure IoT Distribution of updates amount other things Torizon OTA Turnkey solution for fleet management 35
- 36. Torizon - Be Faster - Be Secure - Be Reliable 36
- 37. Torizon 37 Based on Uptane Framework • Used by major Automotive OEM • Designed with State Actors Attackers in mind • JDF/Linux Foundation Project • Independent Security Audits • Expands on The Update Framework (TUF) ● Cloud Native Computing Foundation
- 38. Torizon 38 Key Technology: OSTree OpenSource Git - Like Space savings ● Including automatic de-duplication Minimal update size ● Diff updates of per-file changes Integrity can be verified Atomic updates Immutability & Revision Control
- 39. Torizon - Supported Hardware 39 https://www.torizon.io/supported-hardware