07 Apr Navigating Cybersecurity Threat Assessments
During this challenging time, cybersecurity for medical instruments should be on the forefront of every device designer’s mind, particularly those life-saving devices such as ventilators. It is imperative to incorporate cybersecurity strategies into each step of the software development process, from architecture threat assessment to penetration testing. In the next few weeks, Key Tech will cover a range of cybersecurity topics that we consider on a daily basis during device development. For this week, our threat assessment process is a good starting point.
A high-level software block diagram is often one of the first things drafted during the early stages of the development cycle. The block diagram is useful to inform the individual responsibilities as well as identify the communication interfaces among the software modules. From our experience, this is the optimal time to start the threat assessment. The threat assessment should focus on understanding potential vulnerabilities and attack surfaces of the instrument, either at the communication interfaces, or at the software module level. To identify these vulnerabilities, we find ourselves typically asking questions such as what type of data is transmitted over which interface? Where is the data stored and for how long? How sensitive is the data should an unauthorized party get a hold of it? What is the level of difficulty for an unauthorized person to access any of the communication interface and/or data storage? A dedicated threat assessment tool can often help in visually modeling the system under assessment. After the assessment is complete, the results are fed back into the software development process, influencing software requirements, and general architectural design of the system to address the security concerns identified in the threat assessment.
What are other techniques you deploy in assessing cybersecurity threats during system design? Reach out at TalkToUs@keytechinc.com to join in on the conversation with us.