Today the Food and Drug Administration (FDA) published a
meeting notice in the Federal Register (80 FR
76022-76025) for a public workshop entitled “Moving
Forward: Collaborative Approaches to Medical Device Cybersecurity”. The two-day
workshop will be held in Silver Springs, MD on January 20-21st,
2016. The workshop will be webcast.
Agenda
According to the meeting notice the FDA, in conjunction with
the National Health Information Sharing Analysis Center (NH-ISAC), the
Department of Health and Human Services, and the Department of Homeland
Security, wishes to address the following questions related to coordinated
disclosure:
• How might the stakeholder
community create incentives to encourage stakeholder participation?
• What do individual stakeholders
need to understand and be aware of regarding coordinated disclosure?
• What current tools and models
presently exist that may aid stakeholders in implementing disclosure and
vulnerability management?
• How can the security researcher community work in
collaboration with HPH stakeholders to identify, assess, and mitigate
vulnerabilities?
Additional topics of interest include:
• Sharing FDA's current thinking on
the implementation of the Framework in the medical device total product
lifecycle.
• Adapting cybersecurity and/or
risk assessment tools such as CVSS for the medical device operational
environment.
• Adapting and/or implementing
existing cybersecurity standards for medical devices.
• Understanding the challenges that
manufacturers face as they increase collaboration with external third parties
(cybersecurity researchers, ISAOs, and end users), to resolve cybersecurity
vulnerabilities that impact their devices.
• Gaining situational awareness of
the current activities in the HPH sector to enhance medical device
cybersecurity.
• Identifying cybersecurity gaps
and challenges that persist in the medical device ecosystem and begin crafting
action plans to address them.
Registration
Those wishing to attend the workshop in person may register
on-line. Early registration is recommended due to the limited seating at
the venue.
Registration is not required for the web cast, but the web
cast link will not be available until January 13th, 2016.
Public Comments
The FDA is soliciting public comments on the topics to be
covered in the workshop. Written comments may be submitted via the Federal
eRulemaking Portal (www.Regulations.gov;
Docket # FDA-2014-N-1286). Comments will be accepted until February 22, 2016.
Commentary
The one thing that looks to be missing from this workshop is a discussion of how reported cybersecurity vulnerabilities will be related
to device recalls. More on this in a later blog post.
Posts
No comments:
Post a Comment