{"title":"医疗设备的持续安全补丁交付和风险管理","authors":"H. V. Stockhausen, M. Rose","doi":"10.1109/ICSA-C50368.2020.00043","DOIUrl":null,"url":null,"abstract":"This paper is a case study describing our practical experience in the area of cybersecurity for medical devices. We describe how Siemens Healthineers uses a continuous security patch delivery model in a regulated market across 15+ business lines which cover our huge portfolio of imaging modalities, laboratory and point-of-care instruments. The case study addresses how we have implemented a continuous security patch delivery strategy. The strategy embraces a systematic way of product-specific vulnerability evaluations based on design knowledge and operator-oriented risk communication which are the novel aspects of this work. Focusing on the ‘real’ cybersecurity risks in the early phase of the continuous delivery process leads to reduced cost for post-market management of medical devices. The paper also describes how this dynamic, continuous and highly automated approach is intended to satisfy the current and future demands of the National Telecommunications and Information Administration (NTIA) the existing FDA post-market guidance and the upcoming revision of the FDA pre-market guidance on cybersecurity to provide operators with a “software bill of material” (SBOM).","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"531 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Continuous security patch delivery and risk management for medical devices\",\"authors\":\"H. V. Stockhausen, M. Rose\",\"doi\":\"10.1109/ICSA-C50368.2020.00043\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper is a case study describing our practical experience in the area of cybersecurity for medical devices. We describe how Siemens Healthineers uses a continuous security patch delivery model in a regulated market across 15+ business lines which cover our huge portfolio of imaging modalities, laboratory and point-of-care instruments. The case study addresses how we have implemented a continuous security patch delivery strategy. The strategy embraces a systematic way of product-specific vulnerability evaluations based on design knowledge and operator-oriented risk communication which are the novel aspects of this work. Focusing on the ‘real’ cybersecurity risks in the early phase of the continuous delivery process leads to reduced cost for post-market management of medical devices. The paper also describes how this dynamic, continuous and highly automated approach is intended to satisfy the current and future demands of the National Telecommunications and Information Administration (NTIA) the existing FDA post-market guidance and the upcoming revision of the FDA pre-market guidance on cybersecurity to provide operators with a “software bill of material” (SBOM).\",\"PeriodicalId\":202587,\"journal\":{\"name\":\"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)\",\"volume\":\"531 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSA-C50368.2020.00043\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSA-C50368.2020.00043","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Continuous security patch delivery and risk management for medical devices
This paper is a case study describing our practical experience in the area of cybersecurity for medical devices. We describe how Siemens Healthineers uses a continuous security patch delivery model in a regulated market across 15+ business lines which cover our huge portfolio of imaging modalities, laboratory and point-of-care instruments. The case study addresses how we have implemented a continuous security patch delivery strategy. The strategy embraces a systematic way of product-specific vulnerability evaluations based on design knowledge and operator-oriented risk communication which are the novel aspects of this work. Focusing on the ‘real’ cybersecurity risks in the early phase of the continuous delivery process leads to reduced cost for post-market management of medical devices. The paper also describes how this dynamic, continuous and highly automated approach is intended to satisfy the current and future demands of the National Telecommunications and Information Administration (NTIA) the existing FDA post-market guidance and the upcoming revision of the FDA pre-market guidance on cybersecurity to provide operators with a “software bill of material” (SBOM).
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
