Last October, the Food and Drug Administration (FDA) issued an update to Guidance on Content of Premarket Submission for Management of Cybersecurity in Medical Devices – initially drafted in 2014. The guidance applies to medical device manufacturers (MDMs), stressing the importance of building security practices into the design of new connected medical devices.
The draft guidelines were sent out for public comment to industry stakeholders – including federal agencies, manufacturers, researchers, and leaders in cybersecurity. During this period, Keyfactor collaborated with the FDA to further refine the guidance based on our extensive experience working with cybersecurity and medical devices.
While the final guidance has not yet been published, there are practical steps that manufacturers and software developers can take today. These measures are important both in terms of FDA compliance and protecting the security of patients that rely on these devices.
Why Medical Device Manufacturers Can’t Wait for FDA Regulation
Hackers don’t wait for standards – they aim to stay ahead of them. It will likely be several months until the FDA cybersecurity guidance is finalized and published, but certain security measures will undoubtedly remain a core part of the document – including encryption and authentication. Unless these security controls are implemented, weaknesses will continue to be exploited by hackers and security researchers.
Device manufacturers should incorporate cybersecurity provisions from the draft guidance into their medical devices now. These proactive steps will help MDMs ensure an efficient pre-market review, prevent undue costs or delays in time to market and protect investments in next-gen devices.
PKI: A Proven Technology
Cybersecurity for medical devices starts at design – FDA cybersecurity guidance is clear on this. To build devices that are ‘secure by design,’ it is critical that medical device manufacturers:
- Embed a trusted identity into each device.
- Verify software and firmware updates, and
- Use strong cryptographic techniques.
Fortunately, all of these goals can be achieved by one proven technology – digital certificates.
Public key infrastructure (PKI) and the use of digital certificates has proven that it can scale with the widespread use and success of SSL/TLS across the Internet. Most IoT devices use common protocols that support the use of digital certificates for TLS encryption and authentication, making PKI an ideal choice for device manufacturers to secure identity at scale.
PKI: How Does It Work
PKI and the appropriate use of digital certificates allows manufacturers to enforce strong authentication, data encryption, and signing of firmware and software updates – all with a minimal footprint on the device itself.
The device itself can include a client authentication certificate, which allows it to securely and uniquely identify itself to other entities and devices in the healthcare ecosystem. Devices, gateways, and applications can then be configured to trust the device based on the authentication certificate. By binding a unique digital identity to each device, manufacturers can ensure that illegitimate devices cannot communicate with their systems. Digital certificate and private keys firmly distinguish all of the legitimate devices that are communicating.
2.) Code Signing
Once a device is deployed, manufacturers must be able to provide secure updates. This is where code signing comes in.
When a device receives a software or firmware update, that code can be signed with a digital signature. The device can verify this signature using a digital certificate, ensuring that only trusted updates from the manufacturer can be installed.
During the lifespan of a device, the sheer volume of data collected, analyzed and shared is immense. Digital certificates ensure that any data generated on the device can be securely encrypted – even someone with full access cannot read or decrypt it. Only when the data is transmitted to a trusted server with the matching decryption key can it be read.
With these common patterns of data flow and trust management, the use of digital certificates can effectively address many of the FDA’s regulatory requirements. More importantly, it offers a real security advantage to the manufacturer and assures users that hackers cannot access wearable or implantable medical devices.
Why Crypto-Agility is Key
When using digital certificates to secure medical devices, it is important to plan for the future. Cryptographic algorithms and keys inevitably weaken over time. Devices expected to maintain integrity for the years ahead must be manufactured on the assumption that the cryptography used today will not be effective over its entire lifetime.
Even today there are challenges – all certificates expire, private keys can be compromised, and keys lose strength. For devices expected to last more than a year or two, this inevitably means that replacement of keys and certificates (known as ‘crypto-agility’) must be supported.
Want to learn more? Discover 6 practical steps you can take today to address FDA pre-market guidance for medical device security.