Hacking: FDA is developing a ‘cybersecurity laboratory’

Hacking: FDA developing a 'cybersecurity laboratory'

Medical device makers would do well to fortify their cybersecurity strategies in preparation for the extra layers of software testing and review in development at the FDA.

Federal healthcare regulators have solicited bids from security group Codenomicon Defensics to help build a "cybersecurity laboratory" where regulators can take a closer look at software bugs and weaknesses in medtech systems. Codenomicon’s systems will subject devices to "fuzz testing," barraging the software in search of defects or vulnerabilities that could leave a system open to attack.

"This is excellent news for the medical device industry," Codenomicon CEO David Chartier said in prepared remarks. "Cybersecurity for medical devices has been lacking in standardized testing procedures, and the FDA introducing fuzz testing capabilities is big step forward."

The contract came in the weeks after the FDA issued new guidance asking that device makers remain "vigilant" about cybersecurity and that companies document their efforts and submit them for review of new devices. Although the FDA stopped short of recommending specific actions or setting security standards, the action gave the agency leverage in potentially rejecting new technologies that don’t demonstrate sufficient reliability or security in their software.

With the FDA’s July 21 solicitation solicitation, device makers can begin predicting how cybersecurity oversight may play out. The agency is tracking down bugs, it says, testing new products for software vulnerabilities that could cause a device to behave erratically or allow an unknown attacker to access the system or take it over entirely. Fuzzing techniques bombard systems with malformed or unexpected inputs in search of weak points.

It was a pretty basic fuzzing attack that security researchers said brought down a Philips (NYSE:PHG) Xper hospital management system under the force of only 6 lines of code that took just a few days to find and exploit. Security experts Billy Rios and Terry McCorkle, who usually test security in industrial control systems, divulged that hack earlier this year after discovering that they could crash the systems, manipulate them and possibly use them as a gateway to access and hack other networked devices.

The key to avoiding similar issues is a matter of subjecting systems to such attacks during the test phase, so that they can better stand up to the barrage of inputs that may come from attackers or even benign sources.

"That’s the piece that’s missing," McCorkle told MassDevice.com in an interview earlier this year. "You don’t have robust testing behind the scenes."

"Some bugs are exposed and fixed during the testing phase of a software development process," the FDA noted. "The bugs that slip past the testing phase without being found and fixed are unknown vulnerabilities and can be triggered, sometimes with catastrophic results, after the product release."

The agency selected Codenomicon’s fuzzing suite because it subjects systems to a slew of tests and generates output reports defining potential weaknesses and even solutions. The fuzzing program also runs on a popular Java code application that means it’s easy to deploy on the FDA’s existing computers.

The FDA requested Codenomicon tools to test Bluetooth connections, WiFi clients, HTTP servers. The agency also asked for a few radio and Bluetooth transmitters and some training and implementation services.

"When software is fuzz tested proactively, vulnerabilities can be found and fixed before deployment, resulting more secure and robust, high quality software," the FDA said. "Fuzz tested product has less critical vulnerabilities that need to be patched. This means less cost from patch development and release, and product recalls."

RSS From Medical Design & Outsourcing

  • Vicon captures a new development in motion capture (mocap)
    Vicon announced the launch of its new flagship camera platform, the Vicon Vantage. Drawing on over 30 years’ of motion capture (mocap) experience, the Vantage platform combines innovative technology with accessible design to open up motion capture to a broader audience. Vicon is a motion capture technology specialist company for science and life industries. Advances in […]
  • Satel’s latest product sets a new milestone in radio manufacturing
    The new Satelline TR4, from the Finnish manufacturer of radio data transmission systems, Satel sets a new milestone. The compact UHF transceiver with transmitting power of 1,000 mW is compatible with the protocols of Pacific Crest, Trimble and Satel. The type certifications in all important regions of the world make the TR4 ideal for integration […]
  • SCHURTER announces retirement of founder and management changes
    SCHURTER announced the retirement of founder Bruno H. Schurter on June 29, 2015. The company, founded in 1982 in Petaluma, California, will change management effective July 1, 2015. Bruno H. Schurter, president and CEO will retire after 33 years of heading up the privately held company, which is a subsidiary of SCHURTER Holding AG, founded in […]
  • Silicone: Expanding the horizon for modern medical devices
    Editor’s note: This article comes from Albright Technologies a manufacturer of custom silicone prototypes and provides volume production for medical, pharmaceutical, industrial, and other applications. Silicone materials have been around for more than 70 years. Beginning in the 1960s, silicones have played an important and evolving part in products designed for the medical field. Since that time, […]
  • DeNovo Sciences appoints a molecular diagnostics veteran as new CSO
    DeNovo Sciences, a producer of  liquid biopsy products, announced the appointment of Dr. Yixin Wang as Chief Scientific Officer (CSO). Dr. Wang is a veteran in molecular diagnostics where he has played significant R&D roles at large, multi-national companies including Parke-Davis/Pfizer, Veridex/Johnson & Johnson and Ventana/Roche. He will lead strategic initiatives for clinical development of DeNovo’s […]
  • Albright Technologies expands their silicone offerings
    Albright Technologies, a rapid silicone prototyper, has added silicone injection molding tooling and services to its product lineup. Liquid silicone injection molding became a suitable product offering as Albright expanded its offerings to better serve the silicone molding market. While silicone prototypes are commonly manufactured with low volumes in mind; injection molded liquid silicone rubber parts are […]
  • Applied Silver launches SilvaClean, silver treatment for textiles
    Applied Silver, Inc, is launching SilvaClean, a state-of-the-art silver treatment for textiles, at the Association for Professionals in Infection Control and Epidemiology’s (APIC) forty-second Annual Conference taking place at the Music City Center in Nashville, from June 27 through June 29. Hospitals have invested significantly in reducing the potential of infection through products and processes designed […]
  • Two-Component technology for improved quality of life
    In the field of injection molding and mold making, toolcraft covers all processes within the added value chain–from the design and selection of materials through to the creation of finished and qualified products. Complete solutions offered include injection molding for parts in the small and extremely small component areas, e.g. for medical technology. Utilizing two-component […]
  • GDS security protects medical devices from hackers
    As data breaches become more commonplace with serious consequences to personal, corporate and national security, it is clear that there is no shortage of accomplished and effective hackers ready to steal data and trade it on the open market. Global Data Sentinel (GDS) has the ability to provide retroactive security to remove access to email […]
  • BRAEBON and SomnoMed combine products to combat sleep apnea
    BRAEBON Medical Corporation announces that the DentiTrac oral appliance compliance system has passed a regulatory hurdle and is now FDA cleared in the USA for use with the SomnoDent oral device. BRAEBON congratulates SomnoMed for being the first company to achieve this milestone. “We are pleased DentiTrac is launching in the US market. Accurate oral appliance […]
  • For advanced shielded plastic connector solution, ODU delivers with latest product
    ODU, a company which designs and manufactures connector solutions and cable assemblies, is announcing ODU MEDI-SNAP EMC, the advanced shielded plastic connector solutions, to the US market. ODU MEDI-SNAP EMC is the latest addition to ODU’s Push-Pull circular connectors. The advanced medical connector solution is lightweight, autoclavable, sterilizable and it offers a touch proofed housing and reliable […]

Leave a Reply