“The Devil is in the Detail”: How those involved with securing medical devices threat model

Abstract

Quals talk:

Healthcare is facing increasing attacks due to limited security resources and large attack surfaces. One area of concern is medical devices, which are responsible for keeping patients alive and alleviating disease. These devices have the potential to cause not only patient harm but potentially patient death. Threat modeling is a formal security process that allows users to elicit potential threats to a system and identify security controls, ensuring devices are "secure by design". It also can be used to identify potential safety risks that might occur from a security incident. Additionally, regulators, such as the FDA, have begun to require medical device manufacturers to submit threat models as part of the device approval process. However, medical device developers have found threat modeling challenging to adopt for their setting. Many need help understanding how to use threat models in their more traditional safety hazard analysis. In this talk, I will highlight an interview study that we conducted with medical device security experts. We wanted to understand how they threat model and the unique threats medical devices face. Through this work, we have identified a shared mental model used by these experts that practitioners can adapt into a threat modeling framework. We also found supporting evidence that dissimilar experience backgrounds lead to different focus points and approaches to threat elicitation, which allows for a more comprehensive picture.

Research area: Cyber-Physical Security, Human Factors