FDA has announced the release of “Playbook for Threat Modeling Medical Devices ,” which was developed by MITRE and the Medical Device Innovation Consortium (MDIC). The playbook is designed to be an educational resource detailing best practices for understanding basic threat modeling and processes, and how to apply them to medical devices.
Threat modeling, FDA says, has become a recognized cybersecurity best practice, both generally and in the medical device subsector specifically. However, threat modeling is complex and involves a specialized set of knowledge and expertise. The playbook aims to help the medical device sector learn how to effectively threat model.
According to MDIC, “A key piece of managing medical device and diagnostic cybersecurity risks is the integration of threat modeling because it “provides a blueprint to strengthen security through the total product lifecycle of the devices, thereby ensuring improved safety and effectiveness of medical products.
In September 2019, FDA awarded funding to MDIC to increase awareness on systematic approaches to threat modeling that would enable manufacturers to effectively address system level risks. This funding enabled MDIC to conduct two threat modeling “bootcamps” for medical device stakeholders in August 2020 and February 2021. MDIC collaborated with other experts to develop the modules for bootcamps.
For several years, MITRE says, FDA has recognized the value of threat modeling as an approach to strengthen the cybersecurity and safety of medical devices. To increase knowledge and understanding of threat modeling throughout the medical device ecosystem, FDA engaged with MITRE, MDIC, and Adam Shostack to conduct the bootcamps and develop the playbook based on the lessons learned.
Using fictional medial devices as examples, the playbook guides medical device OEMs through multiple scenarios and concepts. Direct from the playbook: “The playbook can be used as a resource for threat modeling training within an organization. Individuals can work through the examples, filling in the details left to the reader, applying the different methodologies discussed in the playbook to those gaps, and researching additional approaches using the references in the playbook as starting points.”
MITRE notes that the 91-page playbook is not prescriptive in that “it does not describe one approach to be used when threat modeling medical devices but focuses on general threat modeling principles.” Rather, the playbook provides insights on how an organization can develop or evolve an approach to create threat models in a systematic and consistent way to achieve those objectives. “The playbook provides a foundation that can inform an organization’s threat modeling practices. It is intended to serve as a resource for developing or evolving a threat modeling practice,” says MITRE.
Editor and Director of Medical Content
For a copy of the playbook, go here .