Development of Secure and Safe
Connected Medical Devices
The MedSecurance project focuses on new technologies that address cybersecurity and safety assurance challenges for connected medical devices in the context of emerging healthcare architectures.
Challenges in Developing Safe and Secure Connected Medical Systems
1. Diversity of Operational Environments
2. Vulnerability of Connected Devices
3. Safety and Security Interdependency
4. Reliability and Resilience
MedSecurance will develop novel methodologies, infrastructures, and technologies that enable an effective, harmonious and continuous development and evolution of secure system engineering management activities in Internet of Medical Things (IoMT).
The overarching objective is to advance fundamental knowledge and understanding of decision making in diverse IoMT threat landscapes based on different system and component level interactions. This can be accomplished via the development of a novel holistic strategy that considers the interdependence of several IoMT subsystems, information exchange, risk thresholds, and regulatory ramifications.
The project will deliver scalable and verifiable secure system engineering management solutions that capture, communicate, and act on these complexities in order to improve decision-making in cyber defense while automating cybersecurity assurance will be provided.
MedSecurance Project Approach
Systematic review, concept, and gap analysis of security approaches for the Internet of Medical Things (IoMT)
Requirements and design of harmonised tools and methods for the unification of automated security and safety assurance for certification of IoMT
Development of a Security Assurance Automation Toolbox
Verification and Validation of the methods and tools by Industry
Updated MDCG regulatory recommendations, industry access and engagement of stakeholders
A systematic review of security and safety standards and guidelines applicable to both healthcare and health IT systems in general. The analysis will identify the main recommendations and concepts behind each standard and will perform a gap analysis with respect to the MDCG 2019-16 regulatory guidelines. Additionally, an elaboration and analysis of typical and alternative architectures for IoMT will be performed to include system-driven risk-based threat modelling, vulnerability analysis, fault tree, Failure Mode and Effect Analysis (FMEA), and architectural patterns that substantially support specific classes of safety and security properties. The purpose is to define and implement the appropriate processes and workflows based on best practices and compliant with existing legal and regulatory ramifications in both security engineering and resilience lines of effort.
The project will examine modelling the integrated risk assessment approach proposed by ENISA, along with modelling the minimum viable security concepts required for assurance, which will be found in the literature. This will harmonize different security approaches and allow the transformation of terminology used in legacy certifications and the application of different standards. Assurance Automation design encompasses architectural, behavioural and communication modelling, semantic modelling (ontologies), modelling of essential characteristics, trust modelling of interfaces (contracts), as well as characterization of vulnerabilities analysis of design and implementation representations (design and code) to verify essential characteristics and marshalling of demonstrably sufficient evidence to support medical device safety/security certification (assurance cases).
Develop assurance cases patterns and blueprints that are composable to demonstrate satisfaction of conformance with standards, regulations, legal obligations, and security-for-safety objectives by incorporating evidence from the architecture, design and implementation analyses of medical device connectivity solutions. In addition, the project will look at the interoperability software standards used in healthcare, and will implement interfaces that will assure the secure integration of components when their individual contracts are satisfied by their respective manufacturers. This will include developing of FHIR profiles for security assurance, and code security review and implementation of RESTful code (which is the main standard in healthcare). A related tool will allow the generation of secure code based on the different data exchange configurations.
Industry validation of new risk assessment and security assurance methods and tools will take place in the context of the MedSecurace. Pilot case evaluations by multiple Medical Devices suppliers under three project Use Cases for evaluating automated security assurance tools and methods. An appropriate architecture for implementing the process and enabling traceability between the system-level and component-level security requirements in IoMT via the programme will be developed.
The project will propose updates to the guidance that will bridge the gaps that will be identified. Furthermore, the project will expand the guidance, offering specific methods to be used (or references to standards) appropriate for each stage of the lifecycle and each architecture. Trade-off studies among alternative implementation technologies to inform choices will be needed to provide rationale for those choices. The proposed lifecycle and methods will correspond to a minimum assurance justification that will be identified by the prevailing certification authority. The project will incorporate a co-production approach identifying appropriate stakeholders who will offer knowledge and expertise, including regulators, manufacturers as well as operators of medical devices and healthcare facilities.