Medical Device Cybersecurity: A Guide for Engineers and Manufacturers
معرفی کتاب «Medical Device Cybersecurity: A Guide for Engineers and Manufacturers» نوشتهٔ Emrah Safa Gürkan و Axel Wirth; Christopher Gates; Jason Smith، منتشرشده توسط نشر Artech House Publishers در سال 2020. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
Cybersecurity for medical devices is no longer optional. We must not allow sensationalism or headlines to drive the discussion… Nevertheless, we must proceed with urgency. In the end, this is about preventing patient harm and preserving patient trust. A comprehensive guide to medical device secure lifecycle management, this is a book for engineers, managers, and regulatory specialists. Readers gain insight into the security aspects of every phase of the product lifecycle, including concept, design, implementation, supply chain, manufacturing, postmarket surveillance, maintenance, updates, and end of life. Learn how to mitigate or completely avoid common cybersecurity vulnerabilities introduced during development and production. Grow your awareness of cybersecurity development topics ranging from high-level concepts to practical solutions and tools. Get insight into emerging regulatory and customer expectations. Uncover how to minimize schedule impacts and accelerate time-to-market while still accomplishing the main goal: reducing patient and business exposure to cybersecurity risks. Medical Device Cybersecurity for Engineers and Manufacturers is designed to help all stakeholders lead the charge to a better medical device security posture and improve the resilience of our medical device ecosystem. Foreword Why Secure Medical Devices? 1.1 The Inspiration for This Book 1.2 The Evolution of Cybersecurity in Health Care 1.3 The Unique Role of Medical Devices 1.4 Regulatory Environment 1.5 Looking Ahead References Establishing a Cybersecurity Focus 2.1 Security Governance 2.1.1 Effective Oversight 2.2 Building a Security-Capable Organization 2.2.1 Strong Governance 2.2.2 Ongoing Testing 2.2.3 Coordinated Vulnerability Disclosure 2.2.4 BOM: Commercial and Open-Source Software Governance 2.2.5 Maturity Road Map 2.2.6 Security Designed In 2.2.7 Section Summary 2.3 Regulations and Standards 2.3.1 Regulatory Considerations 2.3.2 Standards 2.4 Security and Lifecycle Management: High-Level Overview 2.4.1 Coordination between the Four Lifecycles 2.5 Regular Review of Security Maturity References Supply Chain Management 3.1 Upstream Supply Chain Management 3.1.1 Counterfeit Electronic Components 3.1.2 Third-Party Software Components 3.2 Security Criteria for Approved Supplier Lists 3.3 Downstream Supply Chain Management References Medical Device Manufacturers’ Development Cycle 4.1 Introduction 4.2 Secure Lifecycle Diagram Overview 4.3 Threats vs. Vulnerabilities 4.4 Development Lifecycle: Concept Phase 4.4.1 Incremental Improvements and Secure Development 4.5 Development Lifecycle: Planning Phase 4.5.1 Security Goals 4.6 Development Lifecycle: Requirements Phase 4.6.1 Safe Harbor vs Full Encryption 4.7 Development Lifecycle: Design Phase 4.7.1 Design Phase Activities 4.7.2 Introduction to Vulnerability Scoring 4.7.3 Mitigations 4.7.4 Vulnerability Scoring 4.7.5 Scoring Rubrics 4.7.6 Alternative Approaches to Scoring 4.7.7 Informal Approaches to Vulnerability Assessment 4.8 Development Lifecycle: Implementation Phase 4.9 Development Lifecycle: Verification and Validation Phase 4.10 Development Lifecycle: Release Phase/Transfer to Production 4.10.1 Three Different Transfer Models 4.11 Development Lifecycle: Sales Phase 4.12 Development Lifecycle: End of Life Phase References Secure Production and Sales for Medical Device Manufacturers 5.1 Production 5.1.1 Production Line Functionality Left Enabled in a Shipped Device 5.1.2 Factory Service and Rework 5.1.3 Securing Production Infrastructure 5.2 Security Considerations in the Sales Process 5.2.1 MDS2 5.3 Cybersecurity in Contracts 5.4 Managing End of Life References Medical Device Manufacturer Postmarket Lifecycle 6.1 Understanding FDA Expectations 6.2 Postmarket Surveillance and Related Activities 6.2.1 Monitoring TPSC Vulnerabilities 6.2.2 Coordinated Vulnerability Disclosures 6.2.3 Engagement with End-Users 6.2.4 ISAO 6.3 Updating Devices in the Field 6.4 Product Recalls References HDO Lifecycle 7.1 Preprocurement Phase 7.2 Procurement Phase 7.3 Deployment Phase 7.4 Operations Phase 7.5 Decommissioning Phase 7.6 Special Scenarios 7.7 Summary References Documentation and Artifacts 8.1 Overview of Secure Development Deliverables 8.2 System Security Plan 8.3 Design Vulnerability Assessment 8.4 System Security Architecture 8.5 Interface Control Document 8.6 Testing Reports 8.6.1 Fuzz Testing Report 8.6.2 Static Analysis Report 8.6.3 Penetration Testing Report 8.6.4 Boundary Testing Reports 8.7 SBOMs 8.7.1 Elements of an SBOM 8.7.2 SBOM Formats 8.7.3 SBOM Applications and Use 8.7.4 SBOM Artifacts 8.7.5 Remaining SBOM Challenges 8.8 System Security Report 8.9 Labeling References Organizational Development of Roles and Responsibilities 9.1 Roles and Responsibilities: Overview and Rationale 9.2 Training and Education 9.3 Communication 9.3.1 Internal 9.3.2 Customer and External-Facing References Security Technology, Tools, and Practices 10.1 Endpoint Security 10.1.1 Antimalware 10.1.2 Host Intrusion Detection and Prevention Systems 10.2 Cryptography 10.2.1 Key Concepts in Cryptography 10.2.2 Applying Cryptographic Technology to Medical Devices 10.2.3 Available Cryptography Tools 10.2.4 Cryptography in Low-Resource Devices 10.2.5 Cryptography—Conclusion 10.4 Securing Communication Mediums 10.4.1 Bluetooth Low Energy 10.4.2 Other Mediums 10.4.3 Hardware and Physical Interface Security 10.5 Network Security 10.5.1 Network Architecture 10.5.2 Firewalls 10.5.3 IDS/IPS Systems 10.5.4 Security Deception: Honeypots 10.5.5 Data Loss Prevention 10.5.6 SSL Inspection 10.5.7 Security Management Tools 10.6 Conclusion: How Are MDMs Making Use of These Technologies? References Select Topics/Deep Dives 11.1 Support Organization Cybersecurity Responsibilities 11.2 Incident Response 11.2.1 Incident Response Plan 11.2.2 Information Sources 11.2.3 Investigation 11.2.4 Triage 11.2.5 Roles and Responsibilities 11.2.6 External Communications 11.2.7 Mitigation Plan 11.2.8 Mitigation Rollout and Tracking 11.2.9 Coordinating with the ISAO during Incident Response 11.2.10 Incident Closure 11.3 Unique Use Environments 11.3.1 Home Care 11.3.2 Military Health Services 11.4 Common Cybersecurity Excuses and Myths Resources Glossary Referenes About the Authors Contributors This Comprehensive Book Provides A Complete Guide For Medical Device Manufacturers Seeking To Implement Lifecycle Processes That Secure Their Premarket And Postmarket Activities. This Step-by-step Book Educates Manufacturers About The Implementation Of Security Best Practices In Accord With Industry Standards And Expectations, Advising The Reader About Everything From High-level Concepts To Real-world Solutions And Tools. It Walks The Reader Through The Security Aspects Of Every Lifecycle Phase Of The Product, Including Concept; Design; Implementation; Supply Chain; Manufacturing; Postmarket; Maintenance; And End Of Life. It Details The Practices, Processes, And Outputs Necessary To Create A Secure Medical Device Capable Of Gaining Regulatory Approval And Meeting Market Entry Requirements.this Book Equips Medical Device Manufacturers With The Knowledge And Capability Required To Produce Secure Products That Anticipate Healthcare Delivery Organizations' (hdos) And Patients' Needs And Expectations, Meet Market-entry Requirements Set By Regulators And Standards Organizations, And Reduce Patient, Hdo, And Manufacturer Exposure To Increasingly Sophisticated Cyber Adversaries.it Explores The Differences Between Cybersecurity In An It/mis Environment Versus The Application And Management Of Cybersecurity During The Development Of An Embedded Product, As Typically Found In The Medical Device Ecosystem. Designers And Manufacturers Learn How To Mitigate Or Avoid Common Cybersecurity Vulnerabilities Frequently Introduced During Development And Production. It Details Regulatory And Customer Expectations For Documentation Artifacts And Deliverables That Demonstrate Cybersecurity Compliance And Features As Well As Regulator Expectations For Postmarket Activities During Device Service Life. Readers Become Aware Of The Growing Sophistication Of Cyber Adversaries Disproportionate To Industry Understanding Of Cybersecurity Exposure And Potential Impacts. This comprehensive book provides a complete guide for medical device manufacturers seeking to implement lifecycle processes that secure their premarket and postmarket activities. This step-by-step book educates manufacturers about the implementation of security best practices in accord with industry standards and expectations, advising the reader about everything from high-level concepts to real-world solutions and tools. It walks the reader through the security aspects of every lifecycle phase of the product, including concept; design; implementation; supply chain; manufacturing; postmarket; maintenance; and end of life. It details the practices, processes, and outputs necessary to create a secure medical device capable of gaining regulatory approval and meeting market entry requirements. This book equips medical device manufacturers with the knowledge and capability required to produce secure products that anticipate healthcare delivery organizations (HDOs) and patients needs and expectations, meet market-entry requirements set by regulators and standards organizations, and reduce patient, HDO, and manufacturer exposure to increasingly sophisticated cyber adversaries. It explores the differences between cybersecurity in an IT/MIS environment versus the application and management of cybersecurity during the development of an embedded product, as typically found in the medical device ecosystem. Designers and manufacturers learn how to mitigate or avoid common cybersecurity vulnerabilities frequently introduced during development and production. It details regulatory and customer expectations for documentation artifacts and deliverables that demonstrate cybersecurity compliance and features as well as regulator expectations for postmarket activities during device service life. Readers become aware of the growing sophistication of cyber adversaries disproportionate to industry understanding of cybersecurity exposure and potential impacts.
دانلود کتاب Medical Device Cybersecurity: A Guide for Engineers and Manufacturers