37
William Hagestad II THE FUTURE OF CYBER WARFARE IN HEALTHCARE 2018 © The MedTech Forum. All rights reserved - Reproduction in whole or in part is prohibited. 2018 © The MedTech Forum. All rights reserved - Reproduction in whole or in part is prohibited. 2018 © The MedTech Foru r in part is prohibited. m. All righ on in whole or ts reserved - Reproduction ch Forum. All rig ction in wh

24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

William Hagestad II

THE FUTURE OF CYBER WARFARE IN

HEALTHCARE

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 2: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

THE FUTURE OF CYBER WARFARE IN HEALTHCARE

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 3: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

SmithsMedicalhasanestablishedcybersecurityengineeringteamproactivelyapplyingbothPre- andpostMarketGuidanceforthecybersecurityofmedicaldevicesasencouragedbytheCyberDivisionoftheFDA

Current&FutureState:• Recruitandhiredinternationallyrecognizedwhitehathacker• Builtnationallyrecognizedcybersecurityengineeringprogramwith:

• Nobudget,criticalthinking,experienceandwilltosucceed;• FDACyberDirectoraterequestedSmithsMedicalleadership:

• CoordinatedDisclosureTTX’sinMinneapolis&McClean,VA• DisclosedResponsibly10CVEs:

• Advisory(ICSMA-16-306-01)• SmithsMedicalCADD-SolisMedicationSafetySoftwareVulnerabilities• Advisory(ICSMA-17-250-02)SmithsMedicalMedfusion 4000WirelessSyringeInfusionPumpVulnerabilities(SEP2017)

• Activelyassessmedicaldevicesforbothclinicalandtechnologicalcybersecuritycyberthreats

Cybersecurity Engineering

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 4: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

MedicalDeviceCyberSecurityMaturity

https://krebsonsecurity.com/2015/04/whats-your-security-maturity-level/

21MARCH2016 13JANUARY2018

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 5: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

https://media.licdn.com/mpr/mpr/AAEAAQAAAAAAAAoPAAAAJDE1MGNjZThhLTgwM2MtNGE5NS1iMDkyLTA3YTc3OGUyZTg4OQ.jpg

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 6: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

https://www.ic3.gov/media/2015/150910.aspx

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 7: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

AdversariesinCyberSpace– ATaxonomy

CyberSecurityEngineering

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 8: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

WorstCaseScenario….

CyberSecurityEngineering

波音飛機被黑客入侵BoeingairplanehackedbyDHS…

Whatif…

- HVPonboardaircraftconnectedtovulnerablemedicaldevice…

- NationStateHackertargetsHVP…- Jumpsfromhackedmedicaldevice….- ToLinux-basedinflightentertainment

system…- Jumpsfromeasilycompromisedinflight

entertainmentsystem…- Toaircraftflightcontrols…- Controlsdescentofaircraft…- AugersaircraftintometropolitanCBD…- HackeddevicebecomespartofaWMD

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 9: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

https://medicaldialogues.in/indian-origin-doctor-warned-against-uk-health-service-cyber-hack/http://www.intelligentedu.com/computer_security_for_everyone/18-threats-attacks-hackers-crackers.html

WhatisSecurity?

HowshoulditapplytoMedicalDeviceManufacturers(MDM)?

HowdoesitapplytoHealthcaredeliveryOrganisations(HDO)?

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 10: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 11: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

Ransomware• WannaCry• Petya/NotPetya

• Applycommoncybersecurityengineeringbestpractices;

• Assumeanyconnecteddeviceisvulnerable;• Becomeahardtargetagainstskilledadversaries…• Fundamentalsituationalawareness….

http://time.com/4783910/why-a-global-cyber-crisis-stalled-this-time/

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 12: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

http://www.hitachi.com/hirt/publications/hirt-pub17008/index.html

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 13: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 14: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

http://blog.trendmicro.be/wp-content/uploads/2017/06/petya4.png

Petya/NotPetya

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 15: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

Activecybersecurityparticipationfromleadership…

Fromstatementcreationtopublishingonexternalwebsite2hours–IncredibleevenwithbothCEOtraveling,nocorporatecommunicationsstaffandyourstrulyenroute toanFDAevent

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 16: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

OverwhelmingGuidance's&Standards…

https://www.assured.enterprises/nist-baldrige-cybersecurity-guidelines/

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 17: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

ComparingMedicalDeviceCybersecurityRequirements:

http://blog.cm-dm.com/post/2016/10/24/Cybersecurity-in-medical-devices-Part-1-Regulations

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 18: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

• Directive95/46/ECoftheEuropeanParliamentandoftheCouncilof24October1995ontheprotectionofindividualswithregardtotheprocessingofpersonaldataandonthefreemovementofsuchdata…

EuropeanUnion…ProtectionofPersonalData

• GeneralDataProtection Regulation(GDPR)….

AfterfouryearsofpreparationanddebatetheGDPRwas finallyapproved bytheEUParliamenton 14April2016.Itwillenterinforce20daysafteritspublicationintheEUOfficialJournalandwillbedirectlyapplicationinallmembersstatestwoyearsafterthisdate.Enforcementdate: 25 May2018 - atwhichtimethoseorganizationsinnon-compliance willface heavyfines.

https://www.eugdpr.org/

https://www.lepide.com/infographics/gdpr-compliance-checklist.html

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 19: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

• ApplicableDirectives– forEuropeanMedicalIndustry• CouncilDirective93/42/EEC of14June1993concerningmedicaldevicesOJL169of12July1993

EuropeanUnion… MedicalDevicesSpecific

https://ec.europa.eu/growth/sectors/medical-devices/guidance

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CONSLEG:1993L0042:20071011:en:PDF

WhilethereareEuroCommissiondirectives…

Also,ISO’s…

July2012ENISO14971:2012,Medicaldevices— Applicationofriskmanagementtomedicaldevices

AmericanStandards…

May2016 TIR57“Principlesformedicaldevicesecurity– Riskmanagement”

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 20: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

USFood&DrugAdministration– CyberDivisiona) GuidanceforIndustry,FDAReviewersandComplianceonOff-The-ShelfSoftwareUseinMedicalDevices,U.S.

DepartmentofHealthandHumanServices, FoodandDrugAdministration,CenterforDevicesandRadiologicalHealth,OfficeofCompliance,OfficeofDeviceEvaluationissuedSeptember9,1999

b) GuidanceforIndustryCybersecurityforNetworkedMedicalDevicesContainingOff-the-Shelf(OTS)SoftwareissuedJanuary14,2005

c) MedicalDeviceDevelopmentTools,DraftGuidance,FoodandDrugAdministrationStaffissued14November2013

d) ContentofPremarketSubmissionsforManagementofCybersecurityinMedicalDevices,GuidanceforIndustryandFoodandDrugAdministrationStaffissuedOctober2,2014

e) InfusionPumpsTotalProductLifeCycleGuidanceforIndustryandFDAStaffissuedDecember2,2014f) Postmarket ManagementofCybersecurityinMedicalDevices,DraftGuidanceforIndustryandFoodandDrug

AdministrationStaffissuedonJanuary22,2016g) Updatedrecommendationsonsubmittinganew510(k)fordevicemodificationsAugust5,2016h) DecidingWhentoSubmita510KforasoftwarechangetoanexistingdeviceissuedAugust8,2016i) PostmarketManagementofCybersecurityinMedicalDevicesGuidanceforIndustryandFoodandDrug

AdministrationStaffDocumentissuedonDecember28,2016.j) DecidingWhentoSubmita510(k)foraChangetoanExistingDevice,GuidanceforIndustryandFoodandDrug

AdministrationStaffDocumentissuedonOctober25,2017k) DecidingWhentoSubmita510(k)foraSoftwareChangetoanExistingDevice,GuidanceforIndustryandFood

andDrugAdministrationStaffDocumentissuedonOctober25,2017

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 21: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

USFood&DrugAdministration– CyberDivision

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 22: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

THEFUTUREOFCYBERWARFAREINHEALTHCARE• Globalenvironmentisveryasymmetric&challenging…• MedicaldevicesconsideredpartofIoT…whyisthisimportant?

• IoTconsideredpartofCriticalInfrastructureProtection…byEU&manynations

• Vulnerablemedicaldevices=IoT…Leadingtonationalsecuritythreats…

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 23: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

HealthcareDeliveryCyberSecurityLeadershipActions

Wirelessinfusionpumpecosystems,ifnotsecuredproperly,canpossiblycontributetothefollowingHDOcyberrisks;

• accessbymaliciousactors• lossorcorruptionofenterpriseinformationandpatientdataandhealth

record• abreachofprotectedhealthinformation• lossordisruptionofhealthcareservicesviaransomware

o (e.g.;WannaCry &Petya)orotherknowncommonvulnerabilities&exploits(CVE)

• damagetoanorganization’sreputation,productivity,andbottom-linerevenue

Skyisnotfalling….orhasitalreadyfallen….?

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 24: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

MedicalDeviceThreatVectors

Data Device NetworkNoDataBackup InsecureConfigurations InsecureNetwork

Configurations

NoDataIntegrity HardcodedPasswords InsufficientFirewallRules

No DataValidation NoTamperDetection UnencryptedNetworkCommunication

WeakAuthentication InsufficientPatching LackofSegmentation

WeakAuthorization LegacyOperatingSystems LackofSegregation

NoAnti-VirusProtection

Weak/InsufficientAccessControl

Indefensible BIOS

MinimaltoZeroLogging

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 25: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

HEALTHCARE ALREADYINVOLVEDINFUTURECYBERWARFARE

• Strategic&TacticalChallenges…

• MedicalDevicesareconsideredvulnerableIoTdevices• Delayedthreatintelsharing-• MedicalDeviceManufacturersslowtoimplementcybersecurityengineering– 2years

NEWinmostcases• HealthCaredatabreachescostlycybercrime– Currentannualsunkcost$7.3BNEuros• HealthCarerecordsveryvaluabletocybercriminals,moresothanpersonalfinancialdata• Ransomwareclearandpresentdanger–

• WannaCry,NotPetya

• NationStates– DemocraticPeople’sRepublicofKoreamotivatedtoinfectIoTviaransomware20

18 ©

The M

edTe

ch F

orum

. All r

ights

rese

rved -

Rep

rodu

ction

in w

hole

or in

part

is pr

ohibi

ted.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 26: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

HEALTHCARE CYBERWARFAREvsMEDICALDEVICEMANUFACTURERS

PATIENTCAREANDPATIENTSAFETYMUSTBEASHAREDPRIORITYOFEFFORT!

• Differentexpectationsforcecybersecuritychange…

http://www.frost.com/c/10024/home.do

OurDevicesaregoodenough…

Clinicalusenotcyberuse….Noonewould

useourdevicesforintentionalharm…

YourDevicesareperfectforClinicaluse…Cyberuse….Well,weneedtodelivercare

notcybersecurityYour devicescouldbeusedforintentional

harm…

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 27: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdfhttps://csrc.nist.gov/publications/detail/sp/800-53/rev-5/drafthttps://www.nist.gov/cyberframework/csf-reference-toolhttps://nccoe.nist.gov/sites/default/files/library/sp1800/hit-infusion-pump-nist-sp1800-8-draft.pdf

CybersecurityEngineeringTasks

FDAGuidance- PostmarketManagementofCybersecurityinMedicalDevices

NISTSpecialPublication800-30RiskManagementGuideforInformationTechnologySystemsRevision12012

NISTSP800-53Rev.5(DRAFT) SecurityandPrivacyControlsforInformationSystemsandOrganizations

ApplyNIST’sCybersecurityFramework(CSF)Version1.1(DRAFT)&NISTCybersecurityFramework(CSF)ReferenceTool

MemberofNationalHealth– InformationSharingandAnalysisCenter(NH-ISAC)

FDArecommendedVulnerability&Coordinated//ResponsibleDisclosurePolicies

ParticipateinNISTNationalCyberCenterofExcellence(NCCoE)medicalinfusionpumpevaluationprogram–NISTSPECIALPUBLICATION1800-8SecuringWirelessInfusionPumpsInHealthcareDeliveryOrganizations

Importance//Relevance

BeginbuildingcontinuityofcybersecurityengineeringaroundSmiths-MedicalinfusionpumpsinaccordancewithFDADraftGuidance– NOTOPTIONAL

MedicalInfusionPumpRisk&VulnerabilityAssessments-Comprehensiveselfassessmentofourentiremedicalinfusionpumparchitecturedeterminingknowncybersecurityvulnerabilitiesofmedicalinfusionpumparchitecture… Throughtacticalcybersecurityactionsidentify&understandrisks

MapNISTSecurityControlstoDeviceDesignControls,mitigateknownvulnerabilitiesinordertoproactivelymitigateALLcyberrisktopatients

Utilise crosswalkfunctionalityofNISTCSFRefToolmappingtocybersecurityengineeringstandards

AchievecollaborativesituationalawarenessofcybersecuritythreatsdirectlyimpactingUShealthcarecommunity–actionablecyberintelligenceparticipation

Createproactivepublicidentificationandhandlingcapabilitytoidentifycyberrisks&vulnerabilitiestoSmiths-Medicalinfusionpumps

Drive&participateincybersecuritystandardsinwirelessenvironmentsformedicalinfusionpumps

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 28: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

ReviewofSmith’sMedicalriskassessmentsusingNISTSP800-57

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 29: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

ReviewofSmith’sMedicalriskassessmentsthroughNISTSP800-30…Strategic&tacticalcomponentsofourriskmanagementframework

http://broadleaf.com.au/wp-content/uploads/2014/05/2014-05-23-Managing-disruption-related-risk-600x414.png

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 30: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

Howweconductrisk&vulnerabilityassessmentsofmedicalinfusionpumps

a. IdentifyknownCommonVulnerabilitiesandExposures(CVE)

b. CategorizeCVEsbytechnologycomponent

c. Identifyprimary&secondarycompensatingcontrols

d. Assignriskevaluationparameters…traditionallythe5x5matrixi. Severity(s)ii. Probability(p)

iii. Detection(d)

e. CalculateRiskProbabilityNumber(RPN)for;i. Primarycompensatingcontrols– existingdesignedsecurityii. Secondarycompensatingcontrols– futuredesignsecurity

f. CalculateCommonVulnerabilityScorebaseduponCVSSversion3.0(2015)

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorhttps://www.certsi.es/en/blog/cvss-3-en

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 31: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

NISTSP800-30Rev1.02012

AdversaryCapabilityAssessmentReferenceTables

(a) CYBERADVERSARYCAPABILITIES&CHARACTERISTICS(b)CYBERADVERSARYINTENTCHARACTERISTICS(c)CYBERADVERSARYTARGETINGCHARACTERISTICS(d)RANGEOFEFFECTSFORNON-ADVERSARIALTHREATSOURCES

AdversaryThreatEventsReferenceTables

a) ThreatEvents(CharacterizedbyTactics,Techniques/Technology&Procedures/Protocols- TTPs)

b) DescriptionofAdversarialThreatEvent

USGovernmentReferencePublicationforthesethreatassessmenttablesisprovidedbyNISTSpecialPublication800-30GuideforConductingRiskAssessments.Available@:http://csrc.nist.gov/publications/nistpubs/800-30-rev1/sp800_30_r1.pdf

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 32: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

CategoriesofRiskControl

RISK - combination of probability of occurrence of harm & severity of harmHAZARD - potential source of harmHAZARDOUS SITUATION - circumstance in which people, property, or environment are exposed to one or more hazard(s)HARM - physical injury or damage to the health of people, or damage to property or environmentSEVERITY - measure of possible consequences of a hazardRISK ANALYSIS - systematic use of available information to identify hazards & estimate the riskRISK ESTIMATION - process used to assign values to the probability of occurrence of harm & severity of that harmRISK EVALUATION - process of comparing estimated risk vs. given risk criteria to determine acceptability of riskRISK ASSESSMENT - overall process comprising a risk analysis and a risk evaluationRISK CONTROL - process in which decisions are made and measures implemented by which risks are reduced to, or maintained within, specified levelsRESIDUAL RISK - risk remaining after risk control measures have been taken

https://blog.greenlight.guru/iso-14971-medical-device-risk-management

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 33: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

CommonVulnerabilityResources

Baseduponnamedexamplesofcommonlyknownvulnerabilities,whichincludes;

i. Vulnerabilitieswithexploitsii. CrossSiteRequestForgeryiii. Sql injectioniv. Memorycorruptionv. GainInformationvi. CodeExecutionvii. FileInclusionviii. CrossSiteScriptingix. HTTPResponseSplittingx. DOSAttackxi. BufferOverflowsxii. GainPrivilegexiii. DirectoryTraversalxiv. Bypass‘something’

https://www.cvedetails.com/index.phphttps://www.tenable.com/sc-dashboards/cvss-temporal-risk-heat-map

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 34: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

CommonVulnerabilityResources– USGOV

https://ics-cert.us-cert.gov/content/overview-cyber-vulnerabilitieshttps://www.us-cert.gov/related-resources

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 35: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

CommonVulnerabilityResources

https://www.owasp.org/images/3/3c/OWASP_Top_10_-_2017_Release_Candidate1_English.pdf

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 36: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

ENDGAME….

http://www.hitachi.com/hirt/publications/hirt-pub17008/index.html

- PreventingHarmPatients– MostImportant!- Deterring,PreventingmoreRansomware

incidentssuchWannaCry orPetya/NotPetya

- Designingcybersecurityintomedicaldevices,notasanafterthought…

- DesiredFutureState…

- Teach,mentor&Encouragesmallermanufacturers;

- MoreactiveparticipationbyallofSmithsMedical;

- DesireforanFDACyberassistvisit…

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

Page 37: 24 1515 THE FUTURE OF CYBER WARFARE Hagestadprogramme.europa-organisation.com/slides/programme_medtechforum-2018/2… · 2018/1/13  · Smiths Medical has an established cyber security

Thank you

BillHagestad,

SeniorPrincipalCyberSecurityEngineering

Questions / Feedback?

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.

2018

© The

Med

Tech

For

um. A

ll righ

ts re

serve

d - R

epro

ducti

on in

who

le or

in pa

rt is

proh

ibited

.