IEEE Takes Lead in Medical Device Security Standards

Thursday, May 28, 2015

Anthony M. Freed


The Institute of Electrical and Electronics Engineers (IEEE) has taken the lead in medical device security standards with the release of Building Code for Medical Device Software Security, a set of guidelines to encourage companies to establish a secure baseline for medical software development and production practices.

The guidelines were assembled by security research scientists Tom Haigh and Carl Landwehr and are intended to help reduce potential vulnerabilities in medical devices that attackers could exploit.

“Similar to building codes that were developed over centuries to guide the production of physical buildings, the elements contained in Building Code for Medical Device Software Security are intended as the beginning of a model code for software security for the medical device industry,” said Carl Landwehr, IEEE Fellow and Research Scientist.

The organization believes that the responsibility for eliminating embedded vulnerabilities in medical devices and their firmware code rests solely on the manufactures, and the guidelines are meant to help end the current release-discover-patch cycle.

IEEE says that the majority of vulnerabilities in devices today are due to the implementation of coding errors that could easily be avoided or significantly reduced through the use of certain programming languages and the implementation of automated tools for checking the security of code.

“This is just a starting point that developers can use to rule out the most commonly exploited classes of software vulnerabilities during the implementation phase,” Landwehr said.

“There is more work to do, so we encourage the industry to participate in our effort to create a foundation for a more complete code for the medical device industry to apply.”

The guidelines were produced as part of the IEEE Cybersecurity Initiative program, which is designed to develop and share educational tools, events and content for emerging technologies.

This was cross-posted from the Dark Matters blog.

Firewalls IDS/IDP Network Access Control Network->General SCADA General PDAs/Smart Phones
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.